public class DevicePolicyManager extends Object
SecurityException
will be thrown.
For more information about managing policies for device administration, read the Device Administration developer guide.
Modifier and Type | Class and Description |
---|---|
static interface |
DevicePolicyManager.UserProvisioningState |
Modifier and Type | Field and Description |
---|---|
static String |
ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_ALLOWED |
static String |
ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_DISALLOWED |
static String |
ACTION_ADD_DEVICE_ADMIN
Activity action: ask the user to add a new device administrator to the system.
|
static String |
ACTION_BUGREPORT_SHARING_ACCEPTED
Action: Bugreport sharing with device owner has been accepted by the user.
|
static String |
ACTION_BUGREPORT_SHARING_DECLINED
Action: Bugreport sharing with device owner has been declined by the user.
|
static String |
ACTION_DEVICE_OWNER_CHANGED
Broadcast action: sent when the device owner is set or changed.
|
static String |
ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED
Broadcast action: send when any policy admin changes a policy.
|
static String |
ACTION_MANAGED_PROFILE_PROVISIONED
Broadcast Action: This broadcast is sent to indicate that provisioning of a managed profile
has completed successfully.
|
static String |
ACTION_PROVISION_FINALIZATION
Activity action: Finalizes management provisioning, should be used after user-setup
has been completed and
getUserProvisioningState() returns one of:
STATE_USER_SETUP_INCOMPLETE
STATE_USER_SETUP_COMPLETE
STATE_USER_PROFILE_COMPLETE
|
static String |
ACTION_PROVISION_MANAGED_DEVICE
Activity action: Starts the provisioning flow which sets up a managed device.
|
static String |
ACTION_PROVISION_MANAGED_DEVICE_FROM_TRUSTED_SOURCE
Activity action: Starts the provisioning flow which sets up a managed device.
|
static String |
ACTION_PROVISION_MANAGED_PROFILE
Activity action: Starts the provisioning flow which sets up a managed profile.
|
static String |
ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE
Activity action: Starts the provisioning flow which sets up a managed device.
|
static String |
ACTION_PROVISION_MANAGED_USER
Activity action: Starts the provisioning flow which sets up a managed user.
|
static String |
ACTION_REMOTE_BUGREPORT_DISPATCH
Action: Bugreport has been collected and is dispatched to
DevicePolicyManagerService . |
static String |
ACTION_SET_NEW_PARENT_PROFILE_PASSWORD
Activity action: have the user enter a new password for the parent profile.
|
static String |
ACTION_SET_NEW_PASSWORD
Activity action: have the user enter a new password.
|
static String |
ACTION_SET_PROFILE_OWNER |
static String |
ACTION_START_ENCRYPTION
Activity action: begin the process of encrypting data on the device.
|
static String |
ACTION_SYSTEM_UPDATE_POLICY_CHANGED
Broadcast action: notify that a new local system update policy has been set by the device
owner.
|
static long |
DEFAULT_STRONG_AUTH_TIMEOUT_MS
Default and maximum timeout in milliseconds after which unlocking with weak auth times out,
i.e. the user has to use a strong authentication method like password, PIN or pattern.
|
static int |
ENCRYPTION_STATUS_ACTIVATING
Result code for
getStorageEncryptionStatus() :
indicating that encryption is not currently active, but is currently
being activated. |
static int |
ENCRYPTION_STATUS_ACTIVE
Result code for
setStorageEncryption(android.content.ComponentName, boolean) and getStorageEncryptionStatus() :
indicating that encryption is active. |
static int |
ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY
Result code for
getStorageEncryptionStatus() :
indicating that encryption is active, but an encryption key has not
been set by the user. |
static int |
ENCRYPTION_STATUS_ACTIVE_PER_USER
Result code for
getStorageEncryptionStatus() :
indicating that encryption is active and the encryption key is tied to the user or profile. |
static int |
ENCRYPTION_STATUS_INACTIVE
Result code for
setStorageEncryption(android.content.ComponentName, boolean) and getStorageEncryptionStatus() :
indicating that encryption is supported, but is not currently active. |
static int |
ENCRYPTION_STATUS_UNSUPPORTED
Result code for
setStorageEncryption(android.content.ComponentName, boolean) and getStorageEncryptionStatus() :
indicating that encryption is not supported. |
static String |
EXTRA_ADD_EXPLANATION
An optional CharSequence providing additional explanation for why the
admin is being added.
|
static String |
EXTRA_BUGREPORT_NOTIFICATION_TYPE
Extra for remote bugreport notification shown type.
|
static String |
EXTRA_DEVICE_ADMIN
The ComponentName of the administrator component.
|
static String |
EXTRA_PROFILE_OWNER_NAME |
static String |
EXTRA_PROVISIONING_ACCOUNT_TO_MIGRATE
An
android.accounts.Account extra holding the account to migrate during managed
profile provisioning. |
static String |
EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE
A
Parcelable extra of type PersistableBundle that
allows a mobile device management application or NFC programmer application which starts
managed provisioning to pass data to the management application instance after provisioning. |
static String |
EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME
A ComponentName extra indicating the device admin receiver of the mobile device management
application that will be set as the profile owner or device owner and active admin.
|
static String |
EXTRA_PROVISIONING_DEVICE_ADMIN_MINIMUM_VERSION_CODE
An int extra holding a minimum required version code for the device admin package.
|
static String |
EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM
A String extra holding the URL-safe base64 encoded SHA-256 or SHA-1 hash (see notes below) of
the file at download location specified in
EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION . |
static String |
EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_COOKIE_HEADER
A String extra holding a http cookie header which should be used in the http request to the
url specified in
EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION . |
static String |
EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION
A String extra holding a url that specifies the download location of the device admin
package.
|
static String |
EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME
Deprecated.
Use
EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME . This extra is still
supported, but only if there is only one device admin receiver in the package that requires
the permission android.Manifest.permission#BIND_DEVICE_ADMIN . |
static String |
EXTRA_PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM
A String extra holding the URL-safe base64 encoded SHA-256 checksum of any signature of the
android package archive at the download location specified in
EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION . |
static String |
EXTRA_PROVISIONING_EMAIL_ADDRESS
A String extra that, holds the email address of the account which a managed profile is
created for.
|
static String |
EXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED
A Boolean extra that can be used by the mobile device management application to skip the
disabling of system apps during provisioning when set to
true . |
static String |
EXTRA_PROVISIONING_LOCAL_TIME
A Long extra holding the wall clock time (in milliseconds) to be set on the device's
AlarmManager . |
static String |
EXTRA_PROVISIONING_LOCALE
A String extra holding the
Locale that the device will be set to. |
static String |
EXTRA_PROVISIONING_LOGO_URI
A
Uri extra pointing to a logo image. |
static String |
EXTRA_PROVISIONING_MAIN_COLOR
A integer extra indicating the predominant color to show during the provisioning.
|
static String |
EXTRA_PROVISIONING_SKIP_ENCRYPTION
A boolean extra indicating whether device encryption can be skipped as part of device owner
or managed profile provisioning.
|
static String |
EXTRA_PROVISIONING_SKIP_USER_SETUP
A boolean extra indicating if user setup should be skipped, for when provisioning is started
during setup-wizard.
|
static String |
EXTRA_PROVISIONING_TIME_ZONE
A String extra holding the time zone
AlarmManager that the device
will be set to. |
static String |
EXTRA_PROVISIONING_WIFI_HIDDEN
A boolean extra indicating whether the wifi network in
EXTRA_PROVISIONING_WIFI_SSID
is hidden or not. |
static String |
EXTRA_PROVISIONING_WIFI_PAC_URL
A String extra holding the proxy auto-config (PAC) URL for the wifi network in
EXTRA_PROVISIONING_WIFI_SSID . |
static String |
EXTRA_PROVISIONING_WIFI_PASSWORD
A String extra holding the password of the wifi network in
EXTRA_PROVISIONING_WIFI_SSID . |
static String |
EXTRA_PROVISIONING_WIFI_PROXY_BYPASS
A String extra holding the proxy bypass for the wifi network in
EXTRA_PROVISIONING_WIFI_SSID . |
static String |
EXTRA_PROVISIONING_WIFI_PROXY_HOST
A String extra holding the proxy host for the wifi network in
EXTRA_PROVISIONING_WIFI_SSID . |
static String |
EXTRA_PROVISIONING_WIFI_PROXY_PORT
An int extra holding the proxy port for the wifi network in
EXTRA_PROVISIONING_WIFI_SSID . |
static String |
EXTRA_PROVISIONING_WIFI_SECURITY_TYPE
A String extra indicating the security type of the wifi network in
EXTRA_PROVISIONING_WIFI_SSID and could be one of NONE , WPA or
WEP . |
static String |
EXTRA_PROVISIONING_WIFI_SSID
A String extra holding the ssid of the wifi network that should be used during nfc device
owner provisioning for downloading the mobile device management application.
|
static String |
EXTRA_REMOTE_BUGREPORT_HASH
Extra for shared bugreport's SHA-256 hash.
|
static int |
FLAG_MANAGED_CAN_ACCESS_PARENT
Flag used by
addCrossProfileIntentFilter(android.content.ComponentName, android.content.IntentFilter, int) to allow activities in
the managed profile to access intents sent from the parent profile. |
static int |
FLAG_PARENT_CAN_ACCESS_MANAGED
Flag used by
addCrossProfileIntentFilter(android.content.ComponentName, android.content.IntentFilter, int) to allow activities in
the parent profile to access intents sent from the managed profile. |
static int |
KEYGUARD_DISABLE_FEATURES_ALL
Disable all current and future keyguard customizations.
|
static int |
KEYGUARD_DISABLE_FEATURES_NONE
Widgets are enabled in keyguard
|
static int |
KEYGUARD_DISABLE_FINGERPRINT
Disable fingerprint sensor on keyguard secure screens (e.g.
|
static int |
KEYGUARD_DISABLE_REMOTE_INPUT
Disable text entry into notifications on secure keyguard screens (e.g.
|
static int |
KEYGUARD_DISABLE_SECURE_CAMERA
Disable the camera on secure keyguard screens (e.g.
|
static int |
KEYGUARD_DISABLE_SECURE_NOTIFICATIONS
Disable showing all notifications on secure keyguard screens (e.g.
|
static int |
KEYGUARD_DISABLE_TRUST_AGENTS
Ignore trust agent state on secure keyguard screens
(e.g.
|
static int |
KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS
Only allow redacted notifications on secure keyguard screens (e.g.
|
static int |
KEYGUARD_DISABLE_WIDGETS_ALL
Disable all keyguard widgets.
|
static int |
MAKE_USER_EPHEMERAL
Flag used by
createAndManageUser(android.content.ComponentName, java.lang.String, android.content.ComponentName, android.os.PersistableBundle, int) to specify that the user should be created
ephemeral. |
static String |
MIME_TYPE_PROVISIONING_NFC
This MIME type is used for starting the device owner provisioning.
|
static int |
NOTIFICATION_BUGREPORT_ACCEPTED_NOT_FINISHED
Notification type for a bugreport that has already been accepted to be shared, but is still
being taken.
|
static int |
NOTIFICATION_BUGREPORT_FINISHED_NOT_ACCEPTED
Notification type for a bugreport that has been taken and can be shared or declined.
|
static int |
NOTIFICATION_BUGREPORT_STARTED
Notification type for a started remote bugreport flow.
|
static int |
PASSWORD_QUALITY_ALPHABETIC
Constant for
setPasswordQuality(android.content.ComponentName, int) : the user must have entered a
password containing at least alphabetic (or other symbol) characters. |
static int |
PASSWORD_QUALITY_ALPHANUMERIC
Constant for
setPasswordQuality(android.content.ComponentName, int) : the user must have entered a
password containing at least both> numeric and
alphabetic (or other symbol) characters. |
static int |
PASSWORD_QUALITY_BIOMETRIC_WEAK
Constant for
setPasswordQuality(android.content.ComponentName, int) : the policy allows for low-security biometric
recognition technology. |
static int |
PASSWORD_QUALITY_COMPLEX
Constant for
setPasswordQuality(android.content.ComponentName, int) : the user must have entered a
password containing at least a letter, a numerical digit and a special
symbol, by default. |
static int |
PASSWORD_QUALITY_MANAGED
Constant for
setPasswordQuality(android.content.ComponentName, int) : the user is not allowed to
modify password. |
static int |
PASSWORD_QUALITY_NUMERIC
Constant for
setPasswordQuality(android.content.ComponentName, int) : the user must have entered a
password containing at least numeric characters. |
static int |
PASSWORD_QUALITY_NUMERIC_COMPLEX
Constant for
setPasswordQuality(android.content.ComponentName, int) : the user must have entered a
password containing at least numeric characters with no repeating (4444)
or ordered (1234, 4321, 2468) sequences. |
static int |
PASSWORD_QUALITY_SOMETHING
Constant for
setPasswordQuality(android.content.ComponentName, int) : the policy requires some kind
of password or pattern, but doesn't care what it is. |
static int |
PASSWORD_QUALITY_UNSPECIFIED
Constant for
setPasswordQuality(android.content.ComponentName, int) : the policy has no requirements
for the password. |
static int |
PERMISSION_GRANT_STATE_DEFAULT
Runtime permission state: The user can manage the permission
through the UI.
|
static int |
PERMISSION_GRANT_STATE_DENIED
Runtime permission state: The permission is denied to the app
and the user cannot manage the permission through the UI.
|
static int |
PERMISSION_GRANT_STATE_GRANTED
Runtime permission state: The permission is granted to the app
and the user cannot manage the permission through the UI.
|
static int |
PERMISSION_POLICY_AUTO_DENY
Permission policy to always deny new permission requests for runtime permissions.
|
static int |
PERMISSION_POLICY_AUTO_GRANT
Permission policy to always grant new permission requests for runtime permissions.
|
static int |
PERMISSION_POLICY_PROMPT
Permission policy to prompt user for new permission requests for runtime permissions.
|
static int |
RESET_PASSWORD_DO_NOT_ASK_CREDENTIALS_ON_BOOT
Flag for
resetPassword(java.lang.String, int) : don't ask for user credentials on device boot. |
static int |
RESET_PASSWORD_REQUIRE_ENTRY
Flag for
resetPassword(java.lang.String, int) : don't allow other admins to change
the password again until the user has entered it. |
static int |
SKIP_SETUP_WIZARD
Flag used by
createAndManageUser(android.content.ComponentName, java.lang.String, android.content.ComponentName, android.os.PersistableBundle, int) to skip setup wizard after creating a new user. |
static int |
STATE_USER_PROFILE_COMPLETE
Management partially setup on a managed profile.
|
static int |
STATE_USER_SETUP_COMPLETE
Management partially setup, user setup completed.
|
static int |
STATE_USER_SETUP_FINALIZED
Management setup and active on current user.
|
static int |
STATE_USER_SETUP_INCOMPLETE
Management partially setup, user setup needs to be completed.
|
static int |
STATE_USER_UNMANAGED
No management for current user in-effect.
|
static int |
WIPE_EXTERNAL_STORAGE
Flag for
wipeData(int) : also erase the device's external
storage (such as SD cards). |
static int |
WIPE_RESET_PROTECTION_DATA
Flag for
wipeData(int) : also erase the factory reset protection
data. |
Modifier | Constructor and Description |
---|---|
protected |
DevicePolicyManager(Context context,
IDevicePolicyManager service,
boolean parentInstance) |
Modifier and Type | Method and Description |
---|---|
void |
addCrossProfileIntentFilter(ComponentName admin,
IntentFilter filter,
int flags)
Called by the profile owner of a managed profile so that some intents sent in the managed
profile can also be resolved in the parent, or vice versa.
|
boolean |
addCrossProfileWidgetProvider(ComponentName admin,
String packageName)
Called by the profile owner of a managed profile to enable widget providers from a given
package to be available in the parent profile.
|
void |
addPersistentPreferredActivity(ComponentName admin,
IntentFilter filter,
ComponentName activity)
Called by a profile owner or device owner to add a default intent handler activity for
intents that match a certain intent filter.
|
void |
addUserRestriction(ComponentName admin,
String key)
Called by a profile or device owner to set a user restriction specified by the key.
|
boolean |
approveCaCert(String alias,
int userHandle,
boolean approval)
Mark a CA certificate as approved by the device user.
|
void |
clearCrossProfileIntentFilters(ComponentName admin)
Called by a profile owner of a managed profile to remove the cross-profile intent filters
that go from the managed profile to the parent, or from the parent to the managed profile.
|
void |
clearDeviceOwnerApp(String packageName)
Clears the current device owner.
|
void |
clearPackagePersistentPreferredActivities(ComponentName admin,
String packageName)
Called by a profile owner or device owner to remove all persistent intent handler preferences
associated with the given package that were set by
addPersistentPreferredActivity(android.content.ComponentName, android.content.IntentFilter, android.content.ComponentName) . |
void |
clearProfileOwner(ComponentName admin)
Clears the active profile owner and removes all user restrictions.
|
void |
clearUserRestriction(ComponentName admin,
String key)
Called by a profile or device owner to clear a user restriction specified by the key.
|
static DevicePolicyManager |
create(Context context) |
UserHandle |
createAndInitializeUser(ComponentName admin,
String name,
String ownerName,
ComponentName profileOwnerComponent,
Bundle adminExtras)
Deprecated.
|
UserHandle |
createAndManageUser(ComponentName admin,
String name,
ComponentName profileOwner,
PersistableBundle adminExtras,
int flags)
Called by a device owner to create a user with the specified name and a given component of
the calling package as profile owner.
|
UserHandle |
createUser(ComponentName admin,
String name)
Deprecated.
|
int |
enableSystemApp(ComponentName admin,
Intent intent)
Called by profile or device owners to re-enable system apps by intent that were disabled by
default when the user was initialized.
|
void |
enableSystemApp(ComponentName admin,
String packageName)
Called by profile or device owners to re-enable a system app that was disabled by default
when the user was initialized.
|
void |
forceRemoveActiveAdmin(ComponentName adminReceiver,
int userHandle) |
String[] |
getAccountTypesWithManagementDisabled()
Gets the array of accounts for which account management is disabled by the profile owner.
|
String[] |
getAccountTypesWithManagementDisabledAsUser(int userId) |
List<ComponentName> |
getActiveAdmins()
Return a list of all currently active device administrators' component
names.
|
List<ComponentName> |
getActiveAdminsAsUser(int userId) |
String |
getAlwaysOnVpnPackage(ComponentName admin)
Called by a device or profile owner to read the name of the package administering an
always-on VPN connection for the current user.
|
Bundle |
getApplicationRestrictions(ComponentName admin,
String packageName)
Retrieves the application restrictions for a given target application running in the calling
user.
|
String |
getApplicationRestrictionsManagingPackage(ComponentName admin)
Called by a profile owner or device owner to retrieve the application restrictions managing
package for the current user, or
null if none is set. |
boolean |
getAutoTimeRequired() |
boolean |
getBluetoothContactSharingDisabled(ComponentName admin)
Called by a profile owner of a managed profile to determine whether or not Bluetooth devices
cannot access enterprise contacts.
|
boolean |
getBluetoothContactSharingDisabled(UserHandle userHandle)
Determine whether or not Bluetooth devices cannot access contacts.
|
boolean |
getCameraDisabled(ComponentName admin)
Determine whether or not the device's cameras have been disabled for this user,
either by the calling admin, if specified, or all admins.
|
boolean |
getCameraDisabled(ComponentName admin,
int userHandle) |
String |
getCertInstallerPackage(ComponentName admin)
Called by a profile owner or device owner to retrieve the certificate installer for the user.
|
boolean |
getCrossProfileCallerIdDisabled(ComponentName admin)
Called by a profile owner of a managed profile to determine whether or not caller-Id
information has been disabled.
|
boolean |
getCrossProfileCallerIdDisabled(UserHandle userHandle)
Determine whether or not caller-Id information has been disabled.
|
boolean |
getCrossProfileContactsSearchDisabled(ComponentName admin)
Called by a profile owner of a managed profile to determine whether or not contacts search
has been disabled.
|
boolean |
getCrossProfileContactsSearchDisabled(UserHandle userHandle)
Determine whether or not contacts search has been disabled.
|
List<String> |
getCrossProfileWidgetProviders(ComponentName admin)
Called by the profile owner of a managed profile to query providers from which packages are
available in the parent profile.
|
int |
getCurrentFailedPasswordAttempts()
Retrieve the number of times the user has failed at entering a password since that last
successful password entry.
|
int |
getCurrentFailedPasswordAttempts(int userHandle)
Retrieve the number of times the given user has failed at entering a
password since that last successful password entry.
|
String |
getDeviceInitializerApp()
Deprecated.
