DevicePolicyManagerpublic class DevicePolicyManager extends Object Public interface for managing policies enforced on a device. Most clients of this class must be
registered with the system as a
device administrator. Additionally,
a device administrator may be registered as either a profile or device owner. A given method is
accessible to all device administrators unless the documentation for that method specifies that
it is restricted to either device or profile owners.
Developer Guides
For more information about managing policies for device administration, read the
Device Administration
developer guide.
|
| Fields Summary |
|---|
| private static String | TAG | | private final android.content.Context | mContext | | private final android.app.admin.IDevicePolicyManager | mService | | public static final String | ACTION_PROVISION_MANAGED_PROFILEActivity action: Starts the provisioning flow which sets up a managed profile.
A managed profile allows data separation for example for the usage of a
device as a personal and corporate device. The user which provisioning is started from and
the managed profile share a launcher.
This intent will typically be sent by a mobile device management application (mdm).
Provisioning adds a managed profile and sets the mdm as the profile owner who has full
control over the profile
This intent must contain the extra {@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME}.
When managed provisioning has completed, an intent of the type
{@link DeviceAdminReceiver#ACTION_PROFILE_PROVISIONING_COMPLETE} is broadcasted to the
managed profile.
If provisioning fails, the managedProfile is removed so the device returns to its
previous state.
Input: Nothing.
Output: Nothing | | public static final String | EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLEA {@link android.os.Parcelable} extra of type {@link android.os.PersistableBundle} that allows
a mobile device management application that starts managed profile provisioning to pass data
to itself on the managed profile when provisioning completes. The mobile device management
application sends this extra in an intent with the action
{@link #ACTION_PROVISION_MANAGED_PROFILE} and receives it in
{@link DeviceAdminReceiver#onProfileProvisioningComplete} via an intent with the action
{@link DeviceAdminReceiver#ACTION_PROFILE_PROVISIONING_COMPLETE}. The bundle is not changed
during the managed profile provisioning. | | public static final String | EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAMEA String extra holding the package name of the mobile device management application that
will be set as the profile owner or device owner.
If an application starts provisioning directly via an intent with action
{@link #ACTION_PROVISION_MANAGED_PROFILE} this package has to match the package name of the
application that started provisioning. The package will be set as profile owner in that case.
This package is set as device owner when device owner provisioning is started by an NFC
message containing an NFC record with MIME type {@link #MIME_TYPE_PROVISIONING_NFC}. | | public static final String | EXTRA_PROVISIONING_ACCOUNT_TO_MIGRATEAn {@link android.accounts.Account} extra holding the account to migrate during managed
profile provisioning. If the account supplied is present in the primary user, it will be
copied, along with its credentials to the managed profile and removed from the primary user.
Use with {@link #ACTION_PROVISION_MANAGED_PROFILE}. | | public static final String | EXTRA_PROVISIONING_EMAIL_ADDRESSA String extra that, holds the email address of the account which a managed profile is
created for. Used with {@link #ACTION_PROVISION_MANAGED_PROFILE} and
{@link DeviceAdminReceiver#ACTION_PROFILE_PROVISIONING_COMPLETE}.
This extra is part of the {@link #EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE}.
If the {@link #ACTION_PROVISION_MANAGED_PROFILE} intent that starts managed provisioning
contains this extra, it is forwarded in the
{@link DeviceAdminReceiver#ACTION_PROFILE_PROVISIONING_COMPLETE} intent to the mobile
device management application that was set as the profile owner during provisioning.
It is usually used to avoid that the user has to enter their email address twice. | | public static final String | EXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLEDA Boolean extra that can be used by the mobile device management application to skip the
disabling of system apps during provisioning when set to true.
Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner
provisioning via an NFC bump. | | public static final String | EXTRA_PROVISIONING_TIME_ZONEA String extra holding the time zone {@link android.app.AlarmManager} that the device
will be set to.
Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner
provisioning via an NFC bump. | | public static final String | EXTRA_PROVISIONING_LOCAL_TIMEA Long extra holding the wall clock time (in milliseconds) to be set on the device's
{@link android.app.AlarmManager}.
Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner
provisioning via an NFC bump. | | public static final String | EXTRA_PROVISIONING_LOCALEA String extra holding the {@link java.util.Locale} that the device will be set to.
Format: xx_yy, where xx is the language code, and yy the country code.
Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner
provisioning via an NFC bump. | | public static final String | EXTRA_PROVISIONING_WIFI_SSIDA String extra holding the ssid of the wifi network that should be used during nfc device
owner provisioning for downloading the mobile device management application.
Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner
provisioning via an NFC bump. | | public static final String | EXTRA_PROVISIONING_WIFI_HIDDENA boolean extra indicating whether the wifi network in {@link #EXTRA_PROVISIONING_WIFI_SSID}
is hidden or not.
Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner
provisioning via an NFC bump. | | public static final String | EXTRA_PROVISIONING_WIFI_SECURITY_TYPEA String extra indicating the security type of the wifi network in
{@link #EXTRA_PROVISIONING_WIFI_SSID}.
Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner
provisioning via an NFC bump. | | public static final String | EXTRA_PROVISIONING_WIFI_PASSWORDA String extra holding the password of the wifi network in
{@link #EXTRA_PROVISIONING_WIFI_SSID}.
Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner
provisioning via an NFC bump. | | public static final String | EXTRA_PROVISIONING_WIFI_PROXY_HOSTA String extra holding the proxy host for the wifi network in
{@link #EXTRA_PROVISIONING_WIFI_SSID}.
Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner
provisioning via an NFC bump. | | public static final String | EXTRA_PROVISIONING_WIFI_PROXY_PORTAn int extra holding the proxy port for the wifi network in
{@link #EXTRA_PROVISIONING_WIFI_SSID}.
Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner
provisioning via an NFC bump. | | public static final String | EXTRA_PROVISIONING_WIFI_PROXY_BYPASSA String extra holding the proxy bypass for the wifi network in
{@link #EXTRA_PROVISIONING_WIFI_SSID}.
Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner
provisioning via an NFC bump. | | public static final String | EXTRA_PROVISIONING_WIFI_PAC_URLA String extra holding the proxy auto-config (PAC) URL for the wifi network in
{@link #EXTRA_PROVISIONING_WIFI_SSID}.
Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner
provisioning via an NFC bump. | | public static final String | EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATIONA String extra holding a url that specifies the download location of the device admin
package. When not provided it is assumed that the device admin package is already installed.
Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner
provisioning via an NFC bump. | | public static final String | EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_COOKIE_HEADERA String extra holding a http cookie header which should be used in the http request to the
url specified in {@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION}.
Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner
provisioning via an NFC bump. | | public static final String | EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUMA String extra holding the SHA-1 checksum of the file at download location specified in
{@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION}. If this doesn't match
the file at the download location an error will be shown to the user and the user will be
asked to factory reset the device.
Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner
provisioning via an NFC bump. | | public static final String | MIME_TYPE_PROVISIONING_NFCThis MIME type is used for starting the Device Owner provisioning.
During device owner provisioning a device admin app is set as the owner of the device.
A device owner has full control over the device. The device owner can not be modified by the
user and the only way of resetting the device is if the device owner app calls a factory
reset.
A typical use case would be a device that is owned by a company, but used by either an
employee or client.
The NFC message should be send to an unprovisioned device.
The NFC record must contain a serialized {@link java.util.Properties} object which
contains the following properties:
- {@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME}
- {@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION}
- {@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_COOKIE_HEADER}, optional
- {@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM}
- {@link #EXTRA_PROVISIONING_LOCAL_TIME} (convert to String), optional
- {@link #EXTRA_PROVISIONING_TIME_ZONE}, optional
- {@link #EXTRA_PROVISIONING_LOCALE}, optional
- {@link #EXTRA_PROVISIONING_WIFI_SSID}, optional
- {@link #EXTRA_PROVISIONING_WIFI_HIDDEN} (convert to String), optional
- {@link #EXTRA_PROVISIONING_WIFI_SECURITY_TYPE}, optional
- {@link #EXTRA_PROVISIONING_WIFI_PASSWORD}, optional
- {@link #EXTRA_PROVISIONING_WIFI_PROXY_HOST}, optional
- {@link #EXTRA_PROVISIONING_WIFI_PROXY_PORT} (convert to String), optional
- {@link #EXTRA_PROVISIONING_WIFI_PROXY_BYPASS}, optional
- {@link #EXTRA_PROVISIONING_WIFI_PAC_URL}, optional
When device owner provisioning has completed, an intent of the type
{@link DeviceAdminReceiver#ACTION_PROFILE_PROVISIONING_COMPLETE} is broadcasted to the
device owner.
If provisioning fails, the device is factory reset.
Input: Nothing.
Output: Nothing | | public static final String | ACTION_ADD_DEVICE_ADMINActivity action: ask the user to add a new device administrator to the system.
The desired policy is the ComponentName of the policy in the
{@link #EXTRA_DEVICE_ADMIN} extra field. This will invoke a UI to
bring the user through adding the device administrator to the system (or
allowing them to reject it).
You can optionally include the {@link #EXTRA_ADD_EXPLANATION}
field to provide the user with additional explanation (in addition
to your component's description) about what is being added.
If your administrator is already active, this will ordinarily return immediately (without
user intervention). However, if your administrator has been updated and is requesting
additional uses-policy flags, the user will be presented with the new list. New policies
will not be available to the updated administrator until the user has accepted the new list. | | public static final String | ACTION_SET_PROFILE_OWNER | | public static final String | EXTRA_PROFILE_OWNER_NAME | | public static final String | ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGEDActivity action: send when any policy admin changes a policy.
