Docs: Add Device Admin contents
Bug: 19155580
Change-Id: I42d13461627e40463912067189db2759de8531e1
diff --git a/src/devices/devices_toc.cs b/src/devices/devices_toc.cs
index ca4ef2d..f812ccf 100644
--- a/src/devices/devices_toc.cs
+++ b/src/devices/devices_toc.cs
@@ -215,6 +215,21 @@
</li>
<li class="nav-section">
+ <div class="nav-section-header">
+ <a href="<?cs var:toroot ?>devices/tech/admin/index.html">
+ <span class="en">Device Administration</span></a>
+ </div>
+ <ul>
+ <li><a href="<?cs var:toroot ?>devices/tech/admin/implement.html">Implementation</a></li>
+ <li><a href="<?cs var:toroot ?>devices/tech/admin/multi-user.html">Multiple Users</a></li>
+ <li><a href="<?cs var:toroot ?>devices/tech/admin/managed-profiles.html">Managed Profiles</a></li>
+ <li><a href="<?cs var:toroot ?>devices/tech/admin/provision.html">Provisioning</a></li>
+ <li><a href="<?cs var:toroot ?>devices/tech/admin/multiuser-apps.html">Multiuser Apps</a></li>
+ <li><a href="<?cs var:toroot ?>devices/tech/admin/testing-setup.html">Testing Setup</a></li>
+ </ul>
+ </li>
+
+ <li class="nav-section">
<div class="nav-section-header empty">
<a href="<?cs var:toroot ?>devices/halref/index.html">
<span class="en">HAL File Reference</span>
diff --git a/src/devices/tech/admin/images/multi-user-perms.png b/src/devices/tech/admin/images/multi-user-perms.png
new file mode 100644
index 0000000..f955ddc
--- /dev/null
+++ b/src/devices/tech/admin/images/multi-user-perms.png
Binary files differ
diff --git a/src/devices/tech/admin/implement.jd b/src/devices/tech/admin/implement.jd
new file mode 100644
index 0000000..03ce93c
--- /dev/null
+++ b/src/devices/tech/admin/implement.jd
@@ -0,0 +1,147 @@
+page.title=Implementing Device Administration
+@jd:body
+
+<!--
+ Copyright 2015 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<div id="qv-wrapper">
+ <div id="qv">
+ <h2>In this document</h2>
+ <ol id="auto-toc">
+ </ol>
+ </div>
+</div>
+
+<p>This page walks you through the many features in Android 5.0 and higher
+platform release that need to be enabled and validated on devices to make them
+ready for managed profile and device owner user cases that are essential to using
+them in a corporate environment. In addition to the related Android Open Source
+Project (AOSP) code, there are a number of additional components required for a
+device to function with managed profiles.</p>
+
+<h2 id=requirements>Requirements</h2>
+
+<p>The following uses-feature need to be defined:</p>
+
+<pre>
+android.software.managed_users
+android.software.device_admin
+</pre>
+
+<p>Confirm with: <code>adb shell pm list features</code></p>
+
+<p>It should not be a low-RAM device, meaning <code>ro.config.low_ram</code>
+should not be defined. The framework automatically limits the number of users
+to 1 when the <code>low_ram</code> flag is defined.</p>
+
+<p>By default, only applications that are essential for correct operation of the
+profile should be enabled as part of provisioning a managed device.</p>
+
+<p>OEMs must ensure the managed profile or device has all required applications by
+modifying:</p>
+
+<pre>
+vendor_required_apps_managed_profile.xml
+vendor_required_apps_managed_device.xml
+</pre>
+
+<p>Here are examples from a Nexus device:</p>
+