Do not use
|
ComponentName |
getDeviceInitializerComponent()
Deprecated.
Do not use
|
String |
getDeviceOwner()
Returns the device owner package name, only if it's running on the calling user.
|
ComponentName |
getDeviceOwnerComponentOnAnyUser() |
ComponentName |
getDeviceOwnerComponentOnCallingUser() |
CharSequence |
getDeviceOwnerLockScreenInfo() |
String |
getDeviceOwnerNameOnAnyUser()
Returns the device owner name.
|
int |
getDeviceOwnerUserId() |
boolean |
getDoNotAskCredentialsOnBoot()
Queries whether
RESET_PASSWORD_DO_NOT_ASK_CREDENTIALS_ON_BOOT flag is set. |
boolean |
getForceEphemeralUsers(ComponentName admin) |
ComponentName |
getGlobalProxyAdmin()
Returns the component name setting the global proxy.
|
boolean |
getGuestUserDisabled(ComponentName admin)
Determine whether or not creating a guest user has been disabled for the device
|
List<byte[]> |
getInstalledCaCerts(ComponentName admin)
Returns all CA certificates that are currently trusted, excluding system CA certificates.
|
List<String> |
getKeepUninstalledPackages(ComponentName admin)
Called by a device owner to get the list of apps to keep around as APKs even if no user has
currently installed it.
|
int |
getKeyguardDisabledFeatures(ComponentName admin)
Determine whether or not features have been disabled in keyguard either by the calling
admin, if specified, or all admins that set restrictions on this user and its participating
profiles.
|
int |
getKeyguardDisabledFeatures(ComponentName admin,
int userHandle) |
String[] |
getLockTaskPackages(ComponentName admin)
This function returns the list of packages allowed to start the lock task mode.
|
CharSequence |
getLongSupportMessage(ComponentName admin)
Called by a device admin to get the long support message.
|
CharSequence |
getLongSupportMessageForUser(ComponentName admin,
int userHandle)
Called by the system to get the long support message.
|
int |
getMaximumFailedPasswordsForWipe(ComponentName admin)
Retrieve the current maximum number of login attempts that are allowed before the device
or profile is wiped, for a particular admin or all admins that set restrictions on this user
and its participating profiles.
|
int |
getMaximumFailedPasswordsForWipe(ComponentName admin,
int userHandle) |
long |
getMaximumTimeToLock(ComponentName admin)
Retrieve the current maximum time to unlock for a particular admin or all admins that set
restrictions on this user and its participating profiles.
|
long |
getMaximumTimeToLock(ComponentName admin,
int userHandle) |
long |
getMaximumTimeToLockForUserAndProfiles(int userHandle)
Returns maximum time to lock that applied by all profiles in this user.
|
int |
getOrganizationColor(ComponentName admin)
Called by a profile owner of a managed profile to retrieve the color used for customization.
|
int |
getOrganizationColorForUser(int userHandle) |
CharSequence |
getOrganizationName(ComponentName admin)
Called by a profile owner of a managed profile to retrieve the name of the organization under
management.
|
CharSequence |
getOrganizationNameForUser(int userHandle)
Retrieve the default title message used in the confirm credentials screen for a given user.
|
DevicePolicyManager |
getParentProfileInstance(ComponentName admin)
Called by the profile owner of a managed profile to obtain a
DevicePolicyManager
whose calls act on the parent profile. |
DevicePolicyManager |
getParentProfileInstance(UserInfo uInfo)
Called by the system to obtain a
DevicePolicyManager whose calls act on the parent
profile. |
long |
getPasswordExpiration(ComponentName admin)
Get the current password expiration time for a particular admin or all admins that set
restrictions on this user and its participating profiles.
|
long |
getPasswordExpirationTimeout(ComponentName admin)
Get the password expiration timeout for the given admin.
|
int |
getPasswordHistoryLength(ComponentName admin)
Retrieve the current password history length for a particular admin or all admins that
set restrictions on this user and its participating profiles.
|
int |
getPasswordHistoryLength(ComponentName admin,
int userHandle) |
int |
getPasswordMaximumLength(int quality)
Return the maximum password length that the device supports for a
particular password quality.
|
int |
getPasswordMinimumLength(ComponentName admin)
Retrieve the current minimum password length for a particular admin or all admins that set
restrictions on this user and its participating profiles.
|
int |
getPasswordMinimumLength(ComponentName admin,
int userHandle) |
int |
getPasswordMinimumLetters(ComponentName admin)
Retrieve the current number of letters required in the password
for a particular admin or all admins that set restrictions on this user
and its participating profiles.
|
int |
getPasswordMinimumLetters(ComponentName admin,
int userHandle) |
int |
getPasswordMinimumLowerCase(ComponentName admin)
Retrieve the current number of lower case letters required in the password
for a particular admin or all admins that set restrictions on this user
and its participating profiles.
|
int |
getPasswordMinimumLowerCase(ComponentName admin,
int userHandle) |
int |
getPasswordMinimumNonLetter(ComponentName admin)
Retrieve the current number of non-letter characters required in the password
for a particular admin or all admins that set restrictions on this user
and its participating profiles.
|
int |
getPasswordMinimumNonLetter(ComponentName admin,
int userHandle) |
int |
getPasswordMinimumNumeric(ComponentName admin)
Retrieve the current number of numerical digits required in the password
for a particular admin or all admins that set restrictions on this user
and its participating profiles.
|
int |
getPasswordMinimumNumeric(ComponentName admin,
int userHandle) |
int |
getPasswordMinimumSymbols(ComponentName admin)
Retrieve the current number of symbols required in the password
for a particular admin or all admins that set restrictions on this user
and its participating profiles.
|
int |
getPasswordMinimumSymbols(ComponentName admin,
int userHandle) |
int |
getPasswordMinimumUpperCase(ComponentName admin)
Retrieve the current number of upper case letters required in the password
for a particular admin or all admins that set restrictions on this user and
its participating profiles.
|
int |
getPasswordMinimumUpperCase(ComponentName admin,
int userHandle) |
int |
getPasswordQuality(ComponentName admin)
Retrieve the current minimum password quality for a particular admin or all admins that set
restrictions on this user and its participating profiles.
|
int |
getPasswordQuality(ComponentName admin,
int userHandle) |
int |
getPermissionGrantState(ComponentName admin,
String packageName,
String permission)
Returns the current grant state of a runtime permission for a specific application.
|
int |
getPermissionPolicy(ComponentName admin)
Returns the current runtime permission policy set by the device or profile owner.
|
List<String> |
getPermittedAccessibilityServices(ComponentName admin)
Returns the list of permitted accessibility services set by this device or profile owner.
|
List<String> |
getPermittedAccessibilityServices(int userId)
Returns the list of accessibility services permitted by the device or profiles
owners of this user.
|
List<String> |
getPermittedInputMethods(ComponentName admin)
Returns the list of permitted input methods set by this device or profile owner.
|
List<String> |
getPermittedInputMethodsForCurrentUser()
Returns the list of input methods permitted by the device or profiles
owners of the current user.
|
ComponentName |
getProfileOwner() |
ComponentName |
getProfileOwnerAsUser(int userId) |
String |
getProfileOwnerName() |
String |
getProfileOwnerNameAsUser(int userId) |
int |
getProfileWithMinimumFailedPasswordsForWipe(int userHandle)
Returns the profile with the smallest maximum failed passwords for wipe,
for the given user.
|
void |
getRemoveWarning(ComponentName admin,
RemoteCallback result) |
long |
getRequiredStrongAuthTimeout(ComponentName admin)
Determine for how long the user will be able to use secondary, non strong auth for
authentication, since last strong method authentication (password, pin or pattern) was used.
|
long |
getRequiredStrongAuthTimeout(ComponentName admin,
int userId) |
boolean |
getScreenCaptureDisabled(ComponentName admin)
Determine whether or not screen capture has been disabled by the calling
admin, if specified, or all admins.
|
boolean |
getScreenCaptureDisabled(ComponentName admin,
int userHandle) |
CharSequence |
getShortSupportMessage(ComponentName admin)
Called by a device admin to get the short support message.
|
CharSequence |
getShortSupportMessageForUser(ComponentName admin,
int userHandle)
Called by the system to get the short support message.
|
boolean |
getStorageEncryption(ComponentName admin)
Called by an application that is administering the device to
determine the requested setting for secure storage.
|
int |
getStorageEncryptionStatus()
Called by an application that is administering the device to
determine the current encryption status of the device.
|
int |
getStorageEncryptionStatus(int userHandle) |
SystemUpdatePolicy |
getSystemUpdatePolicy()
Retrieve a local system update policy set previously by
setSystemUpdatePolicy(android.content.ComponentName, android.app.admin.SystemUpdatePolicy) . |
List<PersistableBundle> |
getTrustAgentConfiguration(ComponentName admin,
ComponentName agent)
Gets configuration for the given trust agent based on aggregating all calls to
setTrustAgentConfiguration(ComponentName, ComponentName, PersistableBundle) for
all device admins. |
List<PersistableBundle> |
getTrustAgentConfiguration(ComponentName admin,
ComponentName agent,
int userHandle) |
int |
getUserProvisioningState() |
Bundle |
getUserRestrictions(ComponentName admin)
Called by a profile or device owner to get user restrictions set with
addUserRestriction(ComponentName, String) . |
String |
getWifiMacAddress(ComponentName admin)
Called by device owner to get the MAC address of the Wi-Fi device.
|
boolean |
hasCaCertInstalled(ComponentName admin,
byte[] certBuffer)
Returns whether this certificate is installed as a trusted CA.
|
boolean |
hasGrantedPolicy(ComponentName admin,
int usesPolicy)
Returns true if an administrator has been granted a particular device policy.
|
boolean |
hasUserSetupCompleted() |
boolean |
installCaCert(ComponentName admin,
byte[] certBuffer)
Installs the given certificate as a user CA.
|
boolean |
installKeyPair(ComponentName admin,
PrivateKey privKey,
Certificate[] certs,
String alias,
boolean requestAccess)
Called by a device or profile owner, or delegated certificate installer, to install a
certificate chain and corresponding private key for the leaf certificate.
|
boolean |
installKeyPair(ComponentName admin,
PrivateKey privKey,
Certificate cert,
String alias)
Called by a device or profile owner, or delegated certificate installer, to install a
certificate and corresponding private key.
|
boolean |
isAccessibilityServicePermittedByAdmin(ComponentName admin,
String packageName,
int userHandle)
Called by the system to check if a specific accessibility service is disabled by admin.
|
boolean |
isActivePasswordSufficient()
Determine whether the current password the user has set is sufficient to meet the policy
requirements (e.g. quality, minimum length) that have been requested by the admins of this
user and its participating profiles.
|
boolean |
isAdminActive(ComponentName admin)
Return true if the given administrator component is currently active (enabled) in the system.
|
boolean |
isAdminActiveAsUser(ComponentName admin,
int userId) |
boolean |
isAffiliatedUser() |
boolean |
isApplicationHidden(ComponentName admin,
String packageName)
Called by profile or device owners to determine if a package is hidden.
|
boolean |
isBackupServiceEnabled(ComponentName admin) |
boolean |
isCaCertApproved(String alias,
int userHandle)
Check whether a CA certificate has been approved by the device user.
|
boolean |
isCallerApplicationRestrictionsManagingPackage()
Called by any application to find out whether it has been granted permission via
setApplicationRestrictionsManagingPackage(android.content.ComponentName, java.lang.String) to manage application restrictions
for the calling user. |
boolean |
isDeviceManaged() |
boolean |
isDeviceOwnerApp(String packageName)
Used to determine if a particular package has been registered as a Device Owner app.
|
boolean |
isDeviceOwnerAppOnAnyUser(String packageName) |
boolean |
isDeviceOwnerAppOnCallingUser(String packageName) |
boolean |
isDeviceProvisioned() |
boolean |
isDeviceProvisioningConfigApplied() |
boolean |
isInputMethodPermittedByAdmin(ComponentName admin,
String packageName,
int userHandle)
Called by the system to check if a specific input method is disabled by admin.
|
boolean |
isLockTaskPermitted(String pkg)
This function lets the caller know whether the given component is allowed to start the
lock task mode.
|
boolean |
isManagedProfile(ComponentName admin)
Return if this user is a managed profile of another user.
|
boolean |
isMasterVolumeMuted(ComponentName admin)
Called by profile or device owners to check whether the master volume mute is on or off.
|
boolean |
isPackageSuspended(ComponentName admin,
String packageName)
Called by device or profile owners to determine if a package is suspended.
|
boolean |
isProfileActivePasswordSufficientForParent(int userHandle)
Determine whether the current profile password the user has set is sufficient
to meet the policy requirements (e.g. quality, minimum length) that have been
requested by the admins of the parent user and its profiles.
|
boolean |
isProfileOwnerApp(String packageName)
Used to determine if a particular package is registered as the profile owner for the
user.
|
boolean |
isProvisioningAllowed(String action)
Returns if provisioning a managed profile or device is possible or not.
|
boolean |
isRemovingAdmin(ComponentName admin,
int userId)
Return true if the given administrator component is currently being removed
for the user.
|
boolean |
isSecurityLoggingEnabled(ComponentName admin)
Return whether security logging is enabled or not by the device owner.
|
boolean |
isSeparateProfileChallengeAllowed(int userHandle)
Returns true if the Profile Challenge is available to use for the given profile user.
|
boolean |
isSystemOnlyUser(ComponentName admin) |
boolean |
isUninstallBlocked(ComponentName admin,
String packageName)
Check whether the user has been blocked by device policy from uninstalling a package.
|
boolean |
isUninstallInQueue(String packageName) |
void |
lockNow()
Make the device lock immediately, as if the lock screen timeout has expired at the point of
this call.
|
protected int |
myUserId() |
void |
notifyPendingSystemUpdate(long updateReceivedTime)
Callable by the system update service to notify device owners about pending updates.
|
boolean |
packageHasActiveAdmins(String packageName)
Used by package administration code to determine if a package can be stopped
or uninstalled.
|
boolean |
packageHasActiveAdmins(String packageName,
int userId)
Used by package administration code to determine if a package can be stopped
or uninstalled.
|
void |
reboot(ComponentName admin)
Called by device owner to reboot the device.
|
void |
removeActiveAdmin(ComponentName admin)
Remove a current administration component.
|
boolean |
removeCrossProfileWidgetProvider(ComponentName admin,
String packageName)
Called by the profile owner of a managed profile to disable widget providers from a given
package to be available in the parent profile.
|
boolean |
removeKeyPair(ComponentName admin,
String alias)
Called by a device or profile owner, or delegated certificate installer, to remove a
certificate and private key pair installed under a given alias.
|
boolean |
removeUser(ComponentName admin,
UserHandle userHandle)
Called by a device owner to remove a user and all associated data.
|
void |
reportFailedFingerprintAttempt(int userHandle) |
void |
reportFailedPasswordAttempt(int userHandle) |
void |
reportKeyguardDismissed(int userHandle)
Should be called when keyguard has been dismissed.
|
void |
reportKeyguardSecured(int userHandle)
Should be called when keyguard view has been shown to the user.
|
void |
reportSuccessfulFingerprintAttempt(int userHandle) |
void |
reportSuccessfulPasswordAttempt(int userHandle) |
boolean |
requestBugreport(ComponentName admin)
Called by a device owner to request a bugreport.
|
boolean |
resetPassword(String password,
int flags)
Force a new device unlock password (the password needed to access the entire device, not for
individual accounts) on the user.
|
List<SecurityLog.SecurityEvent> |
retrievePreRebootSecurityLogs(ComponentName admin)
Called by device owners to retrieve device logs from before the device's last reboot.
|
List<SecurityLog.SecurityEvent> |
retrieveSecurityLogs(ComponentName admin)
Called by device owner to retrieve all new security logging entries since the last call to
this API after device boots.
|
void |
setAccountManagementDisabled(ComponentName admin,
String accountType,
boolean disabled)
Called by a device owner or profile owner to disable account management for a specific type
of account.
|
void |
setActiveAdmin(ComponentName policyReceiver,
boolean refreshing) |
void |
setActiveAdmin(ComponentName policyReceiver,
boolean refreshing,
int userHandle) |
void |
setActivePasswordState(int quality,
int length,
int letters,
int uppercase,
int lowercase,
int numbers,
int symbols,
int nonletter,
int userHandle) |
boolean |
setActiveProfileOwner(ComponentName admin,
String ownerName)
Deprecated.
Use #ACTION_SET_PROFILE_OWNER
Sets the given component as an active admin and registers the package as the profile
owner for this user. The package must already be installed and there shouldn't be
an existing profile owner registered for this user. Also, this method must be called
before the user setup has been completed.
This method can only be called by system apps that hold MANAGE_USERS permission and MANAGE_DEVICE_ADMINS permission. |
void |
setAffiliationIds(ComponentName admin,
Set<String> ids) |
void |
setAlwaysOnVpnPackage(ComponentName admin,
String vpnPackage)
Deprecated.
this version only exists for compability with previous developer preview builds.