This is generally used to find out when a new policy is in effect. | | public static final String | EXTRA_DEVICE_ADMINThe ComponentName of the administrator component. | | public static final String | EXTRA_ADD_EXPLANATIONAn optional CharSequence providing additional explanation for why the
admin is being added. | | public static final String | ACTION_SET_NEW_PASSWORDActivity action: have the user enter a new password. This activity should
be launched after using {@link #setPasswordQuality(ComponentName, int)},
or {@link #setPasswordMinimumLength(ComponentName, int)} to have the user
enter a new password that meets the current requirements. You can use
{@link #isActivePasswordSufficient()} to determine whether you need to
have the user select a new password in order to meet the current
constraints. Upon being resumed from this activity, you can check the new
password characteristics to see if they are sufficient. | | public static final int | FLAG_PARENT_CAN_ACCESS_MANAGEDFlag used by {@link #addCrossProfileIntentFilter} to allow activities in
the parent profile to access intents sent from the managed profile.
That is, when an app in the managed profile calls
{@link Activity#startActivity(Intent)}, the intent can be resolved by a
matching activity in the parent profile. | | public static final int | FLAG_MANAGED_CAN_ACCESS_PARENTFlag used by {@link #addCrossProfileIntentFilter} to allow activities in
the managed profile to access intents sent from the parent profile.
That is, when an app in the parent profile calls
{@link Activity#startActivity(Intent)}, the intent can be resolved by a
matching activity in the managed profile. | | public static final int | PASSWORD_QUALITY_UNSPECIFIEDConstant for {@link #setPasswordQuality}: the policy has no requirements
for the password. Note that quality constants are ordered so that higher
values are more restrictive. | | public static final int | PASSWORD_QUALITY_BIOMETRIC_WEAKConstant for {@link #setPasswordQuality}: the policy allows for low-security biometric
recognition technology. This implies technologies that can recognize the identity of
an individual to about a 3 digit PIN (false detection is less than 1 in 1,000).
Note that quality constants are ordered so that higher values are more restrictive. | | public static final int | PASSWORD_QUALITY_SOMETHINGConstant for {@link #setPasswordQuality}: the policy requires some kind
of password, but doesn't care what it is. Note that quality constants
are ordered so that higher values are more restrictive. | | public static final int | PASSWORD_QUALITY_NUMERICConstant for {@link #setPasswordQuality}: the user must have entered a
password containing at least numeric characters. Note that quality
constants are ordered so that higher values are more restrictive. | | public static final int | PASSWORD_QUALITY_NUMERIC_COMPLEXConstant for {@link #setPasswordQuality}: the user must have entered a
password containing at least numeric characters with no repeating (4444)
or ordered (1234, 4321, 2468) sequences. Note that quality
constants are ordered so that higher values are more restrictive. | | public static final int | PASSWORD_QUALITY_ALPHABETICConstant for {@link #setPasswordQuality}: the user must have entered a
password containing at least alphabetic (or other symbol) characters.
Note that quality constants are ordered so that higher values are more
restrictive. | | public static final int | PASSWORD_QUALITY_ALPHANUMERICConstant for {@link #setPasswordQuality}: the user must have entered a
password containing at least both> numeric and
alphabetic (or other symbol) characters. Note that quality constants are
ordered so that higher values are more restrictive. | | public static final int | PASSWORD_QUALITY_COMPLEXConstant for {@link #setPasswordQuality}: the user must have entered a
password containing at least a letter, a numerical digit and a special
symbol, by default. With this password quality, passwords can be
restricted to contain various sets of characters, like at least an
uppercase letter, etc. These are specified using various methods,
like {@link #setPasswordMinimumLowerCase(ComponentName, int)}. Note
that quality constants are ordered so that higher values are more
restrictive. | | public static final int | RESET_PASSWORD_REQUIRE_ENTRYFlag for {@link #resetPassword}: don't allow other admins to change
the password again until the user has entered it. | | public static final int | WIPE_EXTERNAL_STORAGEFlag for {@link #wipeData(int)}: also erase the device's external
storage (such as SD cards). | | public static final int | WIPE_RESET_PROTECTION_DATAFlag for {@link #wipeData(int)}: also erase the factory reset protection
data.
This flag may only be set by device owner admins; if it is set by
other admins a {@link SecurityException} will be thrown. | | public static final int | ENCRYPTION_STATUS_UNSUPPORTEDResult code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}:
indicating that encryption is not supported. | | public static final int | ENCRYPTION_STATUS_INACTIVEResult code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}:
indicating that encryption is supported, but is not currently active. | | public static final int | ENCRYPTION_STATUS_ACTIVATINGResult code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}:
indicating that encryption is not currently active, but is currently
being activated. This is only reported by devices that support
encryption of data and only when the storage is currently
undergoing a process of becoming encrypted. A device that must reboot and/or wipe data
to become encrypted will never return this value. | | public static final int | ENCRYPTION_STATUS_ACTIVEResult code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}:
indicating that encryption is active. | | public static final String | ACTION_START_ENCRYPTIONActivity action: begin the process of encrypting data on the device. This activity should
be launched after using {@link #setStorageEncryption} to request encryption be activated.
After resuming from this activity, use {@link #getStorageEncryption}
to check encryption status. However, on some devices this activity may never return, as
it may trigger a reboot and in some cases a complete data wipe of the device. | | public static final int | KEYGUARD_DISABLE_FEATURES_NONEWidgets are enabled in keyguard | | public static final int | KEYGUARD_DISABLE_WIDGETS_ALLDisable all keyguard widgets. Has no effect. | | public static final int | KEYGUARD_DISABLE_SECURE_CAMERADisable the camera on secure keyguard screens (e.g. PIN/Pattern/Password) | | public static final int | KEYGUARD_DISABLE_SECURE_NOTIFICATIONSDisable showing all notifications on secure keyguard screens (e.g. PIN/Pattern/Password) | | public static final int | KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONSOnly allow redacted notifications on secure keyguard screens (e.g. PIN/Pattern/Password) | | public static final int | KEYGUARD_DISABLE_TRUST_AGENTSIgnore trust agent state on secure keyguard screens
(e.g. PIN/Pattern/Password). | | public static final int | KEYGUARD_DISABLE_FINGERPRINTDisable fingerprint sensor on keyguard secure screens (e.g. PIN/Pattern/Password). | | public static final int | KEYGUARD_DISABLE_FEATURES_ALLDisable all current and future keyguard customizations. |
| Constructors Summary |
|---|
private DevicePolicyManager(android.content.Context context, android.os.Handler handler)
mContext = context;
mService = IDevicePolicyManager.Stub.asInterface(
ServiceManager.getService(Context.DEVICE_POLICY_SERVICE));
|
| Methods Summary |
|---|
| public void | addCrossProfileIntentFilter(android.content.ComponentName admin, android.content.IntentFilter filter, int flags)Called by the profile owner of a managed profile so that some intents sent in the managed
profile can also be resolved in the parent, or vice versa.
Only activity intents are supported.
if (mService != null) {
try {
mService.addCrossProfileIntentFilter(admin, filter, flags);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public boolean | addCrossProfileWidgetProvider(android.content.ComponentName admin, java.lang.String packageName)Called by the profile owner of a managed profile to enable widget providers from a
given package to be available in the parent profile. As a result the user will be able to
add widgets from the white-listed package running under the profile to a widget
host which runs under the parent profile, for example the home screen. Note that
a package may have zero or more provider components, where each component
provides a different widget type.
Note: By default no widget provider package is white-listed.
if (mService != null) {
try {
return mService.addCrossProfileWidgetProvider(admin, packageName);
} catch (RemoteException re) {
Log.w(TAG, "Error calling addCrossProfileWidgetProvider", re);
}
}
return false;
| | public void | addPersistentPreferredActivity(android.content.ComponentName admin, android.content.IntentFilter filter, android.content.ComponentName activity)Called by a profile owner or device owner to add a default intent handler activity for
intents that match a certain intent filter. This activity will remain the default intent
handler even if the set of potential event handlers for the intent filter changes and if
the intent preferences are reset.
The default disambiguation mechanism takes over if the activity is not installed
(anymore). When the activity is (re)installed, it is automatically reset as default
intent handler for the filter.
The calling device admin must be a profile owner or device owner. If it is not, a
security exception will be thrown.
if (mService != null) {
try {
mService.addPersistentPreferredActivity(admin, filter, activity);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public void | addUserRestriction(android.content.ComponentName admin, java.lang.String key)Called by a profile or device owner to set a user restriction specified
by the key.
The calling device admin must be a profile or device owner; if it is not,
a security exception will be thrown.
if (mService != null) {
try {
mService.setUserRestriction(admin, key, true);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public void | clearCrossProfileIntentFilters(android.content.ComponentName admin)Called by a profile owner of a managed profile to remove the cross-profile intent filters
that go from the managed profile to the parent, or from the parent to the managed profile.
Only removes those that have been set by the profile owner.
if (mService != null) {
try {
mService.clearCrossProfileIntentFilters(admin);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public void | clearDeviceOwnerApp(java.lang.String packageName)Clears the current device owner. The caller must be the device owner.
This function should be used cautiously as once it is called it cannot
be undone. The device owner can only be set as a part of device setup
before setup completes.
if (mService != null) {
try {
mService.clearDeviceOwner(packageName);
} catch (RemoteException re) {
Log.w(TAG, "Failed to clear device owner");
}
}
| | public void | clearPackagePersistentPreferredActivities(android.content.ComponentName admin, java.lang.String packageName)Called by a profile owner or device owner to remove all persistent intent handler preferences
associated with the given package that were set by {@link #addPersistentPreferredActivity}.