+<code>packages/apps/ManagedProvisioning/res/values/vendor_required_apps_managed_device.xml</code>
+
+<pre>
+<resources>
+ <!-- A list of apps to be retained on the managed device -->
+ <string-array name="vendor_required_apps_managed_device">
+ <item>com.android.vending</item> <!--Google Play -->
+ <item>com.google.android.gms</item> <!--Required by Play -->
+ <item>com.google.android.contacts</item> <!--Google or OEM Contacts-->
+ <item>com.google.android.googlequicksearchbox</item> <!--Google Launcher -->
+ <item>com.google.android.launcher</item> <!--Google Launcher or OEM Launcher -->
+ <item>com.google.android.dialer</item> <!--Google or OEM dialer to enable making phone calls -->
+ </string-array>
+</resources>
+</pre>
+
+<code>
+packages/apps/ManagedProvisioning/res/values/vendor_required_apps_managed_profile.xml
+</code>
+
+<pre>
+<resources>
+ <!-- A list of apps to be retained in the managed profile. This includes any Google experience apps required. -->
+ <string-array name="vendor_required_apps_managed_profile">
+ <item>com.android.vending</item> <!-- Google Play -->
+ <item>com.google.android.gms</item> <!-- Required by Play -->
+ <item>com.google.android.contacts</item> <!-- Google or OEM Contacts -->
+ </string-array>
+</resources>
+</pre>
+
+<h3 id=launcher>Launcher</h3>
+
+<p>The launcher must support badging applications with the icon badge provided
+in the Android Open Source Project (AOSP) to represent the managed applications
+and other badge user interface elements such as recents and notifications.</p>
+
+<p>Update the Launcher to support badging. If you use <a
+href="https://android.googlesource.com/platform/packages/apps/Launcher3/">launcher3</a>
+in AOSP as-is, then you likely already support this badging feature.
+</p>
+
+<h3 id=nfc>NFC</h3>
+
+<p>On devices with NFC, NFC must be enabled in the Android Setup Wizard and
+configured to accept managed provisioning intents:</p>
+
+<code>packages/apps/Nfc/res/values/provisioning.xml</code>
+
+<pre>
+<bool name="enable_nfc_provisioning">true</bool>
+<item>application/com.android.managedprovisioning</item>
+</pre>
+
+<h3 id=setup_wizard>Setup Wizard</h3>
+
+<p>The Android Setup Wizard needs to support device owner provisioning. When it
+opens, it needs to check if another process (such as device owner provisioning)
+has already finished the user setup. If this is the case, it needs to fire a
+home intent and finish the setup wizard. </p>
+
+<p>This intent will be caught by the provisioning application, which will then
+hand over control to the newly set device owner. This can be achieved by adding
+the following to your setup wizard’s main activity:</p>
+
+<pre>
+@Override
+ protected void onStart() {
+ super.onStart();
+
+ // When returning to a setup wizard activity, check to see if another setup process
+ // has intervened and, if so, complete an orderly exit
+ boolean completed = Settings.Secure.getInt(getContentResolver(),
+ Settings.Secure.USER_SETUP_COMPLETE, 0) != 0;
+ if (completed) {
+ startActivity(new Intent(Intent.ACTION_MAIN, null)
+ .addCategory(Intent.CATEGORY_HOME)
+ .addFlags(Intent.FLAG_ACTIVITY_NEW_TASK
+ | Intent.FLAG_ACTIVITY_CLEAR_TASK
+ | Intent.FLAG_ACTIVITY_RESET_TASK_IF_NEEDED));
+ finish();
+ }
+
+ ...