TODO: delete once there are no longer any live references.
|
void |
setAlwaysOnVpnPackage(ComponentName admin,
String vpnPackage,
boolean lockdownEnabled)
Called by a device or profile owner to configure an always-on VPN connection through a
specific application for the current user.
|
boolean |
setApplicationHidden(ComponentName admin,
String packageName,
boolean hidden)
Called by profile or device owners to hide or unhide packages.
|
void |
setApplicationRestrictions(ComponentName admin,
String packageName,
Bundle settings)
Sets the application restrictions for a given target application running in the calling user.
|
void |
setApplicationRestrictionsManagingPackage(ComponentName admin,
String packageName)
Called by a profile owner or device owner to grant permission to a package to manage
application restrictions for the calling user via
setApplicationRestrictions(android.content.ComponentName, java.lang.String, android.os.Bundle) and
getApplicationRestrictions(android.content.ComponentName, java.lang.String) . |
void |
setAutoTimeRequired(ComponentName admin,
boolean required)
Called by a device owner to set whether auto time is required.
|
void |
setBackupServiceEnabled(ComponentName admin,
boolean enabled) |
void |
setBluetoothContactSharingDisabled(ComponentName admin,
boolean disabled)
Called by a profile owner of a managed profile to set whether bluetooth devices can access
enterprise contacts.
|
void |
setCameraDisabled(ComponentName admin,
boolean disabled)
Called by an application that is administering the device to disable all cameras on the
device, for this user.
|
void |
setCertInstallerPackage(ComponentName admin,
String installerPackage)
Called by a profile owner or device owner to grant access to privileged certificate
manipulation APIs to a third-party certificate installer app.
|
void |
setCrossProfileCallerIdDisabled(ComponentName admin,
boolean disabled)
Called by a profile owner of a managed profile to set whether caller-Id information from the
managed profile will be shown in the parent profile, for incoming calls.
|
void |
setCrossProfileContactsSearchDisabled(ComponentName admin,
boolean disabled)
Called by a profile owner of a managed profile to set whether contacts search from the
managed profile will be shown in the parent profile, for incoming calls.
|
boolean |
setDeviceOwner(ComponentName who) |
boolean |
setDeviceOwner(ComponentName who,
int userId) |
boolean |
setDeviceOwner(ComponentName who,
String ownerName) |
boolean |
setDeviceOwner(ComponentName who,
String ownerName,
int userId) |
void |
setDeviceOwnerLockScreenInfo(ComponentName admin,
CharSequence info)
Sets the device owner information to be shown on the lock screen.
|
void |
setDeviceProvisioningConfigApplied() |
void |
setForceEphemeralUsers(ComponentName admin,
boolean forceEphemeralUsers)
Called by a device owner to set whether all users created on the device should be ephemeral.
|
ComponentName |
setGlobalProxy(ComponentName admin,
Proxy proxySpec,
List<String> exclusionList)
Called by an application that is administering the device to set the
global proxy and exclusion list.
|
void |
setGlobalSetting(ComponentName admin,
String setting,
String value)
Called by device owners to update
Settings.Global settings. |
void |
setKeepUninstalledPackages(ComponentName admin,
List<String> packageNames)
Called by a device owner to set a list of apps to keep around as APKs even if no user has
currently installed it.
|
boolean |
setKeyguardDisabled(ComponentName admin,
boolean disabled)
Called by a device owner to disable the keyguard altogether.
|
void |
setKeyguardDisabledFeatures(ComponentName admin,
int which)
Called by an application that is administering the device to disable keyguard customizations,
such as widgets.
|
void |
setLockTaskPackages(ComponentName admin,
String[] packages)
Sets which packages may enter lock task mode.
|
void |
setLongSupportMessage(ComponentName admin,
CharSequence message)
Called by a device admin to set the long support message.
|
void |
setMasterVolumeMuted(ComponentName admin,
boolean on)
Called by profile or device owners to set the master volume mute on or off.
|
void |
setMaximumFailedPasswordsForWipe(ComponentName admin,
int num)
Setting this to a value greater than zero enables a built-in policy that will perform a
device or profile wipe after too many incorrect device-unlock passwords have been entered.
|
void |
setMaximumTimeToLock(ComponentName admin,
long timeMs)
Called by an application that is administering the device to set the maximum time for user
activity until the device will lock.
|
void |
setOrganizationColor(ComponentName admin,
int color)
Called by a profile owner of a managed profile to set the color used for customization.
|
void |
setOrganizationColorForUser(int color,
int userId) |
void |
setOrganizationName(ComponentName admin,
CharSequence title)
Called by a profile owner of a managed profile to set the name of the organization under
management.
|
String[] |
setPackagesSuspended(ComponentName admin,
String[] packageNames,
boolean suspended)
Called by device or profile owners to suspend packages for this user.
|
void |
setPasswordExpirationTimeout(ComponentName admin,
long timeout)
Called by a device admin to set the password expiration timeout.
|
void |
setPasswordHistoryLength(ComponentName admin,
int length)
Called by an application that is administering the device to set the length of the password
history.
|
void |
setPasswordMinimumLength(ComponentName admin,
int length)
Called by an application that is administering the device to set the minimum allowed password
length.
|
void |
setPasswordMinimumLetters(ComponentName admin,
int length)
Called by an application that is administering the device to set the minimum number of
letters required in the password.
|
void |
setPasswordMinimumLowerCase(ComponentName admin,
int length)
Called by an application that is administering the device to set the minimum number of lower
case letters required in the password.
|
void |
setPasswordMinimumNonLetter(ComponentName admin,
int length)
Called by an application that is administering the device to set the minimum number of
non-letter characters (numerical digits or symbols) required in the password.
|
void |
setPasswordMinimumNumeric(ComponentName admin,
int length)
Called by an application that is administering the device to set the minimum number of
numerical digits required in the password.
|
void |
setPasswordMinimumSymbols(ComponentName admin,
int length)
Called by an application that is administering the device to set the minimum number of
symbols required in the password.
|
void |
setPasswordMinimumUpperCase(ComponentName admin,
int length)
Called by an application that is administering the device to set the minimum number of upper
case letters required in the password.
|
void |
setPasswordQuality(ComponentName admin,
int quality)
Called by an application that is administering the device to set the password restrictions it
is imposing.
|
boolean |
setPermissionGrantState(ComponentName admin,
String packageName,
String permission,
int grantState)
Sets the grant state of a runtime permission for a specific application.
|
void |
setPermissionPolicy(ComponentName admin,
int policy)
Called by profile or device owners to set the default response for future runtime permission
requests by applications.
|
boolean |
setPermittedAccessibilityServices(ComponentName admin,
List<String> packageNames)
Called by a profile or device owner to set the permitted accessibility services.
|
boolean |
setPermittedInputMethods(ComponentName admin,
List<String> packageNames)
Called by a profile or device owner to set the permitted input methods services.
|
void |
setProfileEnabled(ComponentName admin)
Sets the enabled state of the profile.
|
void |
setProfileName(ComponentName admin,
String profileName)
Sets the name of the profile.
|
boolean |
setProfileOwner(ComponentName admin,
String ownerName,
int userHandle) |
void |
setRecommendedGlobalProxy(ComponentName admin,
ProxyInfo proxyInfo)
Set a network-independent global HTTP proxy.
|
void |
setRequiredStrongAuthTimeout(ComponentName admin,
long timeoutMs)
Called by a device/profile owner to set the timeout after which unlocking with secondary, non
strong auth (e.g. fingerprint, trust agents) times out, i.e. the user has to use a strong
authentication method like password, pin or pattern.
|
void |
setRestrictionsProvider(ComponentName admin,
ComponentName provider)
Designates a specific service component as the provider for making permission requests of a
local or remote administrator of the user.
|
void |
setScreenCaptureDisabled(ComponentName admin,
boolean disabled)
Called by a device/profile owner to set whether the screen capture is disabled.
|
void |
setSecureSetting(ComponentName admin,
String setting,
String value)
Called by profile or device owners to update
Settings.Secure settings. |
void |
setSecurityLoggingEnabled(ComponentName admin,
boolean enabled)
Called by device owner to control the security logging feature.
|
void |
setShortSupportMessage(ComponentName admin,
CharSequence message)
Called by a device admin to set the short support message.
|
boolean |
setStatusBarDisabled(ComponentName admin,
boolean disabled)
Called by device owner to disable the status bar.
|
int |
setStorageEncryption(ComponentName admin,
boolean encrypt)
Called by an application that is administering the device to request that the storage system
be encrypted.
|
void |
setSystemUpdatePolicy(ComponentName admin,
SystemUpdatePolicy policy)
Called by device owners to set a local system update policy.
|
void |
setTrustAgentConfiguration(ComponentName admin,
ComponentName target,
PersistableBundle configuration)
Sets a list of configuration features to enable for a TrustAgent component.
|
void |
setUninstallBlocked(ComponentName admin,
String packageName,
boolean uninstallBlocked)
Called by profile or device owners to change whether a user can uninstall a package.
|
void |
setUserIcon(ComponentName admin,
Bitmap icon)
Called by profile or device owners to set the user's photo.
|
void |
setUserProvisioningState(int state,
int userHandle)
Set the
DevicePolicyManager.UserProvisioningState for the supplied user, if they are managed. |
void |
startManagedQuickContact(String actualLookupKey,
long actualContactId,
boolean isContactIdIgnored,
long directoryId,
Intent originalIntent)
Start Quick Contact on the managed profile for the user, if the policy allows.
|
void |
startManagedQuickContact(String actualLookupKey,
long actualContactId,
Intent originalIntent)
Start Quick Contact on the managed profile for the user, if the policy allows.
|
boolean |
switchUser(ComponentName admin,
UserHandle userHandle)
Called by a device owner to switch the specified user to the foreground.
|
void |
uninstallAllUserCaCerts(ComponentName admin)
Uninstalls all custom trusted CA certificates from the profile.
|
void |
uninstallCaCert(ComponentName admin,
byte[] certBuffer)
Uninstalls the given certificate from trusted user CAs, if present.
|
void |
uninstallPackageWithActiveAdmins(String packageName) |
void |
wipeData(int flags)
Ask the user data be wiped.
|
public static final String ACTION_PROVISION_MANAGED_PROFILE
A managed profile allows data separation for example for the usage of a device as a personal and corporate device. The user which provisioning is started from and the managed profile share a launcher.
This intent will typically be sent by a mobile device management application (MDM). Provisioning adds a managed profile and sets the MDM as the profile owner who has full control over the profile.
It is possible to check if provisioning is allowed or not by querying the method
isProvisioningAllowed(String)
.
In version Build.VERSION_CODES.LOLLIPOP
, this intent must contain the
extra EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME
.
As of Build.VERSION_CODES.M
, it should contain the extra
EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME
instead, although specifying only
EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME
is still supported.
The intent may also contain the following extras:
EXTRA_PROVISIONING_ACCOUNT_TO_MIGRATE
, optional EXTRA_PROVISIONING_SKIP_ENCRYPTION
, optional, supported from
Build.VERSION_CODES.N
EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE
, optionalEXTRA_PROVISIONING_LOGO_URI
, optionalEXTRA_PROVISIONING_MAIN_COLOR
, optionalWhen managed provisioning has completed, broadcasts are sent to the application specified
in the provisioning intent. The
DeviceAdminReceiver.ACTION_PROFILE_PROVISIONING_COMPLETE
broadcast is sent in the
managed profile and the ACTION_MANAGED_PROFILE_PROVISIONED
broadcast is sent in
the primary profile.
If provisioning fails, the managedProfile is removed so the device returns to its previous state.
If launched with Activity.startActivityForResult(Intent, int)
a
result code of Activity.RESULT_OK
implies that the synchronous part of
the provisioning flow was successful, although this doesn't guarantee the full flow will
succeed. Conversely a result code of Activity.RESULT_CANCELED
implies
that the user backed-out of provisioning, or some precondition for provisioning wasn't met.
public static final String ACTION_PROVISION_MANAGED_USER
This intent will typically be sent by a mobile device management application (MDM).
Provisioning configures the user as managed user and sets the MDM as the profile
owner who has full control over the user. Provisioning can only happen before user setup has
been completed. Use isProvisioningAllowed(String)
to check if provisioning is
allowed.
The intent contains the following extras:
EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME
EXTRA_PROVISIONING_SKIP_ENCRYPTION
, optionalEXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE
, optionalEXTRA_PROVISIONING_LOGO_URI
, optionalEXTRA_PROVISIONING_MAIN_COLOR
, optionalIf provisioning fails, the device returns to its previous state.
If launched with Activity.startActivityForResult(Intent, int)
a
result code of Activity.RESULT_OK
implies that the synchronous part of
the provisioning flow was successful, although this doesn't guarantee the full flow will
succeed. Conversely a result code of Activity.RESULT_CANCELED
implies
that the user backed-out of provisioning, or some precondition for provisioning wasn't met.
public static final String ACTION_PROVISION_MANAGED_DEVICE
Activity.startActivityForResult(Intent, int)
.
During device owner provisioning a device admin app is set as the owner of the device. A device owner has full control over the device. The device owner can not be modified by the user.
A typical use case would be a device that is owned by a company, but used by either an employee or client.
An intent with this action can be sent only on an unprovisioned device.
It is possible to check if provisioning is allowed or not by querying the method
isProvisioningAllowed(String)
.
The intent contains the following extras:
EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME
EXTRA_PROVISIONING_SKIP_ENCRYPTION
, optionalEXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED
, optionalEXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE
, optionalEXTRA_PROVISIONING_LOGO_URI
, optionalEXTRA_PROVISIONING_MAIN_COLOR
, optionalWhen device owner provisioning has completed, an intent of the type
DeviceAdminReceiver.ACTION_PROFILE_PROVISIONING_COMPLETE
is broadcast to the
device owner.
If provisioning fails, the device is factory reset.
A result code of Activity.RESULT_OK
implies that the synchronous part
of the provisioning flow was successful, although this doesn't guarantee the full flow will
succeed. Conversely a result code of Activity.RESULT_CANCELED
implies
that the user backed-out of provisioning, or some precondition for provisioning wasn't met.
public static final String ACTION_PROVISION_MANAGED_DEVICE_FROM_TRUSTED_SOURCE
During device owner provisioning, a device admin app is downloaded and set as the owner of the device. A device owner has full control over the device. The device owner can not be modified by the user and the only way of resetting the device is via factory reset.
A typical use case would be a device that is owned by a company, but used by either an employee or client.
The provisioning message should be sent to an unprovisioned device.
Unlike ACTION_PROVISION_MANAGED_DEVICE
, the provisioning message can only be sent
by a privileged app with the permission
android.Manifest.permission#DISPATCH_PROVISIONING_MESSAGE
.
The provisioning intent contains the following properties:
EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME
EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION
, optionalEXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_COOKIE_HEADER
, optionalEXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM
, optionalEXTRA_PROVISIONING_LOCAL_TIME
(convert to String), optionalEXTRA_PROVISIONING_TIME_ZONE
, optionalEXTRA_PROVISIONING_LOCALE
, optionalEXTRA_PROVISIONING_WIFI_SSID
, optionalEXTRA_PROVISIONING_WIFI_HIDDEN
(convert to String), optionalEXTRA_PROVISIONING_WIFI_SECURITY_TYPE
, optionalEXTRA_PROVISIONING_WIFI_PASSWORD
, optionalEXTRA_PROVISIONING_WIFI_PROXY_HOST
, optionalEXTRA_PROVISIONING_WIFI_PROXY_PORT
(convert to String), optionalEXTRA_PROVISIONING_WIFI_PROXY_BYPASS
, optionalEXTRA_PROVISIONING_WIFI_PAC_URL
, optionalEXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE
, optionalpublic static final String ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE
Activity.startActivityForResult(Intent, int)
.
NOTE: This is only supported on split system user devices, and puts the device into a
management state that is distinct from that reached by
ACTION_PROVISION_MANAGED_DEVICE
- specifically the device owner runs on the system
user, and only has control over device-wide policies, not individual users and their data.
The primary benefit is that multiple non-system users are supported when provisioning using
this form of device management.
During device owner provisioning a device admin app is set as the owner of the device. A device owner has full control over the device. The device owner can not be modified by the user.
A typical use case would be a device that is owned by a company, but used by either an employee or client.
An intent with this action can be sent only on an unprovisioned device.
It is possible to check if provisioning is allowed or not by querying the method
isProvisioningAllowed(String)
.
The intent contains the following extras:
EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME
EXTRA_PROVISIONING_SKIP_ENCRYPTION
, optionalEXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED
, optionalEXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE
, optionalEXTRA_PROVISIONING_LOGO_URI
, optionalEXTRA_PROVISIONING_MAIN_COLOR
, optionalWhen device owner provisioning has completed, an intent of the type
DeviceAdminReceiver.ACTION_PROFILE_PROVISIONING_COMPLETE
is broadcast to the
device owner.
If provisioning fails, the device is factory reset.
A result code of Activity.RESULT_OK
implies that the synchronous part
of the provisioning flow was successful, although this doesn't guarantee the full flow will
succeed. Conversely a result code of Activity.RESULT_CANCELED
implies
that the user backed-out of provisioning, or some precondition for provisioning wasn't met.
public static final String ACTION_PROVISION_FINALIZATION
getUserProvisioningState()
returns one of:
public static final String ACTION_BUGREPORT_SHARING_ACCEPTED
public static final String ACTION_BUGREPORT_SHARING_DECLINED
public static final String ACTION_REMOTE_BUGREPORT_DISPATCH
DevicePolicyManagerService
.public static final String EXTRA_REMOTE_BUGREPORT_HASH
public static final String EXTRA_BUGREPORT_NOTIFICATION_TYPE
public static final int NOTIFICATION_BUGREPORT_STARTED
public static final int NOTIFICATION_BUGREPORT_ACCEPTED_NOT_FINISHED
public static final int NOTIFICATION_BUGREPORT_FINISHED_NOT_ACCEPTED
public static final long DEFAULT_STRONG_AUTH_TIMEOUT_MS
public static final String EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE
Parcelable
extra of type PersistableBundle
that
allows a mobile device management application or NFC programmer application which starts
managed provisioning to pass data to the management application instance after provisioning.
If used with ACTION_PROVISION_MANAGED_PROFILE
it can be used by the application that
sends the intent to pass data to itself on the newly created profile.
If used with ACTION_PROVISION_MANAGED_DEVICE
it allows passing data to the same
instance of the app on the primary user.
Starting from Build.VERSION_CODES.M
, if used with
MIME_TYPE_PROVISIONING_NFC
as part of NFC managed device provisioning, the NFC
message should contain a stringified Properties
instance, whose string
properties will be converted into a PersistableBundle
and passed to the
management application after provisioning.
In both cases the application receives the data in
DeviceAdminReceiver.onProfileProvisioningComplete(android.content.Context, android.content.Intent)
via an intent with the action
DeviceAdminReceiver.ACTION_PROFILE_PROVISIONING_COMPLETE
. The bundle is not changed
during the managed provisioning.
@Deprecated public static final String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME
EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME
. This extra is still
supported, but only if there is only one device admin receiver in the package that requires
the permission android.Manifest.permission#BIND_DEVICE_ADMIN
.If an application starts provisioning directly via an intent with action
ACTION_PROVISION_MANAGED_PROFILE
this package has to match the package name of the
application that started provisioning. The package will be set as profile owner in that case.
This package is set as device owner when device owner provisioning is started by an NFC
message containing an NFC record with MIME type MIME_TYPE_PROVISIONING_NFC
.
When this extra is set, the application must have exactly one device admin receiver. This receiver will be set as the profile or device owner and active admin.
DeviceAdminReceiver
,
Constant Field Valuespublic static final String EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME
If an application starts provisioning directly via an intent with action
ACTION_PROVISION_MANAGED_PROFILE
or
ACTION_PROVISION_MANAGED_DEVICE
the package name of this
component has to match the package name of the application that started provisioning.
This component is set as device owner and active admin when device owner provisioning is
started by an intent with action ACTION_PROVISION_MANAGED_DEVICE
or by an NFC
message containing an NFC record with MIME type
MIME_TYPE_PROVISIONING_NFC
. For the NFC record, the component name must be
flattened to a string, via ComponentName.flattenToShortString()
.
DeviceAdminReceiver
,
Constant Field Valuespublic static final String EXTRA_PROVISIONING_ACCOUNT_TO_MIGRATE
android.accounts.Account
extra holding the account to migrate during managed
profile provisioning. If the account supplied is present in the primary user, it will be
copied, along with its credentials to the managed profile and removed from the primary user.
Use with ACTION_PROVISION_MANAGED_PROFILE
.public static final String EXTRA_PROVISIONING_EMAIL_ADDRESS
ACTION_PROVISION_MANAGED_PROFILE
and
DeviceAdminReceiver.ACTION_PROFILE_PROVISIONING_COMPLETE
.
This extra is part of the EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE
.
If the ACTION_PROVISION_MANAGED_PROFILE
intent that starts managed provisioning
contains this extra, it is forwarded in the
DeviceAdminReceiver.ACTION_PROFILE_PROVISIONING_COMPLETE
intent to the mobile
device management application that was set as the profile owner during provisioning.
It is usually used to avoid that the user has to enter their email address twice.
public static final String EXTRA_PROVISIONING_MAIN_COLOR
Color
for how the color is represented.
Use with ACTION_PROVISION_MANAGED_PROFILE
or
ACTION_PROVISION_MANAGED_DEVICE
.
public static final String EXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED
true
.
Use in an NFC record with MIME_TYPE_PROVISIONING_NFC
or an intent with action
ACTION_PROVISION_MANAGED_DEVICE
that starts device owner provisioning.
public static final String EXTRA_PROVISIONING_TIME_ZONE
AlarmManager
that the device
will be set to.
Use in an NFC record with MIME_TYPE_PROVISIONING_NFC
that starts device owner
provisioning via an NFC bump.
public static final String EXTRA_PROVISIONING_LOCAL_TIME
AlarmManager
.
Use in an NFC record with MIME_TYPE_PROVISIONING_NFC
that starts device owner
provisioning via an NFC bump.
public static final String EXTRA_PROVISIONING_LOCALE
Locale
that the device will be set to.
Format: xx_yy, where xx is the language code, and yy the country code.
Use in an NFC record with MIME_TYPE_PROVISIONING_NFC
that starts device owner
provisioning via an NFC bump.
public static final String EXTRA_PROVISIONING_WIFI_SSID
Use in an NFC record with MIME_TYPE_PROVISIONING_NFC
that starts device owner
provisioning via an NFC bump.
public static final String EXTRA_PROVISIONING_WIFI_HIDDEN
EXTRA_PROVISIONING_WIFI_SSID
is hidden or not.