The calling device admin must be a profile owner. If it is not, a security
exception will be thrown.
if (mService != null) {
try {
mService.clearPackagePersistentPreferredActivities(admin, packageName);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public void | clearProfileOwner(android.content.ComponentName admin)
if (mService != null) {
try {
mService.clearProfileOwner(admin);
} catch (RemoteException re) {
Log.w(TAG, "Failed to clear profile owner " + admin + re);
}
}
| | public void | clearUserRestriction(android.content.ComponentName admin, java.lang.String key)Called by a profile or device owner to clear a user restriction specified
by the key.
The calling device admin must be a profile or device owner; if it is not,
a security exception will be thrown.
if (mService != null) {
try {
mService.setUserRestriction(admin, key, false);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public static android.app.admin.DevicePolicyManager | create(android.content.Context context, android.os.Handler handler)
DevicePolicyManager me = new DevicePolicyManager(context, handler);
return me.mService != null ? me : null;
| | public android.os.UserHandle | createAndInitializeUser(android.content.ComponentName admin, java.lang.String name, java.lang.String ownerName, android.content.ComponentName profileOwnerComponent, android.os.Bundle adminExtras)Called by a device owner to create a user with the specified name. The UserHandle returned
by this method should not be persisted as user handles are recycled as users are removed and
created. If you need to persist an identifier for this user, use
{@link UserManager#getSerialNumberForUser}. The new user will be started in the background
immediately.
profileOwnerComponent is the {@link DeviceAdminReceiver} to be the profile owner as well
as registered as an active admin on the new user. The profile owner package will be
installed on the new user if it already is installed on the device.
If the optionalInitializeData is not null, then the extras will be passed to the
profileOwnerComponent when onEnable is called.
try {
return mService.createAndInitializeUser(admin, name, ownerName, profileOwnerComponent,
adminExtras);
} catch (RemoteException re) {
Log.w(TAG, "Could not create a user", re);
}
return null;
| | public android.os.UserHandle | createUser(android.content.ComponentName admin, java.lang.String name)Called by a device owner to create a user with the specified name. The UserHandle returned
by this method should not be persisted as user handles are recycled as users are removed and
created. If you need to persist an identifier for this user, use
{@link UserManager#getSerialNumberForUser}.
try {
return mService.createUser(admin, name);
} catch (RemoteException re) {
Log.w(TAG, "Could not create a user", re);
}
return null;
| | public void | enableSystemApp(android.content.ComponentName admin, java.lang.String packageName)Called by profile or device owner to re-enable a system app that was disabled by default
when the user was initialized.
if (mService != null) {
try {
mService.enableSystemApp(admin, packageName);
} catch (RemoteException e) {
Log.w(TAG, "Failed to install package: " + packageName);
}
}
| | public int | enableSystemApp(android.content.ComponentName admin, android.content.Intent intent)Called by profile or device owner to re-enable system apps by intent that were disabled
by default when the user was initialized.
if (mService != null) {
try {
return mService.enableSystemAppWithIntent(admin, intent);
} catch (RemoteException e) {
Log.w(TAG, "Failed to install packages matching filter: " + intent);
}
}
return 0;
| | public java.lang.String[] | getAccountTypesWithManagementDisabled()Gets the array of accounts for which account management is disabled by the profile owner.
Account management can be disabled/enabled by calling
{@link #setAccountManagementDisabled}.
return getAccountTypesWithManagementDisabledAsUser(UserHandle.myUserId());
| | public java.lang.String[] | getAccountTypesWithManagementDisabledAsUser(int userId)
if (mService != null) {
try {
return mService.getAccountTypesWithManagementDisabledAsUser(userId);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return null;
| | public java.util.List | getActiveAdmins()Return a list of all currently active device administrator's component
names. Note that if there are no administrators than null may be
returned.
return getActiveAdminsAsUser(UserHandle.myUserId());
| | public java.util.List | getActiveAdminsAsUser(int userId)
if (mService != null) {
try {
return mService.getActiveAdmins(userId);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return null;
| | public DeviceAdminInfo | getAdminInfo(android.content.ComponentName cn)Returns the DeviceAdminInfo as defined by the administrator's package info & meta-data
ActivityInfo ai;
try {
ai = mContext.getPackageManager().getReceiverInfo(cn,
PackageManager.GET_META_DATA);
} catch (PackageManager.NameNotFoundException e) {
Log.w(TAG, "Unable to retrieve device policy " + cn, e);
return null;
}
ResolveInfo ri = new ResolveInfo();
ri.activityInfo = ai;
try {
return new DeviceAdminInfo(mContext, ri);
} catch (XmlPullParserException e) {
Log.w(TAG, "Unable to parse device policy " + cn, e);
return null;
} catch (IOException e) {
Log.w(TAG, "Unable to parse device policy " + cn, e);
return null;
}
| | public android.os.Bundle | getApplicationRestrictions(android.content.ComponentName admin, java.lang.String packageName)Called by a profile or device owner to get the application restrictions for a given target
application running in the profile.
The calling device admin must be a profile or device owner; if it is not, a security
exception will be thrown.
if (mService != null) {
try {
return mService.getApplicationRestrictions(admin, packageName);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return null;
| | public boolean | getAutoTimeRequired()
if (mService != null) {
try {
return mService.getAutoTimeRequired();
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return false;
| | private static java.lang.String | getCaCertAlias(byte[] certBuffer)Returns the alias of a given CA certificate in the certificate store, or null if it
doesn't exist.
final CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
final X509Certificate cert = (X509Certificate) certFactory.generateCertificate(
new ByteArrayInputStream(certBuffer));
return new TrustedCertificateStore().getCertificateAlias(cert);
| | public boolean | getCameraDisabled(android.content.ComponentName admin)Determine whether or not the device's cameras have been disabled for this user,
either by the current admin, if specified, or all admins.
return getCameraDisabled(admin, UserHandle.myUserId());
| | public boolean | getCameraDisabled(android.content.ComponentName admin, int userHandle)
if (mService != null) {
try {
return mService.getCameraDisabled(admin, userHandle);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return false;
| | public boolean | getCrossProfileCallerIdDisabled(android.content.ComponentName who)Called by a profile owner of a managed profile to determine whether or not caller-Id
information has been disabled.
The calling device admin must be a profile owner. If it is not, a
security exception will be thrown.
if (mService != null) {
try {
return mService.getCrossProfileCallerIdDisabled(who);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return false;
| | public boolean | getCrossProfileCallerIdDisabled(android.os.UserHandle userHandle)Determine whether or not caller-Id information has been disabled.
if (mService != null) {
try {
return mService.getCrossProfileCallerIdDisabledForUser(userHandle.getIdentifier());
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return false;
| | public java.util.List | getCrossProfileWidgetProviders(android.content.ComponentName admin)Called by the profile owner of a managed profile to query providers from which packages are
available in the parent profile.
if (mService != null) {
try {
List<String> providers = mService.getCrossProfileWidgetProviders(admin);
if (providers != null) {
return providers;
}
} catch (RemoteException re) {
Log.w(TAG, "Error calling getCrossProfileWidgetProviders", re);
}
}
return Collections.emptyList();
| | public int | getCurrentFailedPasswordAttempts()Retrieve the number of times the user has failed at entering a
password since that last successful password entry.
The calling device admin must have requested
{@link DeviceAdminInfo#USES_POLICY_WATCH_LOGIN} to be able to call
this method; if it has not, a security exception will be thrown.
if (mService != null) {
try {
return mService.getCurrentFailedPasswordAttempts(UserHandle.myUserId());
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return -1;
| | public java.lang.String | getDeviceOwner()
if (mService != null) {
try {
return mService.getDeviceOwner();
} catch (RemoteException re) {
Log.w(TAG, "Failed to get device owner");
}
}
return null;
| | public java.lang.String | getDeviceOwnerName()
if (mService != null) {
try {
return mService.getDeviceOwnerName();
} catch (RemoteException re) {
Log.w(TAG, "Failed to get device owner");
}
}
return null;
| | public android.content.ComponentName | getGlobalProxyAdmin()Returns the component name setting the global proxy.
if (mService != null) {
try {
return mService.getGlobalProxyAdmin(UserHandle.myUserId());
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return null;
| | public java.util.List | getInstalledCaCerts(android.content.ComponentName admin)Returns all CA certificates that are currently trusted, excluding system CA certificates.
If a user has installed any certificates by other means than device policy these will be
included too.