+ }
+</pre>
diff --git a/src/devices/tech/admin/index.jd b/src/devices/tech/admin/index.jd
new file mode 100644
index 0000000..7798355
--- /dev/null
+++ b/src/devices/tech/admin/index.jd
@@ -0,0 +1,62 @@
+page.title=Device Administration
+@jd:body
+
+<!--
+ Copyright 2015 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<div id="qv-wrapper">
+ <div id="qv">
+ <h2>In this document</h2>
+ <ol id="auto-toc">
+ </ol>
+ </div>
+</div>
+
+<p>Devices running Android 5.0 and later with the managed_users feature
+declared can be used in a <a href="http://www.android.com/work/">corporate
+environment</a> under the auspices of each company’s information technology (IT)
+department. This is possible with the introduction of <a href="multi-user.html">multiple
+users</a>, <a href="managed-profiles.html">managed profiles</a>, and enterprise
+mobility management (EMM) applications, as well as enhancements to default
+<a
+href="{@docRoot}devices/tech/security/encryption/index.html">encryption</a>,
+<a
+href="{@docRoot}devices/tech/security/verifiedboot/index.html">verified
+boot</a>, and <a
+href="{@docRoot}devices/tech/security/selinux/index.html">SELinux</a>.</p>
+
+<p>With these enhancements, either users or their IT departments may create
+managed profiles that separate corporate employer data from personal user
+information. Follow the documents within this section of the site to properly
+implement corporate device administration.</p>
+
+<h2 id=summary>Summary</h2>
+
+<p>Follow this flow to employ device administration:</p>
+
+<ol>
+ <li>Gain an understanding of key concepts, such as <a
+href="multi-user.html">multiple users</a> and <a
+href="managed-profiles.html">managed profiles</a>.
+ <li><a href="implement.html">Implement device administration</a> via custom
+overlay files.
+ <li><a href="testing-setup.html">Test</a> and validate your devices with EMM providers and applications.
+</ol>
+
+<h2 id=supporting_documentation>Supporting documentation</h2>
+
+<p><a href="http://developer.android.com/guide/topics/admin/device-admin.html">Device Administration API</a></p>
+
+<p><a href="https://developer.android.com/training/enterprise/index.html">Building Apps for Work</a></p>
diff --git a/src/devices/tech/admin/managed-profiles.jd b/src/devices/tech/admin/managed-profiles.jd
new file mode 100644
index 0000000..c36510e
--- /dev/null
+++ b/src/devices/tech/admin/managed-profiles.jd
@@ -0,0 +1,170 @@
+page.title=Employing Managed Profiles
+@jd:body
+
+<!--
+ Copyright 2015 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<div id="qv-wrapper">
+ <div id="qv">
+ <h2>In this document</h2>
+ <ol id="auto-toc">
+ </ol>
+ </div>
+</div>
+
+<p>A <em>managed profile</em> or <em>work profile</em> is an Android <a
+href="multi-user.html">user</a> with some additional special properties around
+management and visual aesthetic.</p>
+
+<h2 id=purpose>DevicePolicyManager APIs</h2>
+
+<p>Android 5.x or newer offers a greatly improved DevicePolicyManager with dozens of new
+APIs to support both corporate-owned and bring your own device (BYOD)
+administration use cases. Examples include app restrictions, silent
+installation of certificates, and cross-profile sharing intent access control.
+You may use the sample Device Policy Client (DPC) app, <a
+href="https://developer.android.com/samples/BasicManagedProfile/index.html">BasicManagedProfile.apk</a>,
+as a starting point. See <a
+href="https://developer.android.com/training/enterprise/work-policy-ctrl.html">Building
+a Work Policy Controller</a> for additional details.
+
+<h2 id=purpose>Purpose</h2>
+
+<p>The primary goal of a managed profile is to create a segregated and secure
+space for managed (for example, corporate) data to reside. The administrator of
+the profile has full control over scope, ingress, and egress of data as well as
+its lifetime. These policies offer great powers and therefore fall upon the
+managed profile instead of the device administrator.</p>
+
+<ul>
+ <li><strong>Creation</strong> - Managed profiles can be created by any application in the primary user. The
+user is notified of managed profile behaviors and policy enforcement before
+creation.
+ <li><strong>Management</strong> - Management is performed by applications that programmatically invoke APIs in
+the <a href="http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html">DevicePolicyManager</a> class to restrict use. Such applications are referred to as <em>profile owners</em> and are defined at initial profile setup. Policies unique to managed profile
+involve app restrictions, updatability, and intent behaviors.
+ <li><strong>Visual treatment</strong> - Applications, notifications, and widgets from the managed profile are always
+badged and typically made available inline with user interface (UI) elements
+from the primary user.