Use in an NFC record with MIME_TYPE_PROVISIONING_NFC
that starts device owner
provisioning via an NFC bump.
public static final String EXTRA_PROVISIONING_WIFI_SECURITY_TYPE
EXTRA_PROVISIONING_WIFI_SSID
and could be one of NONE
, WPA
or
WEP
.
Use in an NFC record with MIME_TYPE_PROVISIONING_NFC
that starts device owner
provisioning via an NFC bump.
public static final String EXTRA_PROVISIONING_WIFI_PASSWORD
EXTRA_PROVISIONING_WIFI_SSID
.
Use in an NFC record with MIME_TYPE_PROVISIONING_NFC
that starts device owner
provisioning via an NFC bump.
public static final String EXTRA_PROVISIONING_WIFI_PROXY_HOST
EXTRA_PROVISIONING_WIFI_SSID
.
Use in an NFC record with MIME_TYPE_PROVISIONING_NFC
that starts device owner
provisioning via an NFC bump.
public static final String EXTRA_PROVISIONING_WIFI_PROXY_PORT
EXTRA_PROVISIONING_WIFI_SSID
.
Use in an NFC record with MIME_TYPE_PROVISIONING_NFC
that starts device owner
provisioning via an NFC bump.
public static final String EXTRA_PROVISIONING_WIFI_PROXY_BYPASS
EXTRA_PROVISIONING_WIFI_SSID
.
Use in an NFC record with MIME_TYPE_PROVISIONING_NFC
that starts device owner
provisioning via an NFC bump.
public static final String EXTRA_PROVISIONING_WIFI_PAC_URL
EXTRA_PROVISIONING_WIFI_SSID
.
Use in an NFC record with MIME_TYPE_PROVISIONING_NFC
that starts device owner
provisioning via an NFC bump.
public static final String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION
Use in an NFC record with MIME_TYPE_PROVISIONING_NFC
that starts device owner
provisioning via an NFC bump.
public static final String EXTRA_PROVISIONING_DEVICE_ADMIN_MINIMUM_VERSION_CODE
EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION
if the version of the
installed package is less than this version code.
Use in an NFC record with MIME_TYPE_PROVISIONING_NFC
that starts device owner
provisioning via an NFC bump.
public static final String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_COOKIE_HEADER
EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION
.
Use in an NFC record with MIME_TYPE_PROVISIONING_NFC
that starts device owner
provisioning via an NFC bump.
public static final String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM
EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION
.
Either this extra or EXTRA_PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM
must be
present. The provided checksum must match the checksum of the file at the download
location. If the checksum doesn't match an error will be shown to the user and the user will
be asked to factory reset the device.
Use in an NFC record with MIME_TYPE_PROVISIONING_NFC
that starts device owner
provisioning via an NFC bump.
Note: for devices running Build.VERSION_CODES.LOLLIPOP
and Build.VERSION_CODES.LOLLIPOP_MR1
only SHA-1 hash is supported.
Starting from Build.VERSION_CODES.M
, this parameter accepts SHA-256 in
addition to SHA-1. Support for SHA-1 is likely to be removed in future OS releases.
public static final String EXTRA_PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM
EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION
.
The signatures of an android package archive can be obtained using
PackageManager.getPackageArchiveInfo(java.lang.String, int)
with flag
PackageManager.GET_SIGNATURES
.
Either this extra or EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM
must be
present. The provided checksum must match the checksum of any signature of the file at
the download location. If the checksum does not match an error will be shown to the user and
the user will be asked to factory reset the device.
Use in an NFC record with MIME_TYPE_PROVISIONING_NFC
that starts device owner
provisioning via an NFC bump.
public static final String ACTION_MANAGED_PROFILE_PROVISIONED
The broadcast is limited to the primary profile, to the app specified in the provisioning
intent with action ACTION_PROVISION_MANAGED_PROFILE
.
This intent will contain the extra EXTRA_PROVISIONING_ACCOUNT_TO_MIGRATE
which
corresponds to the account requested to be migrated at provisioning time, if any.
public static final String EXTRA_PROVISIONING_SKIP_ENCRYPTION
Use in an NFC record with MIME_TYPE_PROVISIONING_NFC
or an intent with action
ACTION_PROVISION_MANAGED_DEVICE
that starts device owner provisioning.
From Build.VERSION_CODES.N
onwards, this is also supported for an
intent with action ACTION_PROVISION_MANAGED_PROFILE
.
public static final String EXTRA_PROVISIONING_LOGO_URI
Uri
extra pointing to a logo image. This image will be shown during the
provisioning. If this extra is not passed, a default image will be shown.
ContentResolver.SCHEME_CONTENT
)ContentResolver.SCHEME_ANDROID_RESOURCE
)It is the responsability of the caller to provide an image with a reasonable pixed density for the device.
If a content: URI is passed, the intent should have the flag
Intent.FLAG_GRANT_READ_URI_PERMISSION
and the uri should be added to the
ClipData
of the intent too.
Use in an intent with action ACTION_PROVISION_MANAGED_PROFILE
or
ACTION_PROVISION_MANAGED_DEVICE
public static final String EXTRA_PROVISIONING_SKIP_USER_SETUP
If unspecified, defaults to true
to match the behavior in
Build.VERSION_CODES.M
and earlier.
Use in an intent with action ACTION_PROVISION_MANAGED_DEVICE
or
ACTION_PROVISION_MANAGED_USER
.
public static final String MIME_TYPE_PROVISIONING_NFC
During device owner provisioning a device admin app is set as the owner of the device. A device owner has full control over the device. The device owner can not be modified by the user and the only way of resetting the device is if the device owner app calls a factory reset.
A typical use case would be a device that is owned by a company, but used by either an employee or client.
The NFC message must be sent to an unprovisioned device.
The NFC record must contain a serialized Properties
object which
contains the following properties:
EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME
EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION
, optionalEXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_COOKIE_HEADER
, optionalEXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM
, optionalEXTRA_PROVISIONING_LOCAL_TIME
(convert to String), optionalEXTRA_PROVISIONING_TIME_ZONE
, optionalEXTRA_PROVISIONING_LOCALE
, optionalEXTRA_PROVISIONING_WIFI_SSID
, optionalEXTRA_PROVISIONING_WIFI_HIDDEN
(convert to String), optionalEXTRA_PROVISIONING_WIFI_SECURITY_TYPE
, optionalEXTRA_PROVISIONING_WIFI_PASSWORD
, optionalEXTRA_PROVISIONING_WIFI_PROXY_HOST
, optionalEXTRA_PROVISIONING_WIFI_PROXY_PORT
(convert to String), optionalEXTRA_PROVISIONING_WIFI_PROXY_BYPASS
, optionalEXTRA_PROVISIONING_WIFI_PAC_URL
, optionalEXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE
, optional, supported from
Build.VERSION_CODES.M
As of Build.VERSION_CODES.M
, the properties should contain
EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME
instead of
EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME
, (although specifying only
EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME
is still supported).
public static final String ACTION_ADD_DEVICE_ADMIN
EXTRA_DEVICE_ADMIN
extra field. This will invoke a UI to
bring the user through adding the device administrator to the system (or
allowing them to reject it).
You can optionally include the EXTRA_ADD_EXPLANATION
field to provide the user with additional explanation (in addition
to your component's description) about what is being added.
If your administrator is already active, this will ordinarily return immediately (without user intervention). However, if your administrator has been updated and is requesting additional uses-policy flags, the user will be presented with the new list. New policies will not be available to the updated administrator until the user has accepted the new list.
public static final String ACTION_SET_PROFILE_OWNER
public static final String EXTRA_PROFILE_OWNER_NAME
public static final String ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED
public static final String ACTION_DEVICE_OWNER_CHANGED
public static final String EXTRA_DEVICE_ADMIN
ACTION_ADD_DEVICE_ADMIN
,
Constant Field Valuespublic static final String EXTRA_ADD_EXPLANATION
ACTION_ADD_DEVICE_ADMIN
,
Constant Field Valuespublic static final String ACTION_SET_NEW_PASSWORD
setPasswordQuality(ComponentName, int)
,
or setPasswordMinimumLength(ComponentName, int)
to have the user
enter a new password that meets the current requirements. You can use
isActivePasswordSufficient()
to determine whether you need to
have the user select a new password in order to meet the current
constraints. Upon being resumed from this activity, you can check the new
password characteristics to see if they are sufficient.
If the intent is launched from within a managed profile with a profile
owner built against Build.VERSION_CODES.M
or before,
this will trigger entering a new password for the parent of the profile.
For all other cases it will trigger entering a new password for the user
or profile it is launched from.public static final String ACTION_SET_NEW_PARENT_PROFILE_PASSWORD
ACTION_SET_NEW_PASSWORD
.public static final int FLAG_PARENT_CAN_ACCESS_MANAGED
addCrossProfileIntentFilter(android.content.ComponentName, android.content.IntentFilter, int)
to allow activities in
the parent profile to access intents sent from the managed profile.
That is, when an app in the managed profile calls
Activity.startActivity(Intent)
, the intent can be resolved by a
matching activity in the parent profile.public static final int FLAG_MANAGED_CAN_ACCESS_PARENT
addCrossProfileIntentFilter(android.content.ComponentName, android.content.IntentFilter, int)
to allow activities in
the managed profile to access intents sent from the parent profile.
That is, when an app in the parent profile calls
Activity.startActivity(Intent)
, the intent can be resolved by a
matching activity in the managed profile.public static final String ACTION_SYSTEM_UPDATE_POLICY_CHANGED
getSystemUpdatePolicy()
.public static final int PERMISSION_POLICY_PROMPT
public static final int PERMISSION_POLICY_AUTO_GRANT
public static final int PERMISSION_POLICY_AUTO_DENY
public static final int PERMISSION_GRANT_STATE_DEFAULT
public static final int PERMISSION_GRANT_STATE_GRANTED
public static final int PERMISSION_GRANT_STATE_DENIED
public static final int STATE_USER_UNMANAGED
public static final int STATE_USER_SETUP_INCOMPLETE
public static final int STATE_USER_SETUP_COMPLETE
public static final int STATE_USER_SETUP_FINALIZED
public static final int STATE_USER_PROFILE_COMPLETE
public static final int PASSWORD_QUALITY_UNSPECIFIED
setPasswordQuality(android.content.ComponentName, int)
: the policy has no requirements
for the password. Note that quality constants are ordered so that higher
values are more restrictive.public static final int PASSWORD_QUALITY_BIOMETRIC_WEAK
setPasswordQuality(android.content.ComponentName, int)
: the policy allows for low-security biometric
recognition technology. This implies technologies that can recognize the identity of
an individual to about a 3 digit PIN (false detection is less than 1 in 1,000).
Note that quality constants are ordered so that higher values are more restrictive.public static final int PASSWORD_QUALITY_SOMETHING
setPasswordQuality(android.content.ComponentName, int)
: the policy requires some kind
of password or pattern, but doesn't care what it is. Note that quality constants
are ordered so that higher values are more restrictive.public static final int PASSWORD_QUALITY_NUMERIC
setPasswordQuality(android.content.ComponentName, int)
: the user must have entered a
password containing at least numeric characters. Note that quality
constants are ordered so that higher values are more restrictive.public static final int PASSWORD_QUALITY_NUMERIC_COMPLEX
setPasswordQuality(android.content.ComponentName, int)
: the user must have entered a
password containing at least numeric characters with no repeating (4444)
or ordered (1234, 4321, 2468) sequences. Note that quality
constants are ordered so that higher values are more restrictive.public static final int PASSWORD_QUALITY_ALPHABETIC
setPasswordQuality(android.content.ComponentName, int)
: the user must have entered a
password containing at least alphabetic (or other symbol) characters.
Note that quality constants are ordered so that higher values are more
restrictive.public static final int PASSWORD_QUALITY_ALPHANUMERIC
setPasswordQuality(android.content.ComponentName, int)
: the user must have entered a
password containing at least both> numeric and
alphabetic (or other symbol) characters. Note that quality constants are
ordered so that higher values are more restrictive.public static final int PASSWORD_QUALITY_COMPLEX
setPasswordQuality(android.content.ComponentName, int)
: the user must have entered a
password containing at least a letter, a numerical digit and a special
symbol, by default. With this password quality, passwords can be
restricted to contain various sets of characters, like at least an
uppercase letter, etc. These are specified using various methods,
like setPasswordMinimumLowerCase(ComponentName, int)
. Note
that quality constants are ordered so that higher values are more
restrictive.public static final int PASSWORD_QUALITY_MANAGED
setPasswordQuality(android.content.ComponentName, int)
: the user is not allowed to
modify password. In case this password quality is set, the password is
managed by a profile owner. The profile owner can set any password,
as if PASSWORD_QUALITY_UNSPECIFIED
is used. Note
that quality constants are ordered so that higher values are more
restrictive. The value of PASSWORD_QUALITY_MANAGED
is
the highest.public static final String ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_ALLOWED
public static final String ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_DISALLOWED
public static final int RESET_PASSWORD_REQUIRE_ENTRY
resetPassword(java.lang.String, int)
: don't allow other admins to change
the password again until the user has entered it.public static final int RESET_PASSWORD_DO_NOT_ASK_CREDENTIALS_ON_BOOT
resetPassword(java.lang.String, int)
: don't ask for user credentials on device boot.
If the flag is set, the device can be booted without asking for user password.
The absence of this flag does not change the current boot requirements. This flag
can be set by the device owner only. If the app is not the device owner, the flag
is ignored. Once the flag is set, it cannot be reverted back without resetting the
device to factory defaults.public static final int WIPE_EXTERNAL_STORAGE
wipeData(int)
: also erase the device's external
storage (such as SD cards).public static final int WIPE_RESET_PROTECTION_DATA
wipeData(int)
: also erase the factory reset protection
data.
This flag may only be set by device owner admins; if it is set by
other admins a SecurityException
will be thrown.
public static final int ENCRYPTION_STATUS_UNSUPPORTED
setStorageEncryption(android.content.ComponentName, boolean)
and getStorageEncryptionStatus()
:
indicating that encryption is not supported.public static final int ENCRYPTION_STATUS_INACTIVE
setStorageEncryption(android.content.ComponentName, boolean)
and getStorageEncryptionStatus()
:
indicating that encryption is supported, but is not currently active.public static final int ENCRYPTION_STATUS_ACTIVATING
getStorageEncryptionStatus()
:
indicating that encryption is not currently active, but is currently
being activated. This is only reported by devices that support
encryption of data and only when the storage is currently
undergoing a process of becoming encrypted. A device that must reboot and/or wipe data
to become encrypted will never return this value.public static final int ENCRYPTION_STATUS_ACTIVE
setStorageEncryption(android.content.ComponentName, boolean)
and getStorageEncryptionStatus()
:
indicating that encryption is active.
Also see ENCRYPTION_STATUS_ACTIVE_PER_USER
.
public static final int ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY
getStorageEncryptionStatus()
:
indicating that encryption is active, but an encryption key has not
been set by the user.public static final int ENCRYPTION_STATUS_ACTIVE_PER_USER
getStorageEncryptionStatus()
:
indicating that encryption is active and the encryption key is tied to the user or profile.
This value is only returned to apps targeting API level 24 and above. For apps targeting
earlier API levels, ENCRYPTION_STATUS_ACTIVE
is returned, even if the
encryption key is specific to the user or profile.
public static final String ACTION_START_ENCRYPTION
setStorageEncryption(android.content.ComponentName, boolean)
to request encryption be activated.
After resuming from this activity, use getStorageEncryption(android.content.ComponentName)
to check encryption status. However, on some devices this activity may never return, as
it may trigger a reboot and in some cases a complete data wipe of the device.public static final int KEYGUARD_DISABLE_FEATURES_NONE
public static final int KEYGUARD_DISABLE_WIDGETS_ALL
public static final int KEYGUARD_DISABLE_SECURE_CAMERA
public static final int KEYGUARD_DISABLE_SECURE_NOTIFICATIONS
public static final int KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS
public static final int KEYGUARD_DISABLE_TRUST_AGENTS
public static final int KEYGUARD_DISABLE_FINGERPRINT
public static final int KEYGUARD_DISABLE_REMOTE_INPUT
public static final int KEYGUARD_DISABLE_FEATURES_ALL
public static final int SKIP_SETUP_WIZARD
createAndManageUser(android.content.ComponentName, java.lang.String, android.content.ComponentName, android.os.PersistableBundle, int)
to skip setup wizard after creating a new user.public static final int MAKE_USER_EPHEMERAL
createAndManageUser(android.content.ComponentName, java.lang.String, android.content.ComponentName, android.os.PersistableBundle, int)
to specify that the user should be created
ephemeral.protected DevicePolicyManager(Context context, IDevicePolicyManager service, boolean parentInstance)
public static DevicePolicyManager create(Context context)
protected int myUserId()
public boolean isAdminActive(ComponentName admin)
admin
- The administrator component to check for.true
if admin
is currently enabled in the system, false
otherwisepublic boolean isAdminActiveAsUser(ComponentName admin, int userId)
isAdminActive(ComponentName)
public boolean isRemovingAdmin(ComponentName admin, int userId)
public List<ComponentName> getActiveAdmins()
null
may be
returned.public List<ComponentName> getActiveAdminsAsUser(int userId)
getActiveAdmins()
public boolean packageHasActiveAdmins(String packageName)
public boolean packageHasActiveAdmins(String packageName, int userId)
public void removeActiveAdmin(ComponentName admin)
Note that the operation is not synchronous and the admin might still be active (as
indicated by getActiveAdmins()
) by the time this method returns.
admin
- The administration compononent to remove.SecurityException
- if the caller is not in the owner application of admin
.public boolean hasGrantedPolicy(ComponentName admin, int usesPolicy)
admin
- Which DeviceAdminReceiver
this request is associated with. Must be an
active administrator, or an exception will be thrown.usesPolicy
- Which uses-policy to check, as defined in DeviceAdminInfo
.SecurityException
- if admin
is not an active administrator.public boolean isSeparateProfileChallengeAllowed(int userHandle)
public void setPasswordQuality(ComponentName admin, int quality)
ACTION_SET_NEW_PASSWORD
or
ACTION_SET_NEW_PARENT_PROFILE_PASSWORD
after calling this method.
Quality constants are ordered so that higher values are more restrictive; thus the highest requested quality constant (between the policy set here, the user's preference, and any other considerations) is the one that is in effect.
The calling device admin must have requested
DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD
to be able to call this method; if it has
not, a security exception will be thrown.
This method can be called on the DevicePolicyManager
instance returned by
getParentProfileInstance(ComponentName)
in order to set restrictions on the parent
profile.
admin
- Which DeviceAdminReceiver
this request is associated with.quality
- The new desired quality. One of PASSWORD_QUALITY_UNSPECIFIED
,
PASSWORD_QUALITY_SOMETHING
, PASSWORD_QUALITY_NUMERIC
,
PASSWORD_QUALITY_NUMERIC_COMPLEX
, PASSWORD_QUALITY_ALPHABETIC
,
PASSWORD_QUALITY_ALPHANUMERIC
or PASSWORD_QUALITY_COMPLEX
.SecurityException
- if admin
is not an active administrator or if admin
does not use DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD
public int getPasswordQuality(ComponentName admin)
This method can be called on the DevicePolicyManager
instance
returned by getParentProfileInstance(ComponentName)
in order to retrieve
restrictions on the parent profile.
admin
- The name of the admin component to check, or null
to aggregate
all admins.public int getPasswordQuality(ComponentName admin, int userHandle)
public void setPasswordMinimumLength(ComponentName admin, int length)
ACTION_SET_NEW_PASSWORD
or
ACTION_SET_NEW_PARENT_PROFILE_PASSWORD
after setting this value. This constraint is
only imposed if the administrator has also requested either PASSWORD_QUALITY_NUMERIC
, PASSWORD_QUALITY_NUMERIC_COMPLEX
, PASSWORD_QUALITY_ALPHABETIC
,
PASSWORD_QUALITY_ALPHANUMERIC
, or PASSWORD_QUALITY_COMPLEX
with
setPasswordQuality(android.content.ComponentName, int)
.
The calling device admin must have requested
DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD
to be able to call this method; if it has
not, a security exception will be thrown.