List<byte[]> certs = new ArrayList<byte[]>();
if (mService != null) {
try {
mService.enforceCanManageCaCerts(admin);
final TrustedCertificateStore certStore = new TrustedCertificateStore();
for (String alias : certStore.userAliases()) {
try {
certs.add(certStore.getCertificate(alias).getEncoded());
} catch (CertificateException ce) {
Log.w(TAG, "Could not encode certificate: " + alias, ce);
}
}
} catch (RemoteException re) {
Log.w(TAG, "Failed talking with device policy service", re);
}
}
return certs;
| | public int | getKeyguardDisabledFeatures(android.content.ComponentName admin)Determine whether or not features have been disabled in keyguard either by the current
admin, if specified, or all admins.
return getKeyguardDisabledFeatures(admin, UserHandle.myUserId());
| | public int | getKeyguardDisabledFeatures(android.content.ComponentName admin, int userHandle)
if (mService != null) {
try {
return mService.getKeyguardDisabledFeatures(admin, userHandle);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return KEYGUARD_DISABLE_FEATURES_NONE;
| | public java.lang.String[] | getLockTaskPackages(android.content.ComponentName admin)This function returns the list of packages allowed to start the lock task mode.
if (mService != null) {
try {
return mService.getLockTaskPackages(admin);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return null;
| | public int | getMaximumFailedPasswordsForWipe(android.content.ComponentName admin)Retrieve the current maximum number of login attempts that are allowed
before the device wipes itself, for all admins of this user and its profiles
or a particular one.
return getMaximumFailedPasswordsForWipe(admin, UserHandle.myUserId());
| | public int | getMaximumFailedPasswordsForWipe(android.content.ComponentName admin, int userHandle)
if (mService != null) {
try {
return mService.getMaximumFailedPasswordsForWipe(admin, userHandle);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return 0;
| | public long | getMaximumTimeToLock(android.content.ComponentName admin)Retrieve the current maximum time to unlock for all admins of this user
and its profiles or a particular one.
return getMaximumTimeToLock(admin, UserHandle.myUserId());
| | public long | getMaximumTimeToLock(android.content.ComponentName admin, int userHandle)
if (mService != null) {
try {
return mService.getMaximumTimeToLock(admin, userHandle);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return 0;
| | public long | getPasswordExpiration(android.content.ComponentName admin)Get the current password expiration time for the given admin or an aggregate of
all admins of this user and its profiles if admin is null. If the password is
expired, this will return the time since the password expired as a negative number.
If admin is null, then a composite of all expiration timeouts is returned
- which will be the minimum of all timeouts.
if (mService != null) {
try {
return mService.getPasswordExpiration(admin, UserHandle.myUserId());
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return 0;
| | public long | getPasswordExpirationTimeout(android.content.ComponentName admin)Get the password expiration timeout for the given admin. The expiration timeout is the
recurring expiration timeout provided in the call to
{@link #setPasswordExpirationTimeout(ComponentName, long)} for the given admin or the
aggregate of all policy administrators if admin is null.
if (mService != null) {
try {
return mService.getPasswordExpirationTimeout(admin, UserHandle.myUserId());
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return 0;
| | public int | getPasswordHistoryLength(android.content.ComponentName admin)Retrieve the current password history length for all admins of this
user and its profiles or a particular one.
return getPasswordHistoryLength(admin, UserHandle.myUserId());
| | public int | getPasswordHistoryLength(android.content.ComponentName admin, int userHandle)
if (mService != null) {
try {
return mService.getPasswordHistoryLength(admin, userHandle);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return 0;
| | public int | getPasswordMaximumLength(int quality)Return the maximum password length that the device supports for a
particular password quality.
// Kind-of arbitrary.
return 16;
| | public int | getPasswordMinimumLength(android.content.ComponentName admin)Retrieve the current minimum password length for all admins of this
user and its profiles or a particular one.
return getPasswordMinimumLength(admin, UserHandle.myUserId());
| | public int | getPasswordMinimumLength(android.content.ComponentName admin, int userHandle)
if (mService != null) {
try {
return mService.getPasswordMinimumLength(admin, userHandle);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return 0;
| | public int | getPasswordMinimumLetters(android.content.ComponentName admin)Retrieve the current number of letters required in the password for all
admins or a particular one. This is the same value as
set by {#link {@link #setPasswordMinimumLetters(ComponentName, int)}
and only applies when the password quality is
{@link #PASSWORD_QUALITY_COMPLEX}.
return getPasswordMinimumLetters(admin, UserHandle.myUserId());
| | public int | getPasswordMinimumLetters(android.content.ComponentName admin, int userHandle)
if (mService != null) {
try {
return mService.getPasswordMinimumLetters(admin, userHandle);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return 0;
| | public int | getPasswordMinimumLowerCase(android.content.ComponentName admin)Retrieve the current number of lower case letters required in the
password for all admins of this user and its profiles or a particular one.
This is the same value as set by
{#link {@link #setPasswordMinimumLowerCase(ComponentName, int)}
and only applies when the password quality is
{@link #PASSWORD_QUALITY_COMPLEX}.
return getPasswordMinimumLowerCase(admin, UserHandle.myUserId());
| | public int | getPasswordMinimumLowerCase(android.content.ComponentName admin, int userHandle)
if (mService != null) {
try {
return mService.getPasswordMinimumLowerCase(admin, userHandle);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return 0;
| | public int | getPasswordMinimumNonLetter(android.content.ComponentName admin)Retrieve the current number of non-letter characters required in the
password for all admins of this user and its profiles or a particular one.
This is the same value as set by
{#link {@link #setPasswordMinimumNonLetter(ComponentName, int)}
and only applies when the password quality is
{@link #PASSWORD_QUALITY_COMPLEX}.
return getPasswordMinimumNonLetter(admin, UserHandle.myUserId());
| | public int | getPasswordMinimumNonLetter(android.content.ComponentName admin, int userHandle)
if (mService != null) {
try {
return mService.getPasswordMinimumNonLetter(admin, userHandle);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return 0;
| | public int | getPasswordMinimumNumeric(android.content.ComponentName admin)Retrieve the current number of numerical digits required in the password
for all admins of this user and its profiles or a particular one.
This is the same value as set by
{#link {@link #setPasswordMinimumNumeric(ComponentName, int)}
and only applies when the password quality is
{@link #PASSWORD_QUALITY_COMPLEX}.
return getPasswordMinimumNumeric(admin, UserHandle.myUserId());
| | public int | getPasswordMinimumNumeric(android.content.ComponentName admin, int userHandle)
if (mService != null) {
try {
return mService.getPasswordMinimumNumeric(admin, userHandle);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return 0;
| | public int | getPasswordMinimumSymbols(android.content.ComponentName admin)Retrieve the current number of symbols required in the password for all
admins or a particular one. This is the same value as
set by {#link {@link #setPasswordMinimumSymbols(ComponentName, int)}
and only applies when the password quality is
{@link #PASSWORD_QUALITY_COMPLEX}.
return getPasswordMinimumSymbols(admin, UserHandle.myUserId());
| | public int | getPasswordMinimumSymbols(android.content.ComponentName admin, int userHandle)
if (mService != null) {
try {
return mService.getPasswordMinimumSymbols(admin, userHandle);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return 0;
| | public int | getPasswordMinimumUpperCase(android.content.ComponentName admin)Retrieve the current number of upper case letters required in the
password for all admins of this user and its profiles or a particular one.
This is the same value as set by
{#link {@link #setPasswordMinimumUpperCase(ComponentName, int)}
and only applies when the password quality is
{@link #PASSWORD_QUALITY_COMPLEX}.
return getPasswordMinimumUpperCase(admin, UserHandle.myUserId());
| | public int | getPasswordMinimumUpperCase(android.content.ComponentName admin, int userHandle)
if (mService != null) {
try {
return mService.getPasswordMinimumUpperCase(admin, userHandle);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return 0;
| | public int | getPasswordQuality(android.content.ComponentName admin)Retrieve the current minimum password quality for all admins of this user
and its profiles or a particular one.
return getPasswordQuality(admin, UserHandle.myUserId());
| | public int | getPasswordQuality(android.content.ComponentName admin, int userHandle)
if (mService != null) {
try {
return mService.getPasswordQuality(admin, userHandle);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return PASSWORD_QUALITY_UNSPECIFIED;
| | public java.util.List | getPermittedAccessibilityServices(android.content.ComponentName admin)Returns the list of permitted accessibility services set by this device or profile owner.
An empty list means no accessibility services except system services are allowed.
Null means all accessibility services are allowed.
if (mService != null) {
try {
return mService.getPermittedAccessibilityServices(admin);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return null;
| | public java.util.List | getPermittedAccessibilityServices(int userId)Returns the list of accessibility services permitted by the device or profiles
owners of this user.
Null means all accessibility services are allowed, if a non-null list is returned
it will contain the intersection of the permitted lists for any device or profile
owners that apply to this user. It will also include any system accessibility services.
if (mService != null) {
try {
return mService.getPermittedAccessibilityServicesForUser(userId);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return null;
| | public java.util.List | getPermittedInputMethods(android.content.ComponentName admin)Returns the list of permitted input methods set by this device or profile owner.
An empty list means no input methods except system input methods are allowed.
Null means all input methods are allowed.
if (mService != null) {
try {
return mService.getPermittedInputMethods(admin);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return null;
| | public java.util.List | getPermittedInputMethodsForCurrentUser()Returns the list of input methods permitted by the device or profiles
owners of the current user.