+</ul>
+
+<h2 id=data_segregation>Data Segregation </h2>
+
+<h3 id=applications>Applications</h3>
+
+<p>Applications are scoped with their own segregated data when the same app exists
+in the primary user and managed profile. Generally, applications cannot
+communicate directly with one another across the profile-user boundary and act
+independently of one another.</p>
+
+<h3 id=accounts>Accounts</h3>
+
+<p>Accounts in the managed profile are distinctly unique from the primary user.
+There is no way to access credentials across the profile-user boundary. Only
+apps in their respective context are able to access their respective accounts.</p>
+
+<h3 id=intents>Intents</h3>
+
+<p>The administrator controls whether intents are resolved in/out of managed
+profile or not. Applications from the managed profile are default scoped to
+stay within the managed profile exception of the Device Policy API.</p>
+
+<h3 id=settings>Settings</h3>
+
+<p>Enforcement of settings is generally scoped to the managed profile with a few
+exceptions. Specifically, lockscreen and encryption settings are still scoped
+to the device and shared between the primary user and managed profile.
+Otherwise, a profile owner does not have any device administrator privileges
+outside the managed profile.</p>
+
+<p>Managed profiles are implemented as a new kind of secondary user, such that:</p>
+
+<pre>
+uid = 10000 * userid + appid
+</pre>
+
+
+<p>They have separate app data like regular users:</p>
+
+<pre>
+/data/user/<userid>
+</pre>
+
+<p>The UserId is calculated for all system requests using <code>Binder.getCallingUid()</code>, and all system state and responses are separated by userId. You may consider
+instead using <code>Binder.getCallingUserHandle</code> rather than <code>getCallingUid</code> to avoid confusion between uid and userId.</p>
+
+<p>The AccountManagerService maintains a separate list of accounts for each user.</p>
+
+<p>The main differences between a managed profile and a regular secondary user are
+as follows:</p>
+
+<ul>
+ <li> The managed profile is associated with its parent user and started alongside
+the primary user at boot time.
+ <li> Notifications for managed profiles are enabled by ActivityManagerService
+allowing the managed profile to share the activity stack with the primary user.
+ <li> Some other system services shared are: IME, A11Y services, Wi-Fi, and NFC.
+ <li> New Launcher APIs allow launchers to display badged apps and whitelisted
+widgets from the managed profile alongside apps in the primary profile without
+switching users.
+</ul>
+
+<h2 id=device_administration>Device administration</h2>
+
+<p>Android device administration includes two new types of device administrators for
+enterprises:</p>
+
+<ul>
+ <li><em>Profile owner</em>—Designed for bring your own device (BYOD) environments
+ <li><em>Device Owner</em>—Designed for corp-liable environments
+</ul>
+
+<p>The majority of the new device administrator APIs that have been added for
+Android 5.0 are available only to profile or device owners. Traditional device
+administrators remain but are applicable to the simpler consumer-only case
+(e.g. find my device).</p>
+
+<h3 id=profile_owners>Profile owners</h3>
+
+<p>A Device Policy Client (DPC) app typically functions as the profile owner. The
+DPC app is typically provided by an enterprise mobility management (EMM)
+partner, such as Google Apps Device Policy.</p>
+
+<p>The profile owner app creates a managed profile on the device by sending the
+<code>ACTION_PROVISION_MANAGED_PROFILE</code> intent. This profile is
+distinguished by the appearance of badged instances of
+apps, as well as personal instances. That badge, or Android device
+administration icon, identifies which apps are work apps.</p>
+
+<p>The EMM has control only over the managed profile (not personal space) with some
+exceptions, such as enforcing the lock screen.</p>
+
+<h3 id=device_owners>Device owners</h3>
+
+<p>The device owner can be set only in an unprovisioned device:</p>
+
+<ul>
+ <li>Can be provisioned only at initial device setup
+ <li>Enforced disclosure always displayed in quick-settings
+</ul>
+
+<p>Device owners can conduct some tasks profile owners cannot, and here are a few examples:</p>
+
+<ul>
+ <li>Wipe device data
+ <li>Disable Wi-Fi/ BT
+ <li>Control <code>setGlobalSetting</code>