This method can be called on the DevicePolicyManager
instance returned by
getParentProfileInstance(ComponentName)
in order to set restrictions on the parent
profile.
admin
- Which DeviceAdminReceiver
this request is associated with.length
- The new desired minimum password length. A value of 0 means there is no
restriction.SecurityException
- if admin
is not an active administrator or admin
does not use DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD
public int getPasswordMinimumLength(ComponentName admin)
This method can be called on the DevicePolicyManager
instance
returned by getParentProfileInstance(ComponentName)
in order to retrieve
restrictions on the parent profile.
user and its profiles or a particular one.
admin
- The name of the admin component to check, or null
to aggregate
all admins.public int getPasswordMinimumLength(ComponentName admin, int userHandle)
public void setPasswordMinimumUpperCase(ComponentName admin, int length)
ACTION_SET_NEW_PASSWORD
or ACTION_SET_NEW_PARENT_PROFILE_PASSWORD
after
setting this value. This constraint is only imposed if the administrator has also requested
PASSWORD_QUALITY_COMPLEX
with setPasswordQuality(android.content.ComponentName, int)
. The default value is 0.
The calling device admin must have requested
DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD
to be able to call this method; if it has
not, a security exception will be thrown.
This method can be called on the DevicePolicyManager
instance returned by
getParentProfileInstance(ComponentName)
in order to set restrictions on the parent
profile.
admin
- Which DeviceAdminReceiver
this request is associated with.length
- The new desired minimum number of upper case letters required in the password.
A value of 0 means there is no restriction.SecurityException
- if admin
is not an active administrator or admin
does not use DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD
public int getPasswordMinimumUpperCase(ComponentName admin)
setPasswordMinimumUpperCase(ComponentName, int)
and only applies when the password quality is
PASSWORD_QUALITY_COMPLEX
.
This method can be called on the DevicePolicyManager
instance
returned by getParentProfileInstance(ComponentName)
in order to retrieve
restrictions on the parent profile.
admin
- The name of the admin component to check, or null
to
aggregate all admins.public int getPasswordMinimumUpperCase(ComponentName admin, int userHandle)
public void setPasswordMinimumLowerCase(ComponentName admin, int length)
ACTION_SET_NEW_PASSWORD
or ACTION_SET_NEW_PARENT_PROFILE_PASSWORD
after
setting this value. This constraint is only imposed if the administrator has also requested
PASSWORD_QUALITY_COMPLEX
with setPasswordQuality(android.content.ComponentName, int)
. The default value is 0.
The calling device admin must have requested
DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD
to be able to call this method; if it has
not, a security exception will be thrown.
This method can be called on the DevicePolicyManager
instance returned by
getParentProfileInstance(ComponentName)
in order to set restrictions on the parent
profile.
admin
- Which DeviceAdminReceiver
this request is associated with.length
- The new desired minimum number of lower case letters required in the password.
A value of 0 means there is no restriction.SecurityException
- if admin
is not an active administrator or admin
does not use DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD
public int getPasswordMinimumLowerCase(ComponentName admin)
setPasswordMinimumLowerCase(ComponentName, int)
and only applies when the password quality is
PASSWORD_QUALITY_COMPLEX
.
This method can be called on the DevicePolicyManager
instance
returned by getParentProfileInstance(ComponentName)
in order to retrieve
restrictions on the parent profile.
admin
- The name of the admin component to check, or null
to
aggregate all admins.public int getPasswordMinimumLowerCase(ComponentName admin, int userHandle)
public void setPasswordMinimumLetters(ComponentName admin, int length)
ACTION_SET_NEW_PASSWORD
or
ACTION_SET_NEW_PARENT_PROFILE_PASSWORD
after setting this value. This constraint is
only imposed if the administrator has also requested PASSWORD_QUALITY_COMPLEX
with
setPasswordQuality(android.content.ComponentName, int)
. The default value is 1.
The calling device admin must have requested
DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD
to be able to call this method; if it has
not, a security exception will be thrown.
This method can be called on the DevicePolicyManager
instance returned by
getParentProfileInstance(ComponentName)
in order to set restrictions on the parent
profile.
admin
- Which DeviceAdminReceiver
this request is associated with.length
- The new desired minimum number of letters required in the password. A value of
0 means there is no restriction.SecurityException
- if admin
is not an active administrator or admin
does not use DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD
public int getPasswordMinimumLetters(ComponentName admin)
setPasswordMinimumLetters(ComponentName, int)
and only applies when the password quality is
PASSWORD_QUALITY_COMPLEX
.
This method can be called on the DevicePolicyManager
instance
returned by getParentProfileInstance(ComponentName)
in order to retrieve
restrictions on the parent profile.
admin
- The name of the admin component to check, or null
to
aggregate all admins.public int getPasswordMinimumLetters(ComponentName admin, int userHandle)
public void setPasswordMinimumNumeric(ComponentName admin, int length)
ACTION_SET_NEW_PASSWORD
or ACTION_SET_NEW_PARENT_PROFILE_PASSWORD
after
setting this value. This constraint is only imposed if the administrator has also requested
PASSWORD_QUALITY_COMPLEX
with setPasswordQuality(android.content.ComponentName, int)
. The default value is 1.
The calling device admin must have requested
DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD
to be able to call this method; if it has
not, a security exception will be thrown.
This method can be called on the DevicePolicyManager
instance returned by
getParentProfileInstance(ComponentName)
in order to set restrictions on the parent
profile.
admin
- Which DeviceAdminReceiver
this request is associated with.length
- The new desired minimum number of numerical digits required in the password. A
value of 0 means there is no restriction.SecurityException
- if admin
is not an active administrator or admin
does not use DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD
public int getPasswordMinimumNumeric(ComponentName admin)
setPasswordMinimumNumeric(ComponentName, int)
and only applies when the password quality is
PASSWORD_QUALITY_COMPLEX
.
This method can be called on the DevicePolicyManager
instance
returned by getParentProfileInstance(ComponentName)
in order to retrieve
restrictions on the parent profile.
admin
- The name of the admin component to check, or null
to
aggregate all admins.public int getPasswordMinimumNumeric(ComponentName admin, int userHandle)
public void setPasswordMinimumSymbols(ComponentName admin, int length)
ACTION_SET_NEW_PASSWORD
or
ACTION_SET_NEW_PARENT_PROFILE_PASSWORD
after setting this value. This constraint is
only imposed if the administrator has also requested PASSWORD_QUALITY_COMPLEX
with
setPasswordQuality(android.content.ComponentName, int)
. The default value is 1.
The calling device admin must have requested
DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD
to be able to call this method; if it has
not, a security exception will be thrown.
This method can be called on the DevicePolicyManager
instance returned by
getParentProfileInstance(ComponentName)
in order to set restrictions on the parent
profile.
admin
- Which DeviceAdminReceiver
this request is associated with.length
- The new desired minimum number of symbols required in the password. A value of
0 means there is no restriction.SecurityException
- if admin
is not an active administrator or admin
does not use DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD
public int getPasswordMinimumSymbols(ComponentName admin)
setPasswordMinimumSymbols(ComponentName, int)
and only applies when the password quality is
PASSWORD_QUALITY_COMPLEX
.
This method can be called on the DevicePolicyManager
instance
returned by getParentProfileInstance(ComponentName)
in order to retrieve
restrictions on the parent profile.
admin
- The name of the admin component to check, or null
to
aggregate all admins.public int getPasswordMinimumSymbols(ComponentName admin, int userHandle)
public void setPasswordMinimumNonLetter(ComponentName admin, int length)
ACTION_SET_NEW_PASSWORD
or ACTION_SET_NEW_PARENT_PROFILE_PASSWORD
after
setting this value. This constraint is only imposed if the administrator has also requested
PASSWORD_QUALITY_COMPLEX
with setPasswordQuality(android.content.ComponentName, int)
. The default value is 0.
The calling device admin must have requested
DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD
to be able to call this method; if it has
not, a security exception will be thrown.
This method can be called on the DevicePolicyManager
instance returned by
getParentProfileInstance(ComponentName)
in order to set restrictions on the parent
profile.
admin
- Which DeviceAdminReceiver
this request is associated with.length
- The new desired minimum number of letters required in the password. A value of
0 means there is no restriction.SecurityException
- if admin
is not an active administrator or admin
does not use DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD
public int getPasswordMinimumNonLetter(ComponentName admin)
setPasswordMinimumNonLetter(ComponentName, int)
and only applies when the password quality is
PASSWORD_QUALITY_COMPLEX
.
This method can be called on the DevicePolicyManager
instance
returned by getParentProfileInstance(ComponentName)
in order to retrieve
restrictions on the parent profile.
admin
- The name of the admin component to check, or null
to
aggregate all admins.public int getPasswordMinimumNonLetter(ComponentName admin, int userHandle)
public void setPasswordHistoryLength(ComponentName admin, int length)
ACTION_SET_NEW_PASSWORD
or
ACTION_SET_NEW_PARENT_PROFILE_PASSWORD
after setting this value. This constraint is
only imposed if the administrator has also requested either PASSWORD_QUALITY_NUMERIC
, PASSWORD_QUALITY_NUMERIC_COMPLEX
PASSWORD_QUALITY_ALPHABETIC
, or
PASSWORD_QUALITY_ALPHANUMERIC
with setPasswordQuality(android.content.ComponentName, int)
.
The calling device admin must have requested
DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD
to be able to call this method; if it has
not, a security exception will be thrown.
This method can be called on the DevicePolicyManager
instance returned by
getParentProfileInstance(ComponentName)
in order to set restrictions on the parent
profile.
admin
- Which DeviceAdminReceiver
this request is associated with.length
- The new desired length of password history. A value of 0 means there is no
restriction.SecurityException
- if admin
is not an active administrator or admin
does not use DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD
public void setPasswordExpirationTimeout(ComponentName admin, long timeout)
The provided timeout is the time delta in ms and will be added to the current time. For example, to have the password expire 5 days from now, timeout would be 5 * 86400 * 1000 = 432000000 ms for timeout.
To disable password expiration, a value of 0 may be used for timeout.
The calling device admin must have requested
DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD
to be able to call this method; if it has
not, a security exception will be thrown.
Note that setting the password will automatically reset the expiration time for all active admins. Active admins do not need to explicitly call this method in that case.
This method can be called on the DevicePolicyManager
instance returned by
getParentProfileInstance(ComponentName)
in order to set restrictions on the parent
profile.
admin
- Which DeviceAdminReceiver
this request is associated with.timeout
- The limit (in ms) that a password can remain in effect. A value of 0 means
there is no restriction (unlimited).SecurityException
- if admin
is not an active administrator or admin
does not use DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD
public long getPasswordExpirationTimeout(ComponentName admin)
setPasswordExpirationTimeout(ComponentName, long)
for the given admin or the
aggregate of all participating policy administrators if admin
is null. Admins that
have set restrictions on profiles that have a separate challenge are not taken into account.
This method can be called on the DevicePolicyManager
instance
returned by getParentProfileInstance(ComponentName)
in order to retrieve
restrictions on the parent profile.
admin
- The name of the admin component to check, or null
to aggregate all admins.public long getPasswordExpiration(ComponentName admin)
null
, then a composite
of all expiration times is returned - which will be the minimum of all of them.
This method can be called on the DevicePolicyManager
instance
returned by getParentProfileInstance(ComponentName)
in order to retrieve
the password expiration for the parent profile.
admin
- The name of the admin component to check, or null
to aggregate all admins.public int getPasswordHistoryLength(ComponentName admin)
This method can be called on the DevicePolicyManager
instance
returned by getParentProfileInstance(ComponentName)
in order to retrieve
restrictions on the parent profile.
admin
- The name of the admin component to check, or null
to aggregate
all admins.public int getPasswordHistoryLength(ComponentName admin, int userHandle)
public int getPasswordMaximumLength(int quality)
quality
- The quality being interrogated.public boolean isActivePasswordSufficient()
The calling device admin must have requested
DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD
to be able to call this method; if it has
not, a security exception will be thrown.
This method can be called on the DevicePolicyManager
instance returned by
getParentProfileInstance(ComponentName)
in order to determine if the password set on
the parent profile is sufficient.
SecurityException
- if the calling application does not own an active administrator
that uses DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD
public boolean isProfileActivePasswordSufficientForParent(int userHandle)
userHandle
- the userId of the profile to check the password for.SecurityException
- if userHandle
is not a managed profile.public int getCurrentFailedPasswordAttempts()
This method can be called on the DevicePolicyManager
instance returned by
getParentProfileInstance(ComponentName)
in order to retrieve the number of failed
password attemts for the parent user.
The calling device admin must have requested DeviceAdminInfo.USES_POLICY_WATCH_LOGIN
to be able to call this method; if it has not, a security exception will be thrown.
SecurityException
- if the calling application does not own an active administrator
that uses DeviceAdminInfo.USES_POLICY_WATCH_LOGIN
public int getCurrentFailedPasswordAttempts(int userHandle)
The calling device admin must have requested
DeviceAdminInfo.USES_POLICY_WATCH_LOGIN
to be able to call this method; if it has
not and it is not the system uid, a security exception will be thrown.
public boolean getDoNotAskCredentialsOnBoot()
RESET_PASSWORD_DO_NOT_ASK_CREDENTIALS_ON_BOOT
flag is set.public void setMaximumFailedPasswordsForWipe(ComponentName admin, int num)
DeviceAdminInfo.USES_POLICY_WATCH_LOGIN
and
DeviceAdminInfo.USES_POLICY_WIPE_DATA
}.
To implement any other policy (e.g. wiping data for a particular application only, erasing or
revoking credentials, or reporting the failure to a server), you should implement
DeviceAdminReceiver.onPasswordFailed(Context, android.content.Intent)
instead. Do not
use this API, because if the maximum count is reached, the device or profile will be wiped
immediately, and your callback will not be invoked.
This method can be called on the DevicePolicyManager
instance returned by
getParentProfileInstance(ComponentName)
in order to set a value on the parent
profile.
admin
- Which DeviceAdminReceiver
this request is associated with.num
- The number of failed password attempts at which point the device or profile will
be wiped.SecurityException
- if admin
is not an active administrator or does not use
both DeviceAdminInfo.USES_POLICY_WATCH_LOGIN
and
DeviceAdminInfo.USES_POLICY_WIPE_DATA
.public int getMaximumFailedPasswordsForWipe(ComponentName admin)
This method can be called on the DevicePolicyManager
instance
returned by getParentProfileInstance(ComponentName)
in order to retrieve
the value for the parent profile.
admin
- The name of the admin component to check, or null
to aggregate
all admins.public int getMaximumFailedPasswordsForWipe(ComponentName admin, int userHandle)
public int getProfileWithMinimumFailedPasswordsForWipe(int userHandle)
public boolean resetPassword(String password, int flags)
Note: This API has been limited as of Build.VERSION_CODES.N
for
device admins that are not device owner and not profile owner.
The password can now only be changed if there is currently no password set. Device owner
and profile owner can still do this when user is unlocked and does not have a managed
profile.
The given password must be sufficient for the current password quality and length constraints
as returned by getPasswordQuality(ComponentName)
and
getPasswordMinimumLength(ComponentName)
; if it does not meet these constraints, then
it will be rejected and false returned. Note that the password may be a stronger quality
(containing alphanumeric characters when the requested quality is only numeric), in which
case the currently active quality will be increased to match.
Calling with a null or empty password will clear any existing PIN, pattern or password if the
current password constraints allow it. Note: This will not work in
Build.VERSION_CODES.N
and later for managed profiles, or for device admins
that are not device owner or profile owner. Once set, the password cannot be changed to null
or empty except by these admins.
The calling device admin must have requested
DeviceAdminInfo.USES_POLICY_RESET_PASSWORD
to be able to call this method; if it has
not, a security exception will be thrown.
password
- The new password for the user. Null or empty clears the password.flags
- May be 0 or combination of RESET_PASSWORD_REQUIRE_ENTRY
and
RESET_PASSWORD_DO_NOT_ASK_CREDENTIALS_ON_BOOT
.SecurityException
- if the calling application does not own an active administrator
that uses DeviceAdminInfo.USES_POLICY_RESET_PASSWORD
IllegalStateException
- if the calling user is locked or has a managed profile.IllegalArgumentException
- if the password does not meet system requirements.public void setMaximumTimeToLock(ComponentName admin, long timeMs)
The calling device admin must have requested DeviceAdminInfo.USES_POLICY_FORCE_LOCK
to be able to call this method; if it has not, a security exception will be thrown.
This method can be called on the DevicePolicyManager
instance returned by
getParentProfileInstance(ComponentName)
in order to set restrictions on the parent
profile.
admin
- Which DeviceAdminReceiver
this request is associated with.timeMs
- The new desired maximum time to lock in milliseconds. A value of 0 means there
is no restriction.SecurityException
- if admin
is not an active administrator or it does not use
DeviceAdminInfo.USES_POLICY_FORCE_LOCK
public long getMaximumTimeToLock(ComponentName admin)
This method can be called on the DevicePolicyManager
instance
returned by getParentProfileInstance(ComponentName)
in order to retrieve
restrictions on the parent profile.
admin
- The name of the admin component to check, or null
to aggregate
all admins.public long getMaximumTimeToLock(ComponentName admin, int userHandle)
public long getMaximumTimeToLockForUserAndProfiles(int userHandle)
public void setRequiredStrongAuthTimeout(ComponentName admin, long timeoutMs)
This timeout is used internally to reset the timer to require strong auth again after specified timeout each time it has been successfully used.
Fingerprint can also be disabled altogether using KEYGUARD_DISABLE_FINGERPRINT
.
Trust agents can also be disabled altogether using KEYGUARD_DISABLE_TRUST_AGENTS
.
The calling device admin must be a device or profile owner. If it is not,
a SecurityException
will be thrown.
The calling device admin can verify the value it has set by calling
getRequiredStrongAuthTimeout(ComponentName)
and passing in its instance.
This method can be called on the DevicePolicyManager
instance returned by
getParentProfileInstance(ComponentName)
in order to set restrictions on the parent
profile.
admin
- Which DeviceAdminReceiver
this request is associated with.timeoutMs
- The new timeout, after which the user will have to unlock with strong
authentication method. A value of 0 means the admin is not participating in
controlling the timeout.
The minimum and maximum timeouts are platform-defined and are typically 1 hour and
72 hours, respectively. Though discouraged, the admin may choose to require strong
auth at all times using KEYGUARD_DISABLE_FINGERPRINT
and/or
KEYGUARD_DISABLE_TRUST_AGENTS
.SecurityException
- if admin
is not a device or profile owner.public long getRequiredStrongAuthTimeout(ComponentName admin)
This method can be called on the DevicePolicyManager
instance
returned by getParentProfileInstance(ComponentName)
in order to retrieve
restrictions on the parent profile.
admin
- The name of the admin component to check, or null
to aggregate
accross all participating admins.public long getRequiredStrongAuthTimeout(ComponentName admin, int userId)
public void lockNow()
The calling device admin must have requested DeviceAdminInfo.USES_POLICY_FORCE_LOCK
to be able to call this method; if it has not, a security exception will be thrown.
This method can be called on the DevicePolicyManager
instance returned by
getParentProfileInstance(ComponentName)
in order to lock the parent profile.
SecurityException
- if the calling application does not own an active administrator
that uses DeviceAdminInfo.USES_POLICY_FORCE_LOCK
public void wipeData(int flags)
The calling device admin must have requested DeviceAdminInfo.USES_POLICY_WIPE_DATA
to
be able to call this method; if it has not, a security exception will be thrown.
flags
- Bit mask of additional options: currently supported flags are
WIPE_EXTERNAL_STORAGE
and WIPE_RESET_PROTECTION_DATA
.SecurityException
- if the calling application does not own an active administrator
that uses DeviceAdminInfo.USES_POLICY_WIPE_DATA
public ComponentName setGlobalProxy(ComponentName admin, Proxy proxySpec, List<String> exclusionList)
The calling device admin must have requested
DeviceAdminInfo.USES_POLICY_SETS_GLOBAL_PROXY
to be able to call
this method; if it has not, a security exception will be thrown.
Only the first device admin can set the proxy. If a second admin attempts
to set the proxy, the ComponentName
of the admin originally setting the
proxy will be returned. If successful in setting the proxy, null
will
be returned.