Null means all input methods are allowed, if a non-null list is returned
it will contain the intersection of the permitted lists for any device or profile
owners that apply to this user. It will also include any system input methods.
if (mService != null) {
try {
return mService.getPermittedInputMethodsForCurrentUser();
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return null;
| | public android.content.ComponentName | getProfileOwner()
return getProfileOwnerAsUser(Process.myUserHandle().getIdentifier());
| | public android.content.ComponentName | getProfileOwnerAsUser(int userId)
if (mService != null) {
try {
return mService.getProfileOwner(userId);
} catch (RemoteException re) {
Log.w(TAG, "Failed to get profile owner");
throw new IllegalArgumentException(
"Requested profile owner for invalid userId", re);
}
}
return null;
| | public java.lang.String | getProfileOwnerName()
if (mService != null) {
try {
return mService.getProfileOwnerName(Process.myUserHandle().getIdentifier());
} catch (RemoteException re) {
Log.w(TAG, "Failed to get profile owner");
throw new IllegalArgumentException(
"Requested profile owner for invalid userId", re);
}
}
return null;
| | public java.lang.String | getProfileOwnerNameAsUser(int userId)
if (mService != null) {
try {
return mService.getProfileOwnerName(userId);
} catch (RemoteException re) {
Log.w(TAG, "Failed to get profile owner");
throw new IllegalArgumentException(
"Requested profile owner for invalid userId", re);
}
}
return null;
| | public int | getProfileWithMinimumFailedPasswordsForWipe(int userHandle)Returns the profile with the smallest maximum failed passwords for wipe,
for the given user. So for primary user, it might return the primary or
a managed profile. For a secondary user, it would be the same as the
user passed in.
if (mService != null) {
try {
return mService.getProfileWithMinimumFailedPasswordsForWipe(userHandle);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return UserHandle.USER_NULL;
| | public void | getRemoveWarning(android.content.ComponentName admin, android.os.RemoteCallback result)
if (mService != null) {
try {
mService.getRemoveWarning(admin, result, UserHandle.myUserId());
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public boolean | getScreenCaptureDisabled(android.content.ComponentName admin)Determine whether or not screen capture has been disabled by the current
admin, if specified, or all admins.
return getScreenCaptureDisabled(admin, UserHandle.myUserId());
| | public boolean | getScreenCaptureDisabled(android.content.ComponentName admin, int userHandle)
if (mService != null) {
try {
return mService.getScreenCaptureDisabled(admin, userHandle);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return false;
| | public boolean | getStorageEncryption(android.content.ComponentName admin)Called by an application that is administering the device to
determine the requested setting for secure storage.
if (mService != null) {
try {
return mService.getStorageEncryption(admin, UserHandle.myUserId());
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return false;
| | public int | getStorageEncryptionStatus()Called by an application that is administering the device to
determine the current encryption status of the device.
Depending on the returned status code, the caller may proceed in different
ways. If the result is {@link #ENCRYPTION_STATUS_UNSUPPORTED}, the
storage system does not support encryption. If the
result is {@link #ENCRYPTION_STATUS_INACTIVE}, use {@link
#ACTION_START_ENCRYPTION} to begin the process of encrypting or decrypting the
storage. If the result is {@link #ENCRYPTION_STATUS_ACTIVATING} or
{@link #ENCRYPTION_STATUS_ACTIVE}, no further action is required.
return getStorageEncryptionStatus(UserHandle.myUserId());
| | public int | getStorageEncryptionStatus(int userHandle)
if (mService != null) {
try {
return mService.getStorageEncryptionStatus(userHandle);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return ENCRYPTION_STATUS_UNSUPPORTED;
| | public java.util.List | getTrustAgentConfiguration(android.content.ComponentName admin, android.content.ComponentName agent)Gets configuration for the given trust agent based on aggregating all calls to
{@link #setTrustAgentConfiguration(ComponentName, ComponentName, PersistableBundle)} for
all device admins.
return getTrustAgentConfiguration(admin, agent, UserHandle.myUserId());
| | public java.util.List | getTrustAgentConfiguration(android.content.ComponentName admin, android.content.ComponentName agent, int userHandle)
if (mService != null) {
try {
return mService.getTrustAgentConfiguration(admin, agent, userHandle);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return new ArrayList<PersistableBundle>(); // empty list
| | public boolean | hasCaCertInstalled(android.content.ComponentName admin, byte[] certBuffer)Returns whether this certificate is installed as a trusted CA.
if (mService != null) {
try {
mService.enforceCanManageCaCerts(admin);
return getCaCertAlias(certBuffer) != null;
} catch (RemoteException re) {
Log.w(TAG, "Failed talking with device policy service", re);
} catch (CertificateException ce) {
Log.w(TAG, "Could not parse certificate", ce);
}
}
return false;
| | public boolean | hasGrantedPolicy(android.content.ComponentName admin, int usesPolicy)Returns true if an administrator has been granted a particular device policy. This can
be used to check if the administrator was activated under an earlier set of policies,
but requires additional policies after an upgrade.
if (mService != null) {
try {
return mService.hasGrantedPolicy(admin, usesPolicy, UserHandle.myUserId());
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return false;
| | public boolean | hasUserSetupCompleted()
if (mService != null) {
try {
return mService.hasUserSetupCompleted();
} catch (RemoteException re) {
Log.w(TAG, "Failed to check if user setup has completed");
}
}
return true;
| | public boolean | installCaCert(android.content.ComponentName admin, byte[] certBuffer)Installs the given certificate as a user CA.
if (mService != null) {
try {
return mService.installCaCert(admin, certBuffer);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return false;
| | public boolean | installKeyPair(android.content.ComponentName who, java.security.PrivateKey privKey, java.security.cert.Certificate cert, java.lang.String alias)Called by a device or profile owner to install a certificate and private key pair. The
keypair will be visible to all apps within the profile.
try {
final byte[] pemCert = Credentials.convertToPem(cert);
return mService.installKeyPair(who, privKey.getEncoded(), pemCert, alias);
} catch (CertificateException e) {
Log.w(TAG, "Error encoding certificate", e);
} catch (IOException e) {
Log.w(TAG, "Error writing certificate", e);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
return false;
| | public boolean | isActivePasswordSufficient()Determine whether the current password the user has set is sufficient
to meet the policy requirements (quality, minimum length) that have been
requested by the admins of this user and its profiles.
The calling device admin must have requested
{@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call
this method; if it has not, a security exception will be thrown.
if (mService != null) {
try {
return mService.isActivePasswordSufficient(UserHandle.myUserId());
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return false;
| | public boolean | isAdminActive(android.content.ComponentName who)Return true if the given administrator component is currently
active (enabled) in the system.
return isAdminActiveAsUser(who, UserHandle.myUserId());
| | public boolean | isAdminActiveAsUser(android.content.ComponentName who, int userId)
if (mService != null) {
try {
return mService.isAdminActive(who, userId);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return false;
| | public boolean | isApplicationHidden(android.content.ComponentName admin, java.lang.String packageName)Called by device or profile owner to determine if a package is hidden.
if (mService != null) {
try {
return mService.isApplicationHidden(admin, packageName);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return false;
| | public boolean | isDeviceOwner(java.lang.String packageName)
return isDeviceOwnerApp(packageName);
| | public boolean | isDeviceOwnerApp(java.lang.String packageName)Used to determine if a particular package has been registered as a Device Owner app.
A device owner app is a special device admin that cannot be deactivated by the user, once
activated as a device admin. It also cannot be uninstalled. To check if a particular
package is currently registered as the device owner app, pass in the package name from
{@link Context#getPackageName()} to this method.This is useful for device
admin apps that want to check if they are also registered as the device owner app. The
exact mechanism by which a device admin app is registered as a device owner app is defined by
the setup process.
if (mService != null) {
try {
return mService.isDeviceOwner(packageName);
} catch (RemoteException re) {
Log.w(TAG, "Failed to check device owner");
}
}
return false;
| | public boolean | isLockTaskPermitted(java.lang.String pkg)This function lets the caller know whether the given component is allowed to start the
lock task mode.
if (mService != null) {
try {
return mService.isLockTaskPermitted(pkg);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return false;
| | public boolean | isMasterVolumeMuted(android.content.ComponentName admin)Called by profile or device owners to check whether the master volume mute is on or off.
if (mService != null) {
try {
return mService.isMasterVolumeMuted(admin);
} catch (RemoteException re) {
Log.w(TAG, "Failed to get isMasterMute on device policy service");
}
}
return false;
| | public boolean | isProfileOwnerApp(java.lang.String packageName)Used to determine if a particular package is registered as the profile owner for the
current user. A profile owner is a special device admin that has additional privileges
within the profile.
if (mService != null) {
try {
ComponentName profileOwner = mService.getProfileOwner(
Process.myUserHandle().getIdentifier());
return profileOwner != null
&& profileOwner.getPackageName().equals(packageName);
} catch (RemoteException re) {
Log.w(TAG, "Failed to check profile owner");
}
}
return false;
| | public boolean | isRemovingAdmin(android.content.ComponentName who, int userId)Return true if the given administrator component is currently being removed
for the user.
if (mService != null) {
try {
return mService.isRemovingAdmin(who, userId);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return false;
| | public boolean | isUninstallBlocked(android.content.ComponentName admin, java.lang.String packageName)Check whether the current user has been blocked by device policy from uninstalling a package.
Requires the caller to be the profile owner if checking a specific admin's policy.
if (mService != null) {
try {
return mService.isUninstallBlocked(admin, packageName);
} catch (RemoteException re) {
Log.w(TAG, "Failed to call block uninstall on device policy service");
}
}
return false;
| | public void | lockNow()Make the device lock immediately, as if the lock screen timeout has
expired at the point of this call.
The calling device admin must have requested
{@link DeviceAdminInfo#USES_POLICY_FORCE_LOCK} to be able to call
this method; if it has not, a security exception will be thrown.
if (mService != null) {
try {
mService.lockNow();
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public boolean | packageHasActiveAdmins(java.lang.String packageName)Used by package administration code to determine if a package can be stopped
or uninstalled.
if (mService != null) {
try {
return mService.packageHasActiveAdmins(packageName, UserHandle.myUserId());
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return false;
| | public void | removeActiveAdmin(android.content.ComponentName who)Remove a current administration component. This can only be called
by the application that owns the administration component; if you
try to remove someone else's component, a security exception will be
thrown.
if (mService != null) {
try {
mService.removeActiveAdmin(who, UserHandle.myUserId());
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public boolean | removeCrossProfileWidgetProvider(android.content.ComponentName admin, java.lang.String packageName)Called by the profile owner of a managed profile to disable widget providers from a given
package to be available in the parent profile. For this method to take effect the
package should have been added via {@link #addCrossProfileWidgetProvider(
android.content.ComponentName, String)}.