+ <li><code>setLockTaskPackages</code> (the ability to whitelist packages that can pin themselves to the foreground)
+</ul>
diff --git a/src/devices/tech/admin/multi-user.jd b/src/devices/tech/admin/multi-user.jd
new file mode 100644
index 0000000..8319be0
--- /dev/null
+++ b/src/devices/tech/admin/multi-user.jd
@@ -0,0 +1,162 @@
+page.title=Supporting Multiple Users
+@jd:body
+
+<!--
+ Copyright 2015 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<div id="qv-wrapper">
+ <div id="qv">
+ <h2>In this document</h2>
+ <ol id="auto-toc">
+ </ol>
+ </div>
+</div>
+
+<p>This document describes the Android multi-user feature. It allows more than one
+user on a single Android device by separating their accounts and application
+data. For instance, parents may let their children use the family tablet. Or a
+critical team might share a mobile device for on-call duty.</p>
+
+<h1 id=definitions>Definitions</h1>
+
+<p>Before supporting multiple Android users, you should understand the basic
+concepts involved. Here are the primary terms used when describing Android
+users and accounts:</p>
+
+<ul>
+ <li><em>User</em> - Each user is intended to be used by a different physical person. Each user
+has distinct application data and some unique settings, as well as a user
+interface to explicitly switch between users. A user can run in the background
+when another user is active; the system manages shutting down users to conserve
+resources when appropriate. Secondary users can be created either directly via
+the primary user interface or from a <a
+href="https://developer.android.com/guide/topics/admin/device-admin.html">Device
+Administration</a> application.
+ <li><em>Account</em> - Accounts are contained within a user but are not defined by a user. Nor is a
+user defined by or linked to any given account. Users and profiles contain
+their own unique accounts but are not required to have accounts to be
+functional. The list of accounts differs by user. See the <a href="https://developer.android.com/reference/android/accounts/Account.html">Account class</a> definition.
+ <li><em>Profile<strong></em> </strong>- A profile has separated app data but shares some system-wide settings (for
+example, Wi-Fi and Bluetooth). A profile is a subset of and tied to the
+existence of a user. A user can have multiple profiles. They are created
+through a <a href="https://developer.android.com/guide/topics/admin/device-admin.html">Device
+Administration</a> application. A profile always has an immutable
+association to a ‘parent’ user, defined by the user that created the profile.
+Profiles do not live beyond the lifetime of the creating user.
+ <li><em>App</em> - An application’s data exists within each associated user. App data is
+sandboxed from other applications within the same user. Apps within the same
+user can interact with each other via IPC. See <a href="https://developer.android.com/training/enterprise/index.html">Building Apps for Work</a>.
+</ul>
+
+<h2 id=user_types>User types</h2>
+
+<ul>
+ <li><em>Primary</em> - The first user added to a device. The primary user cannot be removed except
+by factory reset. This user also has some special privileges and settings only
+it can set. The primary user is always running even when other users are in the
+foreground.
+ <li><em>Secondary</em> - Any user added to the device other than the primary user. They can be
+removed by either themselves or the primary user and cannot impact other users
+on a device. Secondary users can run in the background and will continue to
+have network connectivity when they do.
+ <li><em>Guest<strong></em> </strong>- A guest user is a temporary secondary user with an explicit option to quick
+delete the guest user when its usefulness is over. There can be only one guest
+user at a time.
+</ul>
+
+<h2 id=profile_types>Profile types</h2>
+
+<ul>
+ <li><em>Managed<strong></em> </strong>- Managed profiles are created by an application to contain work data and
+apps. They are managed exclusively by the ‘profile owner’, the app who created
+the corp profile. Launcher, notifications and recent tasks are shared by the
+primary user and the corp profile.
+ <li><em>Restricted</em> - Restricted profiles use the accounts based off the primary user. The Primary
+user can control what apps are available on the restricted profile. Restricted
+profiles are available only on tablets.