The method can be called repeatedly by the device admin alrady setting the
proxy to update the proxy and exclusion list.
admin
- Which DeviceAdminReceiver
this request is associated with.proxySpec
- the global proxy desired. Must be an HTTP Proxy.
Pass Proxy.NO_PROXY to reset the proxy.exclusionList
- a list of domains to be excluded from the global proxy.null
if the proxy was successfully set, or otherwise a ComponentName
of the device admin that sets the proxy.public void setRecommendedGlobalProxy(ComponentName admin, ProxyInfo proxyInfo)
This method requires the caller to be the device owner.
This proxy is only a recommendation and it is possible that some apps will ignore it.
admin
- Which DeviceAdminReceiver
this request is associated with.proxyInfo
- The a ProxyInfo
object defining the new global HTTP proxy. A
null
value will clear the global HTTP proxy.SecurityException
- if admin
is not the device owner.ProxyInfo
public ComponentName getGlobalProxyAdmin()
null
if no admin has set the proxy.public int setStorageEncryption(ComponentName admin, boolean encrypt)
When multiple device administrators attempt to control device encryption, the most secure,
supported setting will always be used. If any device administrator requests device
encryption, it will be enabled; Conversely, if a device administrator attempts to disable
device encryption while another device administrator has enabled it, the call to disable will
fail (most commonly returning ENCRYPTION_STATUS_ACTIVE
).
This policy controls encryption of the secure (application data) storage area. Data written
to other storage areas may or may not be encrypted, and this policy does not require or
control the encryption of any other storage areas. There is one exception: If
Environment.isExternalStorageEmulated()
is true
, then the
directory returned by Environment.getExternalStorageDirectory()
must be
written to disk within the encrypted storage area.
Important Note: On some devices, it is possible to encrypt storage without requiring the user to create a device PIN or Password. In this case, the storage is encrypted, but the encryption key may not be fully secured. For maximum security, the administrator should also require (and check for) a pattern, PIN, or password.
admin
- Which DeviceAdminReceiver
this request is associated with.encrypt
- true to request encryption, false to release any previous requestENCRYPTION_STATUS_UNSUPPORTED
, ENCRYPTION_STATUS_INACTIVE
, or
ENCRYPTION_STATUS_ACTIVE
. This is the value of the requests; Use
getStorageEncryptionStatus()
to query the actual device state.SecurityException
- if admin
is not an active administrator or does not use
DeviceAdminInfo.USES_ENCRYPTED_STORAGE
public boolean getStorageEncryption(ComponentName admin)
admin
- Which DeviceAdminReceiver
this request is associated with. If null,
this will return the requested encryption setting as an aggregate of all active
administrators.public int getStorageEncryptionStatus()
Depending on the returned status code, the caller may proceed in different
ways. If the result is ENCRYPTION_STATUS_UNSUPPORTED
, the
storage system does not support encryption. If the
result is ENCRYPTION_STATUS_INACTIVE
, use ACTION_START_ENCRYPTION
to begin the process of encrypting or decrypting the
storage. If the result is ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY
, the
storage system has enabled encryption but no password is set so further action
may be required. If the result is ENCRYPTION_STATUS_ACTIVATING
,
ENCRYPTION_STATUS_ACTIVE
or ENCRYPTION_STATUS_ACTIVE_PER_USER
,
no further action is required.
ENCRYPTION_STATUS_UNSUPPORTED
, ENCRYPTION_STATUS_INACTIVE
,
ENCRYPTION_STATUS_ACTIVATING
, ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY
,
ENCRYPTION_STATUS_ACTIVE
, or ENCRYPTION_STATUS_ACTIVE_PER_USER
.public int getStorageEncryptionStatus(int userHandle)
public boolean approveCaCert(String alias, int userHandle, boolean approval)
true
will cancel any ongoing warnings related to
this certificate.public boolean isCaCertApproved(String alias, int userHandle)
public boolean installCaCert(ComponentName admin, byte[] certBuffer)
admin
- Which DeviceAdminReceiver
this request is associated with, or
null
if calling from a delegated certificate installer.certBuffer
- encoded form of the certificate to install.SecurityException
- if admin
is not null
and not a device or profile
owner.public void uninstallCaCert(ComponentName admin, byte[] certBuffer)
admin
- Which DeviceAdminReceiver
this request is associated with, or
null
if calling from a delegated certificate installer.certBuffer
- encoded form of the certificate to remove.SecurityException
- if admin
is not null
and not a device or profile
owner.public List<byte[]> getInstalledCaCerts(ComponentName admin)
admin
- Which DeviceAdminReceiver
this request is associated with, or
null
if calling from a delegated certificate installer.SecurityException
- if admin
is not null
and not a device or profile
owner.public void uninstallAllUserCaCerts(ComponentName admin)
admin
- Which DeviceAdminReceiver
this request is associated with, or
null
if calling from a delegated certificate installer.SecurityException
- if admin
is not null
and not a device or profile
owner.public boolean hasCaCertInstalled(ComponentName admin, byte[] certBuffer)
admin
- Which DeviceAdminReceiver
this request is associated with, or
null
if calling from a delegated certificate installer.certBuffer
- encoded form of the certificate to look up.SecurityException
- if admin
is not null
and not a device or profile
owner.public boolean installKeyPair(ComponentName admin, PrivateKey privKey, Certificate cert, String alias)
Access to the installed credentials will not be granted to the caller of this API without direct user approval. This is for security - should a certificate installer become compromised, certificates it had already installed will be protected.
If the installer must have access to the credentials, call
installKeyPair(ComponentName, PrivateKey, Certificate[], String, boolean)
instead.
admin
- Which DeviceAdminReceiver
this request is associated with, or
null
if calling from a delegated certificate installer.privKey
- The private key to install.cert
- The certificate to install.alias
- The private key alias under which to install the certificate. If a certificate
with that alias already exists, it will be overwritten.true
if the keys were installed, false
otherwise.SecurityException
- if admin
is not null
and not a device or profile
owner.public boolean installKeyPair(ComponentName admin, PrivateKey privKey, Certificate[] certs, String alias, boolean requestAccess)
The caller of this API may grant itself access to the certificate and private key immediately, without user approval. It is a best practice not to request this unless strictly necessary since it opens up additional security vulnerabilities.
admin
- Which DeviceAdminReceiver
this request is associated with, or
null
if calling from a delegated certificate installer.privKey
- The private key to install.certs
- The certificate chain to install. The chain should start with the leaf
certificate and include the chain of trust in order. This will be returned by
KeyChain.getCertificateChain(android.content.Context, java.lang.String)
.alias
- The private key alias under which to install the certificate. If a certificate
with that alias already exists, it will be overwritten.requestAccess
- true
to request that the calling app be granted access to the
credentials immediately. Otherwise, access to the credentials will be gated by user
approval.true
if the keys were installed, false
otherwise.SecurityException
- if admin
is not null
and not a device or profile
owner.KeyChain.getCertificateChain(android.content.Context, java.lang.String)
public boolean removeKeyPair(ComponentName admin, String alias)
admin
- Which DeviceAdminReceiver
this request is associated with, or
null
if calling from a delegated certificate installer.alias
- The private key alias under which the certificate is installed.true
if the private key alias no longer exists, false
otherwise.SecurityException
- if admin
is not null
and not a device or profile
owner.public void setCertInstallerPackage(ComponentName admin, String installerPackage) throws SecurityException
getInstalledCaCerts(android.content.ComponentName)
, hasCaCertInstalled(android.content.ComponentName, byte[])
, installCaCert(android.content.ComponentName, byte[])
,
uninstallCaCert(android.content.ComponentName, byte[])
, uninstallAllUserCaCerts(android.content.ComponentName)
and installKeyPair(android.content.ComponentName, java.security.PrivateKey, java.security.cert.Certificate, java.lang.String)
.
Delegated certificate installer is a per-user state. The delegated access is persistent until it is later cleared by calling this method with a null value or uninstallling the certificate installer.
Note:Starting from Build.VERSION_CODES.N
, if the caller
application's target SDK version is Build.VERSION_CODES.N
or newer, the
supplied certificate installer package must be installed when calling this API, otherwise an
IllegalArgumentException
will be thrown.
admin
- Which DeviceAdminReceiver
this request is associated with.installerPackage
- The package name of the certificate installer which will be given
access. If null
is given the current package will be cleared.SecurityException
- if admin
is not a device or a profile owner.public String getCertInstallerPackage(ComponentName admin) throws SecurityException
admin
- Which DeviceAdminReceiver
this request is associated with.null
if
none is set.SecurityException
- if admin
is not a device or a profile owner.public void setAlwaysOnVpnPackage(ComponentName admin, String vpnPackage) throws PackageManager.NameNotFoundException, UnsupportedOperationException
public void setAlwaysOnVpnPackage(ComponentName admin, String vpnPackage, boolean lockdownEnabled) throws PackageManager.NameNotFoundException, UnsupportedOperationException
The designated package should declare a VpnService
in its manifest
guarded by android.Manifest.permission#BIND_VPN_SERVICE
, otherwise the call will
fail.
vpnPackage
- The package name for an installed VPN app on the device, or null
to
remove an existing always-on VPN configuration.lockdownEnabled
- true
to disallow networking when the VPN is not connected or
false
otherwise. This carries the risk that any failure of the VPN provider
could break networking for all apps. This has no effect when clearing.SecurityException
- if admin
is not a device or a profile owner.PackageManager.NameNotFoundException
- if vpnPackage
is not installed.UnsupportedOperationException
- if vpnPackage
exists but does not support being
set as always-on, or if always-on VPN is not available.public String getAlwaysOnVpnPackage(ComponentName admin)
null
will be returned.null
if none
is set.SecurityException
- if admin
is not a device or a profile owner.public void setCameraDisabled(ComponentName admin, boolean disabled)
If the caller is device owner, then the restriction will be applied to all users.
The calling device admin must have requested
DeviceAdminInfo.USES_POLICY_DISABLE_CAMERA
to be able to call this method; if it has
not, a security exception will be thrown.
admin
- Which DeviceAdminReceiver
this request is associated with.disabled
- Whether or not the camera should be disabled.SecurityException
- if admin
is not an active administrator or does not use
DeviceAdminInfo.USES_POLICY_DISABLE_CAMERA
.public boolean getCameraDisabled(ComponentName admin)
admin
- The name of the admin component to check, or null
to check whether any admins
have disabled the camerapublic boolean getCameraDisabled(ComponentName admin, int userHandle)
public boolean requestBugreport(ComponentName admin)
There must be only one user on the device, managed by the device owner. Otherwise a
SecurityException
will be thrown.
admin
- Which DeviceAdminReceiver
this request is associated with.true
if the bugreport collection started successfully, or false
if it
wasn't triggered because a previous bugreport operation is still active (either the
bugreport is still running or waiting for the user to share or decline)SecurityException
- if admin
is not a device owner, or if there are users other
than the one managed by the device owner.public boolean getGuestUserDisabled(ComponentName admin)
public void setScreenCaptureDisabled(ComponentName admin, boolean disabled)
Display.FLAG_SECURE
for more details about
secure surfaces and secure displays.
The calling device admin must be a device or profile owner. If it is not, a security exception will be thrown.
From version Build.VERSION_CODES.M
disabling screen capture also blocks
assist requests for all activities of the relevant user.
admin
- Which DeviceAdminReceiver
this request is associated with.disabled
- Whether screen capture is disabled or not.SecurityException
- if admin
is not a device or profile owner.public boolean getScreenCaptureDisabled(ComponentName admin)
admin
- The name of the admin component to check, or null
to check whether any admins
have disabled screen capture.public boolean getScreenCaptureDisabled(ComponentName admin, int userHandle)
public void setAutoTimeRequired(ComponentName admin, boolean required)
Note: if auto time is required the user can still manually set the time zone.
The calling device admin must be a device owner. If it is not, a security exception will be thrown.
admin
- Which DeviceAdminReceiver
this request is associated with.required
- Whether auto time is set required or not.SecurityException
- if admin
is not a device owner.public boolean getAutoTimeRequired()
public void setForceEphemeralUsers(ComponentName admin, boolean forceEphemeralUsers)
The system user is exempt from this policy - it is never ephemeral.
The calling device admin must be the device owner. If it is not, a security exception will be thrown.
admin
- Which DeviceAdminReceiver
this request is associated with.forceEphemeralUsers
- If true, all the existing users will be deleted and all
subsequently created users will be ephemeral.SecurityException
- if admin
is not a device owner.public boolean getForceEphemeralUsers(ComponentName admin)
SecurityException
- if admin
is not a device owner.public void setKeyguardDisabledFeatures(ComponentName admin, int which)
The calling device admin must have requested
DeviceAdminInfo.USES_POLICY_DISABLE_KEYGUARD_FEATURES
to be able to call this method;
if it has not, a security exception will be thrown.
Calling this from a managed profile before version Build.VERSION_CODES.M
will throw a security exception. From version Build.VERSION_CODES.M
the
profile owner of a managed profile can set:
KEYGUARD_DISABLE_TRUST_AGENTS
, which affects the parent user, but only if there
is no separate challenge set on the managed profile.
KEYGUARD_DISABLE_FINGERPRINT
which affects the managed profile challenge if
there is one, or the parent user otherwise.
KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS
which affects notifications generated
by applications in the managed profile.
KEYGUARD_DISABLE_TRUST_AGENTS
and KEYGUARD_DISABLE_FINGERPRINT
can also be
set on the DevicePolicyManager
instance returned by
getParentProfileInstance(ComponentName)
in order to set restrictions on the parent
profile.
Requests to disable other features on a managed profile will be ignored.
The admin can check which features have been disabled by calling
getKeyguardDisabledFeatures(ComponentName)
admin
- Which DeviceAdminReceiver
this request is associated with.which
- KEYGUARD_DISABLE_FEATURES_NONE
(default),
KEYGUARD_DISABLE_WIDGETS_ALL
, KEYGUARD_DISABLE_SECURE_CAMERA
,
KEYGUARD_DISABLE_SECURE_NOTIFICATIONS
,
KEYGUARD_DISABLE_TRUST_AGENTS
,
KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS
,
KEYGUARD_DISABLE_FINGERPRINT
, KEYGUARD_DISABLE_FEATURES_ALL
SecurityException
- if admin
is not an active administrator or does not user
DeviceAdminInfo.USES_POLICY_DISABLE_KEYGUARD_FEATURES
public int getKeyguardDisabledFeatures(ComponentName admin)
This method can be called on the DevicePolicyManager
instance
returned by getParentProfileInstance(ComponentName)
in order to retrieve
restrictions on the parent profile.
admin
- The name of the admin component to check, or null
to check whether any
admins have disabled features in keyguard.setKeyguardDisabledFeatures(ComponentName, int)
for a list.public int getKeyguardDisabledFeatures(ComponentName admin, int userHandle)
public void setActiveAdmin(ComponentName policyReceiver, boolean refreshing, int userHandle)
public void setActiveAdmin(ComponentName policyReceiver, boolean refreshing)
public void getRemoveWarning(ComponentName admin, RemoteCallback result)
public void setActivePasswordState(int quality, int length, int letters, int uppercase, int lowercase, int numbers, int symbols, int nonletter, int userHandle)
public void reportFailedPasswordAttempt(int userHandle)
public void reportSuccessfulPasswordAttempt(int userHandle)
public void reportFailedFingerprintAttempt(int userHandle)
public void reportSuccessfulFingerprintAttempt(int userHandle)
public void reportKeyguardDismissed(int userHandle)
public void reportKeyguardSecured(int userHandle)
public boolean setDeviceOwner(ComponentName who)
who
- the component name to be registered as device owner.IllegalArgumentException
- if the package name is null or invalidIllegalStateException
- If the preconditions mentioned are not met.public boolean setDeviceOwner(ComponentName who, int userId)
public boolean setDeviceOwner(ComponentName who, String ownerName)
public boolean setDeviceOwner(ComponentName who, String ownerName, int userId) throws IllegalArgumentException, IllegalStateException
who
- the component name to be registered as device owner.ownerName
- the human readable name of the institution that owns this device.userId
- ID of the user on which the device owner runs.IllegalArgumentException
- if the package name is null or invalidIllegalStateException
- If the preconditions mentioned are not met.public boolean isDeviceOwnerApp(String packageName)
Context.getPackageName()
to this method.This is useful for device
admin apps that want to check whether they are also registered as the device owner app. The
exact mechanism by which a device admin app is registered as a device owner app is defined by
the setup process.packageName
- the package name of the app, to compare with the registered device owner
app, if any.public boolean isDeviceOwnerAppOnCallingUser(String packageName)
Same as isDeviceOwnerApp(java.lang.String)
, but bundled code should use it for clarity.
public boolean isDeviceOwnerAppOnAnyUser(String packageName)
Requires the MANAGE_USERS permission.
public ComponentName getDeviceOwnerComponentOnCallingUser()
public ComponentName getDeviceOwnerComponentOnAnyUser()
Requires the MANAGE_USERS permission.
public int getDeviceOwnerUserId()
UserHandle.USER_NULL
if there's
no device owner.
Requires the MANAGE_USERS permission.
public void clearDeviceOwnerApp(String packageName)
packageName
- The package name of the device owner.SecurityException
- if the caller is not in packageName
or packageName
does not own the current device owner component.public String getDeviceOwner()
Bundled components should use getDeviceOwnerComponentOnCallingUser()
for clarity.
public boolean isDeviceManaged()
Requires the MANAGE_USERS permission.
public String getDeviceOwnerNameOnAnyUser()
Requires the MANAGE_USERS permission.
@Deprecated public String getDeviceInitializerApp()
@Deprecated public ComponentName getDeviceInitializerComponent()
public boolean setActiveProfileOwner(ComponentName admin, @Deprecated String ownerName) throws IllegalArgumentException
This method can only be called by system apps that hold MANAGE_USERS permission and MANAGE_DEVICE_ADMINS permission.
admin
- The component to register as an active admin and profile owner.ownerName
- The user-visible name of the entity that is managing this user.IllegalArgumentException
- if packageName is null, the package isn't installed, or
the user has already been set up.public void clearProfileOwner(ComponentName admin)
This doesn't work for managed profile owners.
admin
- The component to remove as the profile owner.SecurityException
- if admin
is not an active profile owner.public boolean hasUserSetupCompleted()
public boolean setProfileOwner(ComponentName admin, @Deprecated String ownerName, int userHandle) throws IllegalArgumentException
admin
- the component name to be registered as profile owner.ownerName
- the human readable name of the organisation associated with this DPM.userHandle
- the userId to set the profile owner for.IllegalArgumentException
- if admin is null, the package isn't installed, or the
preconditions mentioned are not met.public void setDeviceOwnerLockScreenInfo(ComponentName admin, CharSequence info)
If the device owner information is null
or empty then the device owner info is
cleared and the user owner info is shown on the lock screen if it is set.
If the device owner information contains only whitespaces then the message on the lock screen will be blank and the user will not be allowed to change it.
If the device owner information needs to be localized, it is the responsibility of the
DeviceAdminReceiver
to listen to the Intent.ACTION_LOCALE_CHANGED
broadcast
and set a new version of this string accordingly.
admin
- The name of the admin component to check.info
- Device owner information which will be displayed instead of the user owner info.SecurityException
- if admin
is not a device owner.public CharSequence getDeviceOwnerLockScreenInfo()
null
.public String[] setPackagesSuspended(ComponentName admin, String[] packageNames, boolean suspended)
A suspended package will not be able to start activities. Its notifications will be hidden, it will not show up in recents, will not be able to show toasts or dialogs or ring the device.