Note: By default no widget provider package is white-listed.
if (mService != null) {
try {
return mService.removeCrossProfileWidgetProvider(admin, packageName);
} catch (RemoteException re) {
Log.w(TAG, "Error calling removeCrossProfileWidgetProvider", re);
}
}
return false;
| | public boolean | removeUser(android.content.ComponentName admin, android.os.UserHandle userHandle)Called by a device owner to remove a user and all associated data. The primary user can
not be removed.
try {
return mService.removeUser(admin, userHandle);
} catch (RemoteException re) {
Log.w(TAG, "Could not remove user ", re);
return false;
}
| | public void | reportFailedPasswordAttempt(int userHandle)
if (mService != null) {
try {
mService.reportFailedPasswordAttempt(userHandle);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public void | reportSuccessfulPasswordAttempt(int userHandle)
if (mService != null) {
try {
mService.reportSuccessfulPasswordAttempt(userHandle);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public boolean | resetPassword(java.lang.String password, int flags)Force a new device unlock password (the password needed to access the
entire device, not for individual accounts) on the user. This takes
effect immediately.
The given password must be sufficient for the
current password quality and length constraints as returned by
{@link #getPasswordQuality(ComponentName)} and
{@link #getPasswordMinimumLength(ComponentName)}; if it does not meet
these constraints, then it will be rejected and false returned. Note
that the password may be a stronger quality (containing alphanumeric
characters when the requested quality is only numeric), in which case
the currently active quality will be increased to match.
Calling with a null or empty password will clear any existing PIN,
pattern or password if the current password constraints allow it.
The calling device admin must have requested
{@link DeviceAdminInfo#USES_POLICY_RESET_PASSWORD} to be able to call
this method; if it has not, a security exception will be thrown.
Calling this from a managed profile will throw a security exception.
if (mService != null) {
try {
return mService.resetPassword(password, flags, UserHandle.myUserId());
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return false;
| | public void | setAccountManagementDisabled(android.content.ComponentName admin, java.lang.String accountType, boolean disabled)Called by a device owner or profile owner to disable account management for a specific type
of account.
The calling device admin must be a device owner or profile owner. If it is not, a
security exception will be thrown.
When account management is disabled for an account type, adding or removing an account
of that type will not be possible.
if (mService != null) {
try {
mService.setAccountManagementDisabled(admin, accountType, disabled);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public void | setActiveAdmin(android.content.ComponentName policyReceiver, boolean refreshing, int userHandle)
if (mService != null) {
try {
mService.setActiveAdmin(policyReceiver, refreshing, userHandle);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public void | setActiveAdmin(android.content.ComponentName policyReceiver, boolean refreshing)
setActiveAdmin(policyReceiver, refreshing, UserHandle.myUserId());
| | public void | setActivePasswordState(int quality, int length, int letters, int uppercase, int lowercase, int numbers, int symbols, int nonletter, int userHandle)
if (mService != null) {
try {
mService.setActivePasswordState(quality, length, letters, uppercase, lowercase,
numbers, symbols, nonletter, userHandle);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public boolean | setActiveProfileOwner(android.content.ComponentName admin, java.lang.String ownerName)
if (mService != null) {
try {
final int myUserId = UserHandle.myUserId();
mService.setActiveAdmin(admin, false, myUserId);
return mService.setProfileOwner(admin, ownerName, myUserId);
} catch (RemoteException re) {
Log.w(TAG, "Failed to set profile owner " + re);
throw new IllegalArgumentException("Couldn't set profile owner.", re);
}
}
return false;
| | public boolean | setApplicationHidden(android.content.ComponentName admin, java.lang.String packageName, boolean hidden)Called by device or profile owner to hide or unhide packages. When a package is hidden it
is unavailable for use, but the data and actual package file remain.
if (mService != null) {
try {
return mService.setApplicationHidden(admin, packageName, hidden);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return false;
| | public void | setApplicationRestrictions(android.content.ComponentName admin, java.lang.String packageName, android.os.Bundle settings)Called by a profile or device owner to set the application restrictions for a given target
application running in the profile.
The provided {@link Bundle} consists of key-value pairs, where the types of values may be
boolean, int, String, or String[].
The application restrictions are only made visible to the target application and the
profile or device owner.
If the restrictions are not available yet, but may be applied in the near future,
the admin can notify the target application of that by adding
{@link UserManager#KEY_RESTRICTIONS_PENDING} to the settings parameter.
The calling device admin must be a profile or device owner; if it is not, a security
exception will be thrown.
if (mService != null) {
try {
mService.setApplicationRestrictions(admin, packageName, settings);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public void | setAutoTimeRequired(android.content.ComponentName admin, boolean required)Called by a device owner to set whether auto time is required. If auto time is
required the user cannot set the date and time, but has to use network date and time.
Note: if auto time is required the user can still manually set the time zone.
The calling device admin must be a device owner. If it is not, a security exception will
be thrown.
if (mService != null) {
try {
mService.setAutoTimeRequired(admin, UserHandle.myUserId(), required);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public void | setCameraDisabled(android.content.ComponentName admin, boolean disabled)Called by an application that is administering the device to disable all cameras
on the device, for this user. After setting this, no applications running as this user
will be able to access any cameras on the device.
The calling device admin must have requested
{@link DeviceAdminInfo#USES_POLICY_DISABLE_CAMERA} to be able to call
this method; if it has not, a security exception will be thrown.
if (mService != null) {
try {
mService.setCameraDisabled(admin, disabled, UserHandle.myUserId());
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public void | setCrossProfileCallerIdDisabled(android.content.ComponentName who, boolean disabled)Called by a profile owner of a managed profile to set whether caller-Id information from
the managed profile will be shown in the parent profile, for incoming calls.
The calling device admin must be a profile owner. If it is not, a
security exception will be thrown.
if (mService != null) {
try {
mService.setCrossProfileCallerIdDisabled(who, disabled);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public boolean | setDeviceOwner(java.lang.String packageName)
return setDeviceOwner(packageName, null);
| | public boolean | setDeviceOwner(java.lang.String packageName, java.lang.String ownerName)
if (mService != null) {
try {
return mService.setDeviceOwner(packageName, ownerName);
} catch (RemoteException re) {
Log.w(TAG, "Failed to set device owner");
}
}
return false;
| | public android.content.ComponentName | setGlobalProxy(android.content.ComponentName admin, java.net.Proxy proxySpec, java.util.List exclusionList)Called by an application that is administering the device to set the
global proxy and exclusion list.
The calling device admin must have requested
{@link DeviceAdminInfo#USES_POLICY_SETS_GLOBAL_PROXY} to be able to call
this method; if it has not, a security exception will be thrown.
Only the first device admin can set the proxy. If a second admin attempts
to set the proxy, the {@link ComponentName} of the admin originally setting the
proxy will be returned. If successful in setting the proxy, null will
be returned.
The method can be called repeatedly by the device admin alrady setting the
proxy to update the proxy and exclusion list.
if (proxySpec == null) {
throw new NullPointerException();
}
if (mService != null) {
try {
String hostSpec;
String exclSpec;
if (proxySpec.equals(Proxy.NO_PROXY)) {
hostSpec = null;
exclSpec = null;
} else {
if (!proxySpec.type().equals(Proxy.Type.HTTP)) {
throw new IllegalArgumentException();
}
InetSocketAddress sa = (InetSocketAddress)proxySpec.address();
String hostName = sa.getHostName();
int port = sa.getPort();
StringBuilder hostBuilder = new StringBuilder();
hostSpec = hostBuilder.append(hostName)
.append(":").append(Integer.toString(port)).toString();
if (exclusionList == null) {
exclSpec = "";
} else {
StringBuilder listBuilder = new StringBuilder();
boolean firstDomain = true;
for (String exclDomain : exclusionList) {
if (!firstDomain) {
listBuilder = listBuilder.append(",");
} else {
firstDomain = false;
}
listBuilder = listBuilder.append(exclDomain.trim());
}
exclSpec = listBuilder.toString();
}
if (android.net.Proxy.validate(hostName, Integer.toString(port), exclSpec)
!= android.net.Proxy.PROXY_VALID)
throw new IllegalArgumentException();
}
return mService.setGlobalProxy(admin, hostSpec, exclSpec, UserHandle.myUserId());
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return null;
| | public void | setGlobalSetting(android.content.ComponentName admin, java.lang.String setting, java.lang.String value)Called by device owners to update {@link Settings.Global} settings. Validation that the value
of the setting is in the correct form for the setting type should be performed by the caller.
The settings that can be updated with this method are:
- {@link Settings.Global#ADB_ENABLED}
- {@link Settings.Global#AUTO_TIME}
- {@link Settings.Global#AUTO_TIME_ZONE}
- {@link Settings.Global#BLUETOOTH_ON}
- {@link Settings.Global#DATA_ROAMING}
- {@link Settings.Global#DEVELOPMENT_SETTINGS_ENABLED}
- {@link Settings.Global#MODE_RINGER}
- {@link Settings.Global#NETWORK_PREFERENCE}
- {@link Settings.Global#USB_MASS_STORAGE_ENABLED}
- {@link Settings.Global#WIFI_ON}
- {@link Settings.Global#WIFI_SLEEP_POLICY}
if (mService != null) {
try {
mService.setGlobalSetting(admin, setting, value);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public void | setKeyguardDisabledFeatures(android.content.ComponentName admin, int which)Called by an application that is administering the device to disable keyguard customizations,
such as widgets. After setting this, keyguard features will be disabled according to the
provided feature list.