+</ul>
+
+<h1 id=effects>Effects</h1>
+
+<p>When users are added to a device, some functionality will be curtailed when
+another user is in the foreground. Since app data is separated by user, the
+state of those apps differs by user. For example, email destined for an account
+of a user not currently in focus won’t be available until that user and account
+are active on the device.</p>
+
+<p>The default state is only the primary user has full access to phone calls and
+texts. The secondary user may receive inbound calls but cannot send or receive
+texts. The primary user must enable these functions for others.</p>
+
+ <p class="note"><strong>Note</strong>: To enable or disable the phone and SMS functions for a secondary user, go to
+Settings > Users, select the user, and switch the <em>Allow phone calls and SMS</em> setting to off.</p>
+
+<p>Please note, some restrictions exist when a secondary user is in background.
+For instance, the background secondary user will not be able to display the
+user interface or make Bluetooth services active. Finally, background secondary
+users will be halted by the system process if the device needs additional
+memory for operations in the foreground user.</p>
+
+<p>Here are aspects of behavior to keep in mind when employing multiple users on
+an Android device:</p>
+
+<ul>
+ <li>Notifications appear for all accounts of a single user at once.
+ <li>Notifications for other users do not appear until they are active.
+ <li>Each user gets his or her own workspace to install and place apps.
+ <li>No user has access to the app data of another user.
+ <li>Any user can affect the installed apps for all users.
+ <li>The primary user can remove apps or even the entire workspace established by
+secondary users.
+</ul>
+
+<h1 id=implementation>Implementation</h1>
+
+<h2 id=managing_users>Managing users</h2>
+
+<p>Management of users and profiles (with the exception of restricted profiles) is
+performed by applications that programmatically invoke API in the <code>DevicePolicyManager</code> class to restrict use.</p>
+
+<p>Schools and enterprises may employ users and profiles to manage the lifetime
+and scope of apps and data on devices. They may use the types outlined above in
+conjunction with the <a href="http://developer.android.com/reference/android/os/UserManager.html">UserManager API</a> to build unique solutions tailored to their use cases.</p>
+
+<h2 id=applying_the_overlay>Applying the overlay</h2>
+
+<p>The multi-user feature is disabled by default in the Android 5.0 release. To
+enable it, device manufacturers must define a resource overlay that replaces
+the following values in frameworks/base/core/res/res/values/config.xml:</p>
+
+<pre>
+<!-- Maximum number of supported users -->
+<integer name="config_multiuserMaximumUsers">1</integer>
+<!-- Whether Multiuser UI should be shown -->
+<bool name="config_enableMultiUserUI">false</bool>
+</pre>
+
+<p>To apply this overlay and enable guest and secondary users on the device, use the
+<code>DEVICE_PACKAGE_OVERLAYS</code> feature of the Android build system to:</p>
+
+<ul>
+ <li> Replace the value for <code>config_multiuserMaximumUsers</code> with one greater than 1
+ <li> Replace the value of <code>config_enableMultiUserUI</code> with: <code>true</code>
+</ul>
+
+<p>Device manufacturers may decide upon the maximum number of users.</p>
+
+<p>That said, if device manufacturers or others have modified settings, they need
+to ensure SMS and telephony work as defined in the <a
+href="{@docRoot}compatibility/android-cdd.pdf">Android Compatibility Definition
+Document</a> (CDD).</p>
diff --git a/src/devices/tech/admin/multiuser-apps.jd b/src/devices/tech/admin/multiuser-apps.jd
new file mode 100644
index 0000000..6577bcf
--- /dev/null
+++ b/src/devices/tech/admin/multiuser-apps.jd
@@ -0,0 +1,104 @@
+page.title=Building Multiuser-Aware Apps
+@jd:body
+
+<!--
+ Copyright 2015 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<div id="qv-wrapper">
+ <div id="qv">