The package must already be installed. If the package is uninstalled while suspended the
package will no longer be suspended. The admin can block this by using
setUninstallBlocked(android.content.ComponentName, java.lang.String, boolean)
.
admin
- The name of the admin component to check.packageNames
- The package names to suspend or unsuspend.suspended
- If set to true
than the packages will be suspended, if set to
false
the packages will be unsuspended.SecurityException
- if admin
is not a device or profile owner.public boolean isPackageSuspended(ComponentName admin, String packageName) throws PackageManager.NameNotFoundException
admin
- Which DeviceAdminReceiver
this request is associated with.packageName
- The name of the package to retrieve the suspended status of.true
if the package is suspended or false
if the package is not
suspended, could not be found or an error occurred.SecurityException
- if admin
is not a device or profile owner.PackageManager.NameNotFoundException
- if the package could not be found.public void setProfileEnabled(ComponentName admin)
admin
- Which DeviceAdminReceiver
this request is associated with.SecurityException
- if admin
is not a profile owner.isProfileOwnerApp(java.lang.String)
public void setProfileName(ComponentName admin, String profileName)
admin
- Which DeviceAdminReceiver
this request is associate with.profileName
- The name of the profile.SecurityException
- if admin
is not a device or profile owner.isProfileOwnerApp(java.lang.String)
,
isDeviceOwnerApp(java.lang.String)
public boolean isProfileOwnerApp(String packageName)
packageName
- The package name of the app to compare with the registered profile owner.public ComponentName getProfileOwner() throws IllegalArgumentException
null
if no profile
owner has been set for that user.IllegalArgumentException
- if the userId is invalid.public ComponentName getProfileOwnerAsUser(int userId) throws IllegalArgumentException
IllegalArgumentException
getProfileOwner()
public String getProfileOwnerName() throws IllegalArgumentException
null
if one is not set.IllegalArgumentException
- if the userId is invalid.public String getProfileOwnerNameAsUser(int userId) throws IllegalArgumentException
userId
- The user for whom to fetch the profile owner name, if any.IllegalArgumentException
- if the userId is invalid.public void addPersistentPreferredActivity(ComponentName admin, IntentFilter filter, ComponentName activity)
The default disambiguation mechanism takes over if the activity is not installed (anymore). When the activity is (re)installed, it is automatically reset as default intent handler for the filter.
The calling device admin must be a profile owner or device owner. If it is not, a security exception will be thrown.
admin
- Which DeviceAdminReceiver
this request is associated with.filter
- The IntentFilter for which a default handler is added.activity
- The Activity that is added as default intent handler.SecurityException
- if admin
is not a device or profile owner.public void clearPackagePersistentPreferredActivities(ComponentName admin, String packageName)
addPersistentPreferredActivity(android.content.ComponentName, android.content.IntentFilter, android.content.ComponentName)
.
The calling device admin must be a profile owner. If it is not, a security exception will be thrown.
admin
- Which DeviceAdminReceiver
this request is associated with.packageName
- The name of the package for which preferences are removed.SecurityException
- if admin
is not a device or profile owner.public void setApplicationRestrictionsManagingPackage(ComponentName admin, String packageName) throws PackageManager.NameNotFoundException
setApplicationRestrictions(android.content.ComponentName, java.lang.String, android.os.Bundle)
and
getApplicationRestrictions(android.content.ComponentName, java.lang.String)
.
This permission is persistent until it is later cleared by calling this method with a
null
value or uninstalling the managing package.
The supplied application restriction managing package must be installed when calling this
API, otherwise an PackageManager.NameNotFoundException
will be thrown.
admin
- Which DeviceAdminReceiver
this request is associated with.packageName
- The package name which will be given access to application restrictions
APIs. If null
is given the current package will be cleared.SecurityException
- if admin
is not a device or profile owner.PackageManager.NameNotFoundException
- if packageName
is not foundpublic String getApplicationRestrictionsManagingPackage(ComponentName admin)
null
if none is set.admin
- Which DeviceAdminReceiver
this request is associated with.null
if none is set.SecurityException
- if admin
is not a device or profile owner.public boolean isCallerApplicationRestrictionsManagingPackage()
setApplicationRestrictionsManagingPackage(android.content.ComponentName, java.lang.String)
to manage application restrictions
for the calling user.
This is done by comparing the calling Linux uid with the uid of the package specified by that method.
public void setApplicationRestrictions(ComponentName admin, String packageName, Bundle settings)
The caller must be a profile or device owner on that user, or the package allowed to manage
application restrictions via setApplicationRestrictionsManagingPackage(android.content.ComponentName, java.lang.String)
; otherwise a
security exception will be thrown.
The provided Bundle
consists of key-value pairs, where the types of values may be:
boolean
int
String
or String[]
Build.VERSION_CODES.M
, Bundle
or Bundle[]
If the restrictions are not available yet, but may be applied in the near future, the caller
can notify the target application of that by adding
UserManager.KEY_RESTRICTIONS_PENDING
to the settings parameter.
The application restrictions are only made visible to the target application via
UserManager.getApplicationRestrictions(String)
, in addition to the profile or device
owner, and the application restrictions managing package via
getApplicationRestrictions(android.content.ComponentName, java.lang.String)
.
admin
- Which DeviceAdminReceiver
this request is associated with, or
null
if called by the application restrictions managing package.packageName
- The name of the package to update restricted settings for.settings
- A Bundle
to be parsed by the receiving application, conveying a new
set of active restrictions.SecurityException
- if admin
is not a device or profile owner.setApplicationRestrictionsManagingPackage(android.content.ComponentName, java.lang.String)
,
UserManager.KEY_RESTRICTIONS_PENDING
public void setTrustAgentConfiguration(ComponentName admin, ComponentName target, PersistableBundle configuration)
KEYGUARD_DISABLE_TRUST_AGENTS
, which disables all trust
agents but those enabled by this function call. If flag
KEYGUARD_DISABLE_TRUST_AGENTS
is not set, then this call has no effect.
The calling device admin must have requested
DeviceAdminInfo.USES_POLICY_DISABLE_KEYGUARD_FEATURES
to be able to call this method;
if not, a security exception will be thrown.
This method can be called on the DevicePolicyManager
instance returned by
getParentProfileInstance(ComponentName)
in order to set the configuration for
the parent profile.
admin
- Which DeviceAdminReceiver
this request is associated with.target
- Component name of the agent to be enabled.configuration
- TrustAgent-specific feature bundle. If null for any admin, agent will be
strictly disabled according to the state of the
KEYGUARD_DISABLE_TRUST_AGENTS
flag.
If KEYGUARD_DISABLE_TRUST_AGENTS
is set and options is not null for all
admins, then it's up to the TrustAgent itself to aggregate the values from all
device admins.
Consult documentation for the specific TrustAgent to determine legal options parameters.
SecurityException
- if admin
is not an active administrator or does not use
DeviceAdminInfo.USES_POLICY_DISABLE_KEYGUARD_FEATURES
public List<PersistableBundle> getTrustAgentConfiguration(ComponentName admin, ComponentName agent)
setTrustAgentConfiguration(ComponentName, ComponentName, PersistableBundle)
for
all device admins.
This method can be called on the DevicePolicyManager
instance returned by
getParentProfileInstance(ComponentName)
in order to retrieve the configuration set
on the parent profile.
admin
- Which DeviceAdminReceiver
this request is associated with. If null,
this function returns a list of configurations for all admins that declare
KEYGUARD_DISABLE_TRUST_AGENTS
. If any admin declares
KEYGUARD_DISABLE_TRUST_AGENTS
but doesn't call
setTrustAgentConfiguration(ComponentName, ComponentName, PersistableBundle)
for this or calls it with a null configuration, null is returned.agent
- Which component to get enabled features for.public List<PersistableBundle> getTrustAgentConfiguration(ComponentName admin, ComponentName agent, int userHandle)
public void setCrossProfileCallerIdDisabled(ComponentName admin, boolean disabled)
The calling device admin must be a profile owner. If it is not, a security exception will be thrown.
admin
- Which DeviceAdminReceiver
this request is associated with.disabled
- If true caller-Id information in the managed profile is not displayed.SecurityException
- if admin
is not a device or profile owner.public boolean getCrossProfileCallerIdDisabled(ComponentName admin)
The calling device admin must be a profile owner. If it is not, a security exception will be thrown.
admin
- Which DeviceAdminReceiver
this request is associated with.SecurityException
- if admin
is not a device or profile owner.public boolean getCrossProfileCallerIdDisabled(UserHandle userHandle)
userHandle
- The user for whom to check the caller-id permissionpublic void setCrossProfileContactsSearchDisabled(ComponentName admin, boolean disabled)
The calling device admin must be a profile owner. If it is not, a security exception will be thrown.
admin
- Which DeviceAdminReceiver
this request is associated with.disabled
- If true contacts search in the managed profile is not displayed.SecurityException
- if admin
is not a device or profile owner.public boolean getCrossProfileContactsSearchDisabled(ComponentName admin)
The calling device admin must be a profile owner. If it is not, a security exception will be thrown.
admin
- Which DeviceAdminReceiver
this request is associated with.SecurityException
- if admin
is not a device or profile owner.public boolean getCrossProfileContactsSearchDisabled(UserHandle userHandle)
userHandle
- The user for whom to check the contacts search permissionpublic void startManagedQuickContact(String actualLookupKey, long actualContactId, boolean isContactIdIgnored, long directoryId, Intent originalIntent)
public void startManagedQuickContact(String actualLookupKey, long actualContactId, Intent originalIntent)
public void setBluetoothContactSharingDisabled(ComponentName admin, boolean disabled)
The calling device admin must be a profile owner. If it is not, a security exception will be thrown.
This API works on managed profile only.
admin
- Which DeviceAdminReceiver
this request is associated with.disabled
- If true, bluetooth devices cannot access enterprise contacts.SecurityException
- if admin
is not a device or profile owner.public boolean getBluetoothContactSharingDisabled(ComponentName admin)
The calling device admin must be a profile owner. If it is not, a security exception will be thrown.
This API works on managed profile only.
admin
- Which DeviceAdminReceiver
this request is associated with.SecurityException
- if admin
is not a device or profile owner.public boolean getBluetoothContactSharingDisabled(UserHandle userHandle)
This API works on managed profile UserHandle only.
userHandle
- The user for whom to check the caller-id permissionpublic void addCrossProfileIntentFilter(ComponentName admin, IntentFilter filter, int flags)
admin
- Which DeviceAdminReceiver
this request is associated with.filter
- The IntentFilter
the intent has to match to be also resolved in the
other profileflags
- FLAG_MANAGED_CAN_ACCESS_PARENT
and
FLAG_PARENT_CAN_ACCESS_MANAGED
are supported.SecurityException
- if admin
is not a device or profile owner.public void clearCrossProfileIntentFilters(ComponentName admin)
admin
- Which DeviceAdminReceiver
this request is associated with.SecurityException
- if admin
is not a device or profile owner.public boolean setPermittedAccessibilityServices(ComponentName admin, List<String> packageNames)
Calling with a null value for the list disables the restriction so that all services can be used, calling with an empty list only allows the builtin system's services.
System accesibility services are always available to the user the list can't modify this.
admin
- Which DeviceAdminReceiver
this request is associated with.packageNames
- List of accessibility service package names.SecurityException
- if admin
is not a device or profile owner.public List<String> getPermittedAccessibilityServices(ComponentName admin)
An empty list means no accessibility services except system services are allowed. Null means all accessibility services are allowed.
admin
- Which DeviceAdminReceiver
this request is associated with.SecurityException
- if admin
is not a device or profile owner.public boolean isAccessibilityServicePermittedByAdmin(ComponentName admin, String packageName, int userHandle)
admin
- Which DeviceAdminReceiver
this request is associated with.packageName
- Accessibility service package name that needs to be checked.userHandle
- user id the admin is running as.public List<String> getPermittedAccessibilityServices(int userId)
Null means all accessibility services are allowed, if a non-null list is returned it will contain the intersection of the permitted lists for any device or profile owners that apply to this user. It will also include any system accessibility services.
userId
- which user to check for.public boolean setPermittedInputMethods(ComponentName admin, List<String> packageNames)
Calling with a null value for the list disables the restriction so that all input methods can be used, calling with an empty list disables all but the system's own input methods.
System input methods are always available to the user this method can't modify this.
admin
- Which DeviceAdminReceiver
this request is associated with.packageNames
- List of input method package names.SecurityException
- if admin
is not a device or profile owner.public List<String> getPermittedInputMethods(ComponentName admin)
An empty list means no input methods except system input methods are allowed. Null means all input methods are allowed.
admin
- Which DeviceAdminReceiver
this request is associated with.SecurityException
- if admin
is not a device or profile owner.public boolean isInputMethodPermittedByAdmin(ComponentName admin, String packageName, int userHandle)
admin
- Which DeviceAdminReceiver
this request is associated with.packageName
- Input method package name that needs to be checked.userHandle
- user id the admin is running as.public List<String> getPermittedInputMethodsForCurrentUser()
Null means all input methods are allowed, if a non-null list is returned it will contain the intersection of the permitted lists for any device or profile owners that apply to this user. It will also include any system input methods.
public List<String> getKeepUninstalledPackages(ComponentName admin)
admin
- Which DeviceAdminReceiver
this request is associated with.public void setKeepUninstalledPackages(ComponentName admin, List<String> packageNames)
Please note that setting this policy does not imply that specified apps will be automatically pre-cached.
admin
- Which DeviceAdminReceiver
this request is associated with.packageNames
- List of package names to keep cached.SecurityException
- if admin
is not a device owner.@Deprecated public UserHandle createUser(ComponentName admin, String name)
Build.VERSION_CODES.M
UserManager.getSerialNumberForUser(android.os.UserHandle)
.admin
- Which DeviceAdminReceiver
this request is associated with.name
- the user's nameUserHandle
object for the created user, or null
if the
user could not be created.UserHandle
@Deprecated public UserHandle createAndInitializeUser(ComponentName admin, String name, String ownerName, ComponentName profileOwnerComponent, Bundle adminExtras)
Build.VERSION_CODES.M
UserManager.getSerialNumberForUser(android.os.UserHandle)
. The new user will be started in the background
immediately.
profileOwnerComponent is the DeviceAdminReceiver
to be the profile owner as well
as registered as an active admin on the new user. The profile owner package will be
installed on the new user if it already is installed on the device.
If the optionalInitializeData is not null, then the extras will be passed to the profileOwnerComponent when onEnable is called.
admin
- Which DeviceAdminReceiver
this request is associated with.name
- the user's nameownerName
- the human readable name of the organisation associated with this DPM.profileOwnerComponent
- The DeviceAdminReceiver
that will be an active admin on
the user.adminExtras
- Extras that will be passed to onEnable of the admin receiver
on the new user.UserHandle
object for the created user, or null
if the
user could not be created.UserHandle
public UserHandle createAndManageUser(ComponentName admin, String name, ComponentName profileOwner, PersistableBundle adminExtras, int flags)
UserManager.getSerialNumberForUser(android.os.UserHandle)
. The new
user will not be started in the background.
admin is the DeviceAdminReceiver
which is the device owner. profileOwner is also a
DeviceAdminReceiver in the same package as admin, and will become the profile owner and will
be registered as an active admin on the new user. The profile owner package will be installed
on the new user.
If the adminExtras are not null, they will be stored on the device until the user is started for the first time. Then the extras will be passed to the admin when onEnable is called.
admin
- Which DeviceAdminReceiver
this request is associated with.name
- The user's name.profileOwner
- Which DeviceAdminReceiver
will be profile owner. Has to be in the
same package as admin, otherwise no user is created and an
IllegalArgumentException is thrown.adminExtras
- Extras that will be passed to onEnable of the admin receiver on the new
user.flags
- SKIP_SETUP_WIZARD
is supported.UserHandle
object for the created user, or null
if the
user could not be created.SecurityException
- if admin
is not a device owner.UserHandle
public boolean removeUser(ComponentName admin, UserHandle userHandle)
admin
- Which DeviceAdminReceiver
this request is associated with.userHandle
- the user to remove.true
if the user was removed, false
otherwise.SecurityException
- if admin
is not a device owner.public boolean switchUser(ComponentName admin, UserHandle userHandle)
admin
- Which DeviceAdminReceiver
this request is associated with.userHandle
- the user to switch to; null will switch to primary.true
if the switch was successful, false
otherwise.SecurityException
- if admin
is not a device owner.Intent.ACTION_USER_FOREGROUND
public Bundle getApplicationRestrictions(ComponentName admin, String packageName)
The caller must be a profile or device owner on that user, or the package allowed to manage
application restrictions via setApplicationRestrictionsManagingPackage(android.content.ComponentName, java.lang.String)
; otherwise a
security exception will be thrown.
admin
- Which DeviceAdminReceiver
this request is associated with, or
null
if called by the application restrictions managing package.packageName
- The name of the package to fetch restricted settings of.Bundle
of settings corresponding to what was set last time
setApplicationRestrictions(android.content.ComponentName, java.lang.String, android.os.Bundle)
was called, or an empty
Bundle
if no restrictions have been set.SecurityException
- if admin
is not a device or profile owner.#setApplicationRestrictionsManagingPackage}
public void addUserRestriction(ComponentName admin, String key)
The calling device admin must be a profile or device owner; if it is not, a security exception will be thrown.
admin
- Which DeviceAdminReceiver
this request is associated with.key
- The key of the restriction. See the constants in UserManager
for the list of keys.SecurityException
- if admin
is not a device or profile owner.public void clearUserRestriction(ComponentName admin, String key)
The calling device admin must be a profile or device owner; if it is not, a security exception will be thrown.
admin
- Which DeviceAdminReceiver
this request is associated with.key
- The key of the restriction. See the constants in UserManager
for the list of keys.SecurityException
- if admin
is not a device or profile owner.public Bundle getUserRestrictions(ComponentName admin)
addUserRestriction(ComponentName, String)
.
The target user may have more restrictions set by the system or other device owner / profile
owner. To get all the user restrictions currently set, use
UserManager.getUserRestrictions()
.
admin
- Which DeviceAdminReceiver
this request is associated with.SecurityException
- if admin
is not a device or profile owner.public boolean setApplicationHidden(ComponentName admin, String packageName, boolean hidden)
admin
- Which DeviceAdminReceiver
this request is associated with.packageName
- The name of the package to hide or unhide.hidden
- true
if the package should be hidden, false
if it should be
unhidden.SecurityException
- if admin
is not a device or profile owner.public boolean isApplicationHidden(ComponentName admin, String packageName)
admin
- Which DeviceAdminReceiver
this request is associated with.packageName
- The name of the package to retrieve the hidden status of.true
if the package is hidden, false
otherwise.SecurityException
- if admin
is not a device or profile owner.public void enableSystemApp(ComponentName admin, String packageName)
admin
- Which DeviceAdminReceiver
this request is associated with.packageName
- The package to be re-enabled in the calling profile.SecurityException
- if admin
is not a device or profile owner.public int enableSystemApp(ComponentName admin, Intent intent)
admin
- Which DeviceAdminReceiver
this request is associated with.intent
- An intent matching the app(s) to be installed. All apps that resolve for this
intent will be re-enabled in the calling profile.SecurityException
- if admin
is not a device or profile owner.public void setAccountManagementDisabled(ComponentName admin, String accountType, boolean disabled)
The calling device admin must be a device owner or profile owner. If it is not, a security exception will be thrown.
When account management is disabled for an account type, adding or removing an account of that type will not be possible.
From Build.VERSION_CODES.N
the profile or device owner can still use
android.accounts.AccountManager
APIs to add or remove accounts when account
management for a specific type is disabled.
admin
- Which DeviceAdminReceiver
this request is associated with.accountType
- For which account management is disabled or enabled.disabled
- The boolean indicating that account management will be disabled (true) or
enabled (false).SecurityException
- if admin
is not a device or profile owner.public String[] getAccountTypesWithManagementDisabled()
Account management can be disabled/enabled by calling
setAccountManagementDisabled(android.content.ComponentName, java.lang.String, boolean)
.
setAccountManagementDisabled(android.content.ComponentName, java.lang.String, boolean)
public String[] getAccountTypesWithManagementDisabledAsUser(int userId)
getAccountTypesWithManagementDisabled()
public void setLockTaskPackages(ComponentName admin, String[] packages) throws SecurityException
Any packages that shares uid with an allowed package will also be allowed to activate lock
task. From Build.VERSION_CODES.M
removing packages from the lock task
package list results in locked tasks belonging to those packages to be finished. This
function can only be called by the device owner.
packages
- The list of packages allowed to enter lock task modeadmin
- Which DeviceAdminReceiver
this request is associated with.SecurityException
- if admin
is not a device owner.Activity.startLockTask()
,
DeviceAdminReceiver.onLockTaskModeEntering(Context, Intent, String)
,
DeviceAdminReceiver.onLockTaskModeExiting(Context, Intent)
,
UserManager.DISALLOW_CREATE_WINDOWS
public String[] getLockTaskPackages(ComponentName admin)
admin
- Which DeviceAdminReceiver
this request is associated with.public boolean isLockTaskPermitted(String pkg)
pkg
- The package to checkpublic void setGlobalSetting(ComponentName admin, String setting, String value)
Settings.Global
settings. Validation that the value
of the setting is in the correct form for the setting type should be performed by the caller.