The calling device admin must have requested
{@link DeviceAdminInfo#USES_POLICY_DISABLE_KEYGUARD_FEATURES} to be able to call
this method; if it has not, a security exception will be thrown.
Calling this from a managed profile will throw a security exception.
if (mService != null) {
try {
mService.setKeyguardDisabledFeatures(admin, which, UserHandle.myUserId());
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public void | setLockTaskPackages(android.content.ComponentName admin, java.lang.String[] packages)Sets which packages may enter lock task mode.
Any packages that shares uid with an allowed package will also be allowed
to activate lock task.
This function can only be called by the device owner.
if (mService != null) {
try {
mService.setLockTaskPackages(admin, packages);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public void | setMasterVolumeMuted(android.content.ComponentName admin, boolean on)Called by profile or device owners to set the master volume mute on or off.
if (mService != null) {
try {
mService.setMasterVolumeMuted(admin, on);
} catch (RemoteException re) {
Log.w(TAG, "Failed to setMasterMute on device policy service");
}
}
| | public void | setMaximumFailedPasswordsForWipe(android.content.ComponentName admin, int num)Setting this to a value greater than zero enables a built-in policy
that will perform a device wipe after too many incorrect
device-unlock passwords have been entered. This built-in policy combines
watching for failed passwords and wiping the device, and requires
that you request both {@link DeviceAdminInfo#USES_POLICY_WATCH_LOGIN} and
{@link DeviceAdminInfo#USES_POLICY_WIPE_DATA}}.
To implement any other policy (e.g. wiping data for a particular
application only, erasing or revoking credentials, or reporting the
failure to a server), you should implement
{@link DeviceAdminReceiver#onPasswordFailed(Context, android.content.Intent)}
instead. Do not use this API, because if the maximum count is reached,
the device will be wiped immediately, and your callback will not be invoked.
if (mService != null) {
try {
mService.setMaximumFailedPasswordsForWipe(admin, num, UserHandle.myUserId());
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public void | setMaximumTimeToLock(android.content.ComponentName admin, long timeMs)Called by an application that is administering the device to set the
maximum time for user activity until the device will lock. This limits
the length that the user can set. It takes effect immediately.
The calling device admin must have requested
{@link DeviceAdminInfo#USES_POLICY_FORCE_LOCK} to be able to call
this method; if it has not, a security exception will be thrown.
if (mService != null) {
try {
mService.setMaximumTimeToLock(admin, timeMs, UserHandle.myUserId());
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public void | setPasswordExpirationTimeout(android.content.ComponentName admin, long timeout)Called by a device admin to set the password expiration timeout. Calling this method
will restart the countdown for password expiration for the given admin, as will changing
the device password (for all admins).
The provided timeout is the time delta in ms and will be added to the current time.
For example, to have the password expire 5 days from now, timeout would be
5 * 86400 * 1000 = 432000000 ms for timeout.
To disable password expiration, a value of 0 may be used for timeout.
The calling device admin must have requested
{@link DeviceAdminInfo#USES_POLICY_EXPIRE_PASSWORD} to be able to call this
method; if it has not, a security exception will be thrown.
Note that setting the password will automatically reset the expiration time for all
active admins. Active admins do not need to explicitly call this method in that case.
if (mService != null) {
try {
mService.setPasswordExpirationTimeout(admin, timeout, UserHandle.myUserId());
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public void | setPasswordHistoryLength(android.content.ComponentName admin, int length)Called by an application that is administering the device to set the length
of the password history. After setting this, the user will not be able to
enter a new password that is the same as any password in the history. Note
that the current password will remain until the user has set a new one, so
the change does not take place immediately. To prompt the user for a new
password, use {@link #ACTION_SET_NEW_PASSWORD} after setting this value.
This constraint is only imposed if the administrator has also requested
either {@link #PASSWORD_QUALITY_NUMERIC}, {@link #PASSWORD_QUALITY_NUMERIC_COMPLEX}
{@link #PASSWORD_QUALITY_ALPHABETIC}, or {@link #PASSWORD_QUALITY_ALPHANUMERIC}
with {@link #setPasswordQuality}.
The calling device admin must have requested
{@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call this
method; if it has not, a security exception will be thrown.
if (mService != null) {
try {
mService.setPasswordHistoryLength(admin, length, UserHandle.myUserId());
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public void | setPasswordMinimumLength(android.content.ComponentName admin, int length)Called by an application that is administering the device to set the
minimum allowed password length. After setting this, the user
will not be able to enter a new password that is not at least as
restrictive as what has been set. Note that the current password
will remain until the user has set a new one, so the change does not
take place immediately. To prompt the user for a new password, use
{@link #ACTION_SET_NEW_PASSWORD} after setting this value. This
constraint is only imposed if the administrator has also requested either
{@link #PASSWORD_QUALITY_NUMERIC}, {@link #PASSWORD_QUALITY_NUMERIC_COMPLEX},
{@link #PASSWORD_QUALITY_ALPHABETIC}, {@link #PASSWORD_QUALITY_ALPHANUMERIC},
or {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}.
The calling device admin must have requested
{@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call
this method; if it has not, a security exception will be thrown.
if (mService != null) {
try {
mService.setPasswordMinimumLength(admin, length, UserHandle.myUserId());
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public void | setPasswordMinimumLetters(android.content.ComponentName admin, int length)Called by an application that is administering the device to set the
minimum number of letters required in the password. After setting this,
the user will not be able to enter a new password that is not at least as
restrictive as what has been set. Note that the current password will
remain until the user has set a new one, so the change does not take
place immediately. To prompt the user for a new password, use
{@link #ACTION_SET_NEW_PASSWORD} after setting this value. This
constraint is only imposed if the administrator has also requested
{@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The
default value is 1.
The calling device admin must have requested
{@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call
this method; if it has not, a security exception will be thrown.
if (mService != null) {
try {
mService.setPasswordMinimumLetters(admin, length, UserHandle.myUserId());
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public void | setPasswordMinimumLowerCase(android.content.ComponentName admin, int length)Called by an application that is administering the device to set the
minimum number of lower case letters required in the password. After
setting this, the user will not be able to enter a new password that is
not at least as restrictive as what has been set. Note that the current
password will remain until the user has set a new one, so the change does
not take place immediately. To prompt the user for a new password, use
{@link #ACTION_SET_NEW_PASSWORD} after setting this value. This
constraint is only imposed if the administrator has also requested
{@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The
default value is 0.
The calling device admin must have requested
{@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call
this method; if it has not, a security exception will be thrown.
if (mService != null) {
try {
mService.setPasswordMinimumLowerCase(admin, length, UserHandle.myUserId());
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public void | setPasswordMinimumNonLetter(android.content.ComponentName admin, int length)Called by an application that is administering the device to set the
minimum number of non-letter characters (numerical digits or symbols)
required in the password. After setting this, the user will not be able
to enter a new password that is not at least as restrictive as what has
been set. Note that the current password will remain until the user has
set a new one, so the change does not take place immediately. To prompt
the user for a new password, use {@link #ACTION_SET_NEW_PASSWORD} after
setting this value. This constraint is only imposed if the administrator
has also requested {@link #PASSWORD_QUALITY_COMPLEX} with
{@link #setPasswordQuality}. The default value is 0.
The calling device admin must have requested
{@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call
this method; if it has not, a security exception will be thrown.
if (mService != null) {
try {
mService.setPasswordMinimumNonLetter(admin, length, UserHandle.myUserId());
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public void | setPasswordMinimumNumeric(android.content.ComponentName admin, int length)Called by an application that is administering the device to set the
minimum number of numerical digits required in the password. After
setting this, the user will not be able to enter a new password that is
not at least as restrictive as what has been set. Note that the current
password will remain until the user has set a new one, so the change does
not take place immediately. To prompt the user for a new password, use
{@link #ACTION_SET_NEW_PASSWORD} after setting this value. This
constraint is only imposed if the administrator has also requested
{@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The
default value is 1.
The calling device admin must have requested
{@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call
this method; if it has not, a security exception will be thrown.
if (mService != null) {
try {
mService.setPasswordMinimumNumeric(admin, length, UserHandle.myUserId());
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public void | setPasswordMinimumSymbols(android.content.ComponentName admin, int length)Called by an application that is administering the device to set the
minimum number of symbols required in the password. After setting this,
the user will not be able to enter a new password that is not at least as
restrictive as what has been set. Note that the current password will
remain until the user has set a new one, so the change does not take
place immediately. To prompt the user for a new password, use
{@link #ACTION_SET_NEW_PASSWORD} after setting this value. This
constraint is only imposed if the administrator has also requested
{@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The
default value is 1.
The calling device admin must have requested
{@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call
this method; if it has not, a security exception will be thrown.
if (mService != null) {
try {
mService.setPasswordMinimumSymbols(admin, length, UserHandle.myUserId());
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public void | setPasswordMinimumUpperCase(android.content.ComponentName admin, int length)Called by an application that is administering the device to set the
minimum number of upper case letters required in the password. After
setting this, the user will not be able to enter a new password that is
not at least as restrictive as what has been set. Note that the current
password will remain until the user has set a new one, so the change does
not take place immediately. To prompt the user for a new password, use
{@link #ACTION_SET_NEW_PASSWORD} after setting this value. This
constraint is only imposed if the administrator has also requested
{@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The
default value is 0.
The calling device admin must have requested
{@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call
this method; if it has not, a security exception will be thrown.
if (mService != null) {
try {
mService.setPasswordMinimumUpperCase(admin, length, UserHandle.myUserId());
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public void | setPasswordQuality(android.content.ComponentName admin, int quality)Called by an application that is administering the device to set the
password restrictions it is imposing. After setting this, the user
will not be able to enter a new password that is not at least as
restrictive as what has been set. Note that the current password
will remain until the user has set a new one, so the change does not
take place immediately. To prompt the user for a new password, use
{@link #ACTION_SET_NEW_PASSWORD} after setting this value.
Quality constants are ordered so that higher values are more restrictive;
thus the highest requested quality constant (between the policy set here,
the user's preference, and any other considerations) is the one that
is in effect.
The calling device admin must have requested
{@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call
this method; if it has not, a security exception will be thrown.
if (mService != null) {
try {
mService.setPasswordQuality(admin, quality, UserHandle.myUserId());
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public boolean | setPermittedAccessibilityServices(android.content.ComponentName admin, java.util.List packageNames)Called by a profile or device owner to set the permitted accessibility services. When
set by a device owner or profile owner the restriction applies to all profiles of the
user the device owner or profile owner is an admin for.
By default the user can use any accessiblity service. When zero or more packages have
been added, accessiblity services that are not in the list and not part of the system
can not be enabled by the user.
Calling with a null value for the list disables the restriction so that all services
can be used, calling with an empty list only allows the builtin system's services.
System accesibility services are always available to the user the list can't modify
this.
if (mService != null) {
try {
return mService.setPermittedAccessibilityServices(admin, packageNames);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return false;
| | public boolean | setPermittedInputMethods(android.content.ComponentName admin, java.util.List packageNames)Called by a profile or device owner to set the permitted input methods services. When
set by a device owner or profile owner the restriction applies to all profiles of the
user the device owner or profile owner is an admin for.
By default the user can use any input method. When zero or more packages have
been added, input method that are not in the list and not part of the system
can not be enabled by the user.
This method will fail if it is called for a admin that is not for the foreground user
or a profile of the foreground user.
Calling with a null value for the list disables the restriction so that all input methods
can be used, calling with an empty list disables all but the system's own input methods.
System input methods are always available to the user this method can't modify this.
if (mService != null) {
try {
return mService.setPermittedInputMethods(admin, packageNames);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return false;
| | public void | setProfileEnabled(android.content.ComponentName admin)Sets the enabled state of the profile. A profile should be enabled only once it is ready to
be used. Only the profile owner can call this.
if (mService != null) {
try {
mService.setProfileEnabled(admin);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public void | setProfileName(android.content.ComponentName who, java.lang.String profileName)Sets the name of the profile. In the device owner case it sets the name of the user
which it is called from. Only a profile owner or device owner can call this. If this is
never called by the profile or device owner, the name will be set to default values.
if (mService != null) {
try {
mService.setProfileName(who, profileName);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public boolean | setProfileOwner(java.lang.String packageName, java.lang.String ownerName, int userHandle)
if (packageName == null) {
throw new NullPointerException("packageName cannot be null");
}
return setProfileOwner(new ComponentName(packageName, ""), ownerName, userHandle);
| | public boolean | setProfileOwner(android.content.ComponentName admin, java.lang.String ownerName, int userHandle)
if (admin == null) {
throw new NullPointerException("admin cannot be null");
}
if (mService != null) {
try {
if (ownerName == null) {
ownerName = "";
}
return mService.setProfileOwner(admin, ownerName, userHandle);
} catch (RemoteException re) {
Log.w(TAG, "Failed to set profile owner", re);
throw new IllegalArgumentException("Couldn't set profile owner.", re);
}
}
return false;
| | public void | setRecommendedGlobalProxy(android.content.ComponentName admin, android.net.ProxyInfo proxyInfo)Set a network-independent global HTTP proxy. This is not normally what you want
for typical HTTP proxies - they are generally network dependent. However if you're
doing something unusual like general internal filtering this may be useful. On
a private network where the proxy is not accessible, you may break HTTP using this.
This method requires the caller to be the device owner.
This proxy is only a recommendation and it is possible that some apps will ignore it.
if (mService != null) {
try {
mService.setRecommendedGlobalProxy(admin, proxyInfo);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public void | setRestrictionsProvider(android.content.ComponentName admin, android.content.ComponentName provider)Designates a specific service component as the provider for
making permission requests of a local or remote administrator of the user.
Only a profile owner can designate the restrictions provider.
if (mService != null) {
try {
mService.setRestrictionsProvider(admin, provider);
} catch (RemoteException re) {
Log.w(TAG, "Failed to set permission provider on device policy service");
}
}
| | public void | setScreenCaptureDisabled(android.content.ComponentName admin, boolean disabled)Called by a device/profile owner to set whether the screen capture is disabled. Disabling
screen capture also prevents the content from being shown on display devices that do not have
a secure video output. See {@link android.view.Display#FLAG_SECURE} for more details about
secure surfaces and secure displays.
The calling device admin must be a device or profile owner. If it is not, a
security exception will be thrown.
if (mService != null) {
try {
mService.setScreenCaptureDisabled(admin, UserHandle.myUserId(), disabled);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public void | setSecureSetting(android.content.ComponentName admin, java.lang.String setting, java.lang.String value)Called by profile or device owners to update {@link Settings.Secure} settings. Validation
that the value of the setting is in the correct form for the setting type should be performed
by the caller.
The settings that can be updated by a profile or device owner with this method are:
- {@link Settings.Secure#DEFAULT_INPUT_METHOD}
- {@link Settings.Secure#INSTALL_NON_MARKET_APPS}
- {@link Settings.Secure#SKIP_FIRST_USE_HINTS}
A device owner can additionally update the following settings:
- {@link Settings.Secure#LOCATION_MODE}
if (mService != null) {
try {
mService.setSecureSetting(admin, setting, value);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public int | setStorageEncryption(android.content.ComponentName admin, boolean encrypt)Called by an application that is administering the device to
request that the storage system be encrypted.
When multiple device administrators attempt to control device
encryption, the most secure, supported setting will always be
used. If any device administrator requests device encryption,
it will be enabled; Conversely, if a device administrator
attempts to disable device encryption while another
device administrator has enabled it, the call to disable will
fail (most commonly returning {@link #ENCRYPTION_STATUS_ACTIVE}).
This policy controls encryption of the secure (application data) storage area. Data
written to other storage areas may or may not be encrypted, and this policy does not require
or control the encryption of any other storage areas.
There is one exception: If {@link android.os.Environment#isExternalStorageEmulated()} is
{@code true}, then the directory returned by
{@link android.os.Environment#getExternalStorageDirectory()} must be written to disk
within the encrypted storage area.
Important Note: On some devices, it is possible to encrypt storage without requiring
the user to create a device PIN or Password. In this case, the storage is encrypted, but
the encryption key may not be fully secured. For maximum security, the administrator should
also require (and check for) a pattern, PIN, or password.
if (mService != null) {
try {
return mService.setStorageEncryption(admin, encrypt, UserHandle.myUserId());
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
return ENCRYPTION_STATUS_UNSUPPORTED;
| | public void | setTrustAgentConfiguration(android.content.ComponentName admin, android.content.ComponentName target, android.os.PersistableBundle configuration)Sets a list of configuration features to enable for a TrustAgent component. This is meant
to be used in conjunction with {@link #KEYGUARD_DISABLE_TRUST_AGENTS}, which disables all
trust agents but those enabled by this function call. If flag
{@link #KEYGUARD_DISABLE_TRUST_AGENTS} is not set, then this call has no effect.
The calling device admin must have requested
{@link DeviceAdminInfo#USES_POLICY_DISABLE_KEYGUARD_FEATURES} to be able to call
this method; if not, a security exception will be thrown.
if (mService != null) {
try {
mService.setTrustAgentConfiguration(admin, target, configuration,
UserHandle.myUserId());
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public void | setUninstallBlocked(android.content.ComponentName admin, java.lang.String packageName, boolean uninstallBlocked)Called by profile or device owners to change whether a user can uninstall
a package.
if (mService != null) {
try {
mService.setUninstallBlocked(admin, packageName, uninstallBlocked);
} catch (RemoteException re) {
Log.w(TAG, "Failed to call block uninstall on device policy service");
}
}
| | public boolean | switchUser(android.content.ComponentName admin, android.os.UserHandle userHandle)Called by a device owner to switch the specified user to the foreground.
try {
return mService.switchUser(admin, userHandle);
} catch (RemoteException re) {
Log.w(TAG, "Could not switch user ", re);
return false;
}
| | public void | uninstallAllUserCaCerts(android.content.ComponentName admin)Uninstalls all custom trusted CA certificates from the profile. Certificates installed by
means other than device policy will also be removed, except for system CA certificates.
if (mService != null) {
for (String alias : new TrustedCertificateStore().userAliases()) {
try {
mService.uninstallCaCert(admin, alias);
} catch (RemoteException re) {
Log.w(TAG, "Failed talking with device policy service", re);
}
}
}
| | public void | uninstallCaCert(android.content.ComponentName admin, byte[] certBuffer)Uninstalls the given certificate from trusted user CAs, if present.
if (mService != null) {
try {
final String alias = getCaCertAlias(certBuffer);
mService.uninstallCaCert(admin, alias);
} catch (CertificateException e) {
Log.w(TAG, "Unable to parse certificate", e);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
| | public void | wipeData(int flags)Ask the user data be wiped. This will cause the device to reboot,
erasing all user data while next booting up.
The calling device admin must have requested
{@link DeviceAdminInfo#USES_POLICY_WIPE_DATA} to be able to call
this method; if it has not, a security exception will be thrown.
if (mService != null) {
try {
mService.wipeData(flags, UserHandle.myUserId());
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
}
|
|