The settings that can be updated with this method are:
Settings.Global#ADB_ENABLED
Settings.Global#AUTO_TIME
Settings.Global#AUTO_TIME_ZONE
Settings.Global#DATA_ROAMING
Settings.Global#USB_MASS_STORAGE_ENABLED
Settings.Global#WIFI_SLEEP_POLICY
Settings.Global#STAY_ON_WHILE_PLUGGED_IN
This setting is only available from
Build.VERSION_CODES.M
onwards and can only be set if
setMaximumTimeToLock(android.content.ComponentName, long)
is not used to set a timeout.Settings.Global#WIFI_DEVICE_OWNER_CONFIGS_LOCKDOWN
Build.VERSION_CODES.M
onwards.
Changing the following settings has no effect as of Build.VERSION_CODES.M
:
Settings.Global#BLUETOOTH_ON
. Use
BluetoothAdapter.enable()
and
BluetoothAdapter.disable()
instead.Settings.Global#DEVELOPMENT_SETTINGS_ENABLED
Settings.Global#MODE_RINGER
. Use
AudioManager.setRingerMode(int)
instead.Settings.Global#NETWORK_PREFERENCE
Settings.Global#WIFI_ON
. Use
WifiManager.setWifiEnabled(boolean)
instead.admin
- Which DeviceAdminReceiver
this request is associated with.setting
- The name of the setting to update.value
- The value to update the setting to.SecurityException
- if admin
is not a device owner.public void setSecureSetting(ComponentName admin, String setting, String value)
Settings.Secure
settings. Validation
that the value of the setting is in the correct form for the setting type should be performed
by the caller.
The settings that can be updated by a profile or device owner with this method are:
Settings.Secure#DEFAULT_INPUT_METHOD
Settings.Secure#INSTALL_NON_MARKET_APPS
Settings.Secure#SKIP_FIRST_USE_HINTS
A device owner can additionally update the following settings:
Settings.Secure#LOCATION_MODE
admin
- Which DeviceAdminReceiver
this request is associated with.setting
- The name of the setting to update.value
- The value to update the setting to.SecurityException
- if admin
is not a device or profile owner.public void setRestrictionsProvider(ComponentName admin, ComponentName provider)
admin
- Which DeviceAdminReceiver
this request is associated with.provider
- The component name of the service that implements
RestrictionsReceiver
. If this param is null, it removes the restrictions
provider previously assigned.SecurityException
- if admin
is not a device or profile owner.public void setMasterVolumeMuted(ComponentName admin, boolean on)
admin
- Which DeviceAdminReceiver
this request is associated with.on
- true
to mute master volume, false
to turn mute off.SecurityException
- if admin
is not a device or profile owner.public boolean isMasterVolumeMuted(ComponentName admin)
admin
- Which DeviceAdminReceiver
this request is associated with.true
if master volume is muted, false
if it's not.SecurityException
- if admin
is not a device or profile owner.public void setUninstallBlocked(ComponentName admin, String packageName, boolean uninstallBlocked)
admin
- Which DeviceAdminReceiver
this request is associated with.packageName
- package to change.uninstallBlocked
- true if the user shouldn't be able to uninstall the package.SecurityException
- if admin
is not a device or profile owner.public boolean isUninstallBlocked(ComponentName admin, String packageName)
Note: Starting from Build.VERSION_CODES.LOLLIPOP_MR1
, the
behavior of this API is changed such that passing null
as the admin
parameter
will return if any admin has blocked the uninstallation. Before L MR1, passing null
will cause a NullPointerException to be raised.
admin
- The name of the admin component whose blocking policy will be checked, or
null
to check whether any admin has blocked the uninstallation.packageName
- package to check.SecurityException
- if admin
is not a device or profile owner.public boolean addCrossProfileWidgetProvider(ComponentName admin, String packageName)
Note: By default no widget provider package is white-listed.
admin
- Which DeviceAdminReceiver
this request is associated with.packageName
- The package from which widget providers are white-listed.SecurityException
- if admin
is not a profile owner.removeCrossProfileWidgetProvider(android.content.ComponentName, String)
,
getCrossProfileWidgetProviders(android.content.ComponentName)
public boolean removeCrossProfileWidgetProvider(ComponentName admin, String packageName)
addCrossProfileWidgetProvider( android.content.ComponentName, String)
.
Note: By default no widget provider package is white-listed.
admin
- Which DeviceAdminReceiver
this request is associated with.packageName
- The package from which widget providers are no longer white-listed.SecurityException
- if admin
is not a profile owner.addCrossProfileWidgetProvider(android.content.ComponentName, String)
,
getCrossProfileWidgetProviders(android.content.ComponentName)
public List<String> getCrossProfileWidgetProviders(ComponentName admin)
admin
- Which DeviceAdminReceiver
this request is associated with.SecurityException
- if admin
is not a profile owner.addCrossProfileWidgetProvider(android.content.ComponentName, String)
,
removeCrossProfileWidgetProvider(android.content.ComponentName, String)
public void setUserIcon(ComponentName admin, Bitmap icon)
admin
- Which DeviceAdminReceiver
this request is associated with.icon
- the bitmap to set as the photo.SecurityException
- if admin
is not a device or profile owner.public void setSystemUpdatePolicy(ComponentName admin, SystemUpdatePolicy policy)
ACTION_SYSTEM_UPDATE_POLICY_CHANGED
is broadcasted.admin
- Which DeviceAdminReceiver
this request is associated with. All
components in the device owner package can set system update policies and the most
recent policy takes effect.policy
- the new policy, or null
to clear the current policy.SecurityException
- if admin
is not a device owner.SystemUpdatePolicy
public SystemUpdatePolicy getSystemUpdatePolicy()
setSystemUpdatePolicy(android.content.ComponentName, android.app.admin.SystemUpdatePolicy)
.null
if no policy is set.public boolean setKeyguardDisabled(ComponentName admin, boolean disabled)
Setting the keyguard to disabled has the same effect as choosing "None" as the screen lock type. However, this call has no effect if a password, pin or pattern is currently set. If a password, pin or pattern is set after the keyguard was disabled, the keyguard stops being disabled.
admin
- Which DeviceAdminReceiver
this request is associated with.disabled
- true
disables the keyguard, false
reenables it.false
if attempting to disable the keyguard while a lock password was in
place. true
otherwise.SecurityException
- if admin
is not a device owner.public boolean setStatusBarDisabled(ComponentName admin, boolean disabled)
admin
- Which DeviceAdminReceiver
this request is associated with.disabled
- true
disables the status bar, false
reenables it.false
if attempting to disable the status bar failed. true
otherwise.SecurityException
- if admin
is not a device owner.public void notifyPendingSystemUpdate(long updateReceivedTime)
android.Manifest.permission#NOTIFY_PENDING_SYSTEM_UPDATE
permission.updateReceivedTime
- The time as given by System.currentTimeMillis()
indicating
when the current pending update was first available. -1 if no update is available.public void setPermissionPolicy(ComponentName admin, int policy)
setPermissionGrantState(android.content.ComponentName, java.lang.String, java.lang.String, int)
.
As this policy only acts on runtime permission requests, it only applies to applications
built with a targetSdkVersion
of Build.VERSION_CODES.M
or later.admin
- Which profile or device owner this request is associated with.policy
- One of the policy constants PERMISSION_POLICY_PROMPT
,
PERMISSION_POLICY_AUTO_GRANT
and PERMISSION_POLICY_AUTO_DENY
.SecurityException
- if admin
is not a device or profile owner.setPermissionGrantState(android.content.ComponentName, java.lang.String, java.lang.String, int)
public int getPermissionPolicy(ComponentName admin)
PERMISSION_POLICY_PROMPT
.admin
- Which profile or device owner this request is associated with.public boolean setPermissionGrantState(ComponentName admin, String packageName, String permission, int grantState)
default
in which a user can manage it through the UI,
denied
, in which the permission is denied and the user
cannot manage it through the UI, and granted
in which
the permission is granted and the user cannot manage it through the UI. This might affect all
permissions in a group that the runtime permission belongs to. This method can only be called
by a profile or device owner.
Setting the grant state to default
does not revoke
the permission. It retains the previous grant, if any.
Permissions can be granted or revoked only for applications built with a
targetSdkVersion
of Build.VERSION_CODES.M
or later.admin
- Which profile or device owner this request is associated with.packageName
- The application to grant or revoke a permission to.permission
- The permission to grant or revoke.grantState
- The permission grant state which is one of
PERMISSION_GRANT_STATE_DENIED
, PERMISSION_GRANT_STATE_DEFAULT
,
PERMISSION_GRANT_STATE_GRANTED
,SecurityException
- if admin
is not a device or profile owner.PERMISSION_GRANT_STATE_DENIED
,
PERMISSION_GRANT_STATE_DEFAULT
,
PERMISSION_GRANT_STATE_GRANTED
public int getPermissionGrantState(ComponentName admin, String packageName, String permission)
admin
- Which profile or device owner this request is associated with.packageName
- The application to check the grant state for.permission
- The permission to check for.PERMISSION_GRANT_STATE_DEFAULT
. This does not indicate whether or not the
permission is currently granted for the package.
If a grant state was set by the profile or device owner, then the return value will
be one of PERMISSION_GRANT_STATE_DENIED
or
PERMISSION_GRANT_STATE_GRANTED
, which indicates if the permission is
currently denied or granted.SecurityException
- if admin
is not a device or profile owner.setPermissionGrantState(ComponentName, String, String, int)
,
PackageManager.checkPermission(String, String)
public boolean isProvisioningAllowed(String action)
action
- One of ACTION_PROVISION_MANAGED_DEVICE
,
ACTION_PROVISION_MANAGED_PROFILE
.IllegalArgumentException
- if the supplied action is not valid.public boolean isManagedProfile(ComponentName admin)
ACTION_PROVISION_MANAGED_PROFILE
and of a managed
user with createAndManageUser(android.content.ComponentName, java.lang.String, android.content.ComponentName, android.os.PersistableBundle, int)
admin
- Which profile owner this request is associated with.public boolean isSystemOnlyUser(ComponentName admin)
admin
- Which device owner this request is associated with.public String getWifiMacAddress(ComponentName admin)
admin
- Which device owner this request is associated with.
The address will be in the XX:XX:XX:XX:XX:XX
format.
SecurityException
- if admin
is not a device owner.public void reboot(ComponentName admin)
IllegalStateException
.admin
- Which device owner the request is associated with.IllegalStateException
- if device has an ongoing call.SecurityException
- if admin
is not a device owner.TelephonyManager.CALL_STATE_IDLE
public void setShortSupportMessage(ComponentName admin, CharSequence message)
If the short support message needs to be localized, it is the responsibility of the
DeviceAdminReceiver
to listen to the Intent.ACTION_LOCALE_CHANGED
broadcast
and set a new version of this string accordingly.
admin
- Which DeviceAdminReceiver
this request is associated with.message
- Short message to be displayed to the user in settings or null to clear the
existing message.SecurityException
- if admin
is not an active administrator.setLongSupportMessage(android.content.ComponentName, java.lang.CharSequence)
public CharSequence getShortSupportMessage(ComponentName admin)
admin
- Which DeviceAdminReceiver
this request is associated with.setShortSupportMessage(ComponentName, CharSequence)
or
null if no message has been set.SecurityException
- if admin
is not an active administrator.public void setLongSupportMessage(ComponentName admin, CharSequence message)
If the long support message needs to be localized, it is the responsibility of the
DeviceAdminReceiver
to listen to the Intent.ACTION_LOCALE_CHANGED
broadcast
and set a new version of this string accordingly.
admin
- Which DeviceAdminReceiver
this request is associated with.message
- Long message to be displayed to the user in settings or null to clear the
existing message.SecurityException
- if admin
is not an active administrator.setShortSupportMessage(android.content.ComponentName, java.lang.CharSequence)
public CharSequence getLongSupportMessage(ComponentName admin)
admin
- Which DeviceAdminReceiver
this request is associated with.setLongSupportMessage(ComponentName, CharSequence)
or
null if no message has been set.SecurityException
- if admin
is not an active administrator.public CharSequence getShortSupportMessageForUser(ComponentName admin, int userHandle)
admin
- Which DeviceAdminReceiver
this request is associated with.userHandle
- user id the admin is running as.setShortSupportMessage(ComponentName, CharSequence)
public CharSequence getLongSupportMessageForUser(ComponentName admin, int userHandle)
admin
- Which DeviceAdminReceiver
this request is associated with.userHandle
- user id the admin is running as.setLongSupportMessage(ComponentName, CharSequence)
public DevicePolicyManager getParentProfileInstance(ComponentName admin)
DevicePolicyManager
whose calls act on the parent profile.
The following methods are supported for the parent instance, all other methods will throw a SecurityException when called on the parent instance:
getPasswordQuality(android.content.ComponentName)
setPasswordQuality(android.content.ComponentName, int)
getPasswordMinimumLength(android.content.ComponentName)
setPasswordMinimumLength(android.content.ComponentName, int)
getPasswordMinimumUpperCase(android.content.ComponentName)
setPasswordMinimumUpperCase(android.content.ComponentName, int)
getPasswordMinimumLowerCase(android.content.ComponentName)
setPasswordMinimumLowerCase(android.content.ComponentName, int)
getPasswordMinimumLetters(android.content.ComponentName)
setPasswordMinimumLetters(android.content.ComponentName, int)
getPasswordMinimumNumeric(android.content.ComponentName)
setPasswordMinimumNumeric(android.content.ComponentName, int)
getPasswordMinimumSymbols(android.content.ComponentName)
setPasswordMinimumSymbols(android.content.ComponentName, int)
getPasswordMinimumNonLetter(android.content.ComponentName)
setPasswordMinimumNonLetter(android.content.ComponentName, int)
getPasswordHistoryLength(android.content.ComponentName)
setPasswordHistoryLength(android.content.ComponentName, int)
getPasswordExpirationTimeout(android.content.ComponentName)
setPasswordExpirationTimeout(android.content.ComponentName, long)
getPasswordExpiration(android.content.ComponentName)
isActivePasswordSufficient()
getCurrentFailedPasswordAttempts()
getMaximumFailedPasswordsForWipe(android.content.ComponentName)
setMaximumFailedPasswordsForWipe(android.content.ComponentName, int)
getMaximumTimeToLock(android.content.ComponentName)
setMaximumTimeToLock(android.content.ComponentName, long)
lockNow()
getKeyguardDisabledFeatures(android.content.ComponentName)
setKeyguardDisabledFeatures(android.content.ComponentName, int)
getTrustAgentConfiguration(android.content.ComponentName, android.content.ComponentName)
setTrustAgentConfiguration(android.content.ComponentName, android.content.ComponentName, android.os.PersistableBundle)
DevicePolicyManager
that acts on the parent profile.SecurityException
- if admin
is not a profile owner.public void setSecurityLoggingEnabled(ComponentName admin, boolean enabled)
Security logs contain various information intended for security auditing purposes.
See SecurityLog.SecurityEvent
for details.
There must be only one user on the device, managed by the device owner.
Otherwise a SecurityException
will be thrown.
admin
- Which device owner this request is associated with.enabled
- whether security logging should be enabled or not.SecurityException
- if admin
is not a device owner.retrieveSecurityLogs(android.content.ComponentName)
public boolean isSecurityLoggingEnabled(ComponentName admin)
Can only be called by the device owner, otherwise a SecurityException
will be
thrown.
admin
- Which device owner this request is associated with.true
if security logging is enabled by device owner, false
otherwise.SecurityException
- if admin
is not a device owner.public List<SecurityLog.SecurityEvent> retrieveSecurityLogs(ComponentName admin)
Access to the logs is rate limited and it will only return new logs after the device
owner has been notified via DeviceAdminReceiver.onSecurityLogsAvailable(android.content.Context, android.content.Intent)
.
There must be only one user on the device, managed by the device owner.
Otherwise a SecurityException
will be thrown.
admin
- Which device owner this request is associated with.SecurityLog.SecurityEvent
,
or null
if rate limitation is exceeded or if logging is currently disabled.SecurityException
- if admin
is not a device owner.public DevicePolicyManager getParentProfileInstance(UserInfo uInfo)
DevicePolicyManager
whose calls act on the parent
profile.public List<SecurityLog.SecurityEvent> retrievePreRebootSecurityLogs(ComponentName admin)
This API is not supported on all devices. Calling this API on unsupported devices
will result in null
being returned. The device logs are retrieved from a RAM region
which is not guaranteed to be corruption-free during power cycles, as a result be cautious
about data corruption when parsing.
There must be only one user on the device, managed by the device owner. Otherwise a
SecurityException
will be thrown.
admin
- Which device owner this request is associated with.null
if this API
is not supported on the device.SecurityException
- if admin
is not a device owner.public void setOrganizationColor(ComponentName admin, int color)
The confirm credentials screen can be created using
KeyguardManager.createConfirmDeviceCredentialIntent(java.lang.CharSequence, java.lang.CharSequence)
.
admin
- Which DeviceAdminReceiver
this request is associated with.color
- The 24bit (0xRRGGBB) representation of the color to be used.SecurityException
- if admin
is not a profile owner.public void setOrganizationColorForUser(int color, int userId)
color
- The 24bit (0xRRGGBB) representation of the color to be used.userId
- which user to set the color to.public int getOrganizationColor(ComponentName admin)
admin
- Which DeviceAdminReceiver
this request is associated with.SecurityException
- if admin
is not a profile owner.public int getOrganizationColorForUser(int userHandle)
userHandle
- The user id of the user we're interested in.public void setOrganizationName(ComponentName admin, CharSequence title)
If the organization name needs to be localized, it is the responsibility of the
DeviceAdminReceiver
to listen to the Intent.ACTION_LOCALE_CHANGED
broadcast
and set a new version of this string accordingly.
admin
- Which DeviceAdminReceiver
this request is associated with.title
- The organization name or null
to clear a previously set name.SecurityException
- if admin
is not a profile owner.public CharSequence getOrganizationName(ComponentName admin)
admin
- Which DeviceAdminReceiver
this request is associated with.null
if none is set.SecurityException
- if admin
is not a profile owner.public CharSequence getOrganizationNameForUser(int userHandle)
userHandle
- The user id of the user we're interested in.null
if none is set.public int getUserProvisioningState()
DevicePolicyManager.UserProvisioningState
for the current user - for unmanaged users will
return STATE_USER_UNMANAGED
public void setUserProvisioningState(int state, int userHandle)
DevicePolicyManager.UserProvisioningState
for the supplied user, if they are managed.state
- to storeuserHandle
- for userpublic void setAffiliationIds(ComponentName admin, Set<String> ids)
admin
- Which profile or device owner this request is associated with.ids
- A set of opaque affiliation ids.public boolean isAffiliatedUser()
public boolean isUninstallInQueue(String packageName)
packageName
- the package to check forpackageName
is pendingpublic void uninstallPackageWithActiveAdmins(String packageName)
packageName
- the package containing active DAs to be uninstalledpublic void forceRemoveActiveAdmin(ComponentName adminReceiver, int userHandle)
userHandle
- user id to remove the admin for.admin
- The administration compononent to remove.SecurityException
- if the caller is not shell / root or the admin package
isn't a test application see ApplicationInfo#FLAG_TEST_APP
.public boolean isDeviceProvisioned()
Settings.Global.DEVICE_PROVISIONED
has ever been set
to 1.public void setDeviceProvisioningConfigApplied()
public boolean isDeviceProvisioningConfigApplied()
public void setBackupServiceEnabled(ComponentName admin, boolean enabled)
public boolean isBackupServiceEnabled(ComponentName admin)
true
if backup service is enabled, false
otherwise.