+ <h2>In this document</h2>
+ <ol id="auto-toc">
+ </ol>
+ </div>
+</div>
+
+<p>When a device supports <a href="multi-user.html">multiple users</a>, its apps must be made aware of these distinct users.</p>
+
+<p>Certain apps need to have some components run as singletons and can accept
+requests from any user. Only system apps can currently use this feature.</p>
+
+<p>This facility:</p>
+
+<ul>
+ <li>Conserves resources
+ <li>Arbitrates one or more shared resources across users
+ <li>Reduces network overhead by using a single server connection
+</ul>
+
+<p>See the diagram below for a depiction of permissions flow with multiple users.</p>
+
+<p><img src="images/multi-user-perms.png" alt="Multiple users permissions flow" />
+<p class="img-caption"><strong>Figure 1.</strong> Multiple users permissions</p>
+
+<h2 id=enabling_a_singleton_component>Enabling a singleton component</h2>
+
+<p>To identify an app as a singleton, Add <code>android:singleUser=”true”</code> to your service or provider in the Android manifest.</p>
+
+<p>The system will instantiate that component in the process running as user 0
+only. Any requests to connect to that provider or service from any user will be
+routed to the process in user 0. If this is the only component in your app,
+only one instance of your app will run.</p>
+
+<p>Activities in your package will still be launched in a separate process for
+each user, with the UID being in the UID range for that user (such as 1010034).</p>
+
+<h2 id=interacting_with_users>Interacting with users</h2>
+
+<h3 id=perms_required>Set permissions</h3>
+
+<p>These permissions are required</p>
+
+<pre>
+INTERACT_ACROSS_USERS (signature|system)
+INTERACT_ACROSS_USERS_FULL (signature)
+</pre>
+
+<h3 id=apis>Employ APIs</h3>
+
+<p>Use the following APIs to make apps aware of multiple users.</p>
+
+<ol>
+ <li> Extract the user handle from incoming Binder calls:
+ <ul>
+ <li> <code>int userHandle = UserHandle.getCallingUserId()</code>
+ </ul>
+ <li> Use new, protected APIs to start services, activities, broadcasts on a specific
+user:
+ <ul>
+ <li><code>Context.startActivityAsUser(Intent, UserHandle)</code>
+ <li><code>Context.bindServiceAsUser(Intent, …, UserHandle)</code>
+ <li><code>Context.sendBroadcastAsUser(Intent, … , UserHandle)</code>
+ <li><code>Context.startServiceAsUser(Intent, …, UserHandle)
+UserHandle</code> can be an explicit user or one of the special handles: <code>UserHandle.CURRENT</code> or <code>UserHandle.ALL</code>. <code>CURRENT</code> indicates the user that is currently in the foreground. You can use <code>ALL</code> when you want to send a broadcast to all users.
+ </ul>
+ <li>Communicate with components in your own app:
+<code>(INTERACT_ACROSS_USERS)</code>
+Or with components in other apps:
+<code>(INTERACT_ACROSS_USERS_FULL)</code>
+ <li>You may need to create proxy components that run in the user’s process that
+then access the <code>singleUser</code> component in user 0.
+ <li>Query users and their handles with the new <code>UserManager</code> system service:
+ <ul>
+ <li><code>UserManager.getUsers()</code>
+ <li><code>UserManager.getUserInfo()</code>
+ <li><code>UserManager.supportsMultipleUsers()</code>
+ <li><code>UserManager.getUserSerialNumber(int userHandle)</code> - a non-recycled number that corresponds to a user handle.
+ <li><code>UserManager.getUserHandle(int serialNumber)</code>
+ <li><code>UserManager.getUserProfiles() </code>- returns the collection of self and managed profiles, if any.
+ </ul>
+ <li>Register to listen to specific or all users and the callbacks with new APIs on
+ContentObserver, PackageMonitor, BroadcastReceiver that provide additional
+information about which user has caused the callback.
+</ol>
diff --git a/src/devices/tech/admin/provision.jd b/src/devices/tech/admin/provision.jd
new file mode 100644
index 0000000..62b898e
--- /dev/null
+++ b/src/devices/tech/admin/provision.jd
@@ -0,0 +1,168 @@
+page.title=Provisioning for Device Administration
+@jd:body
+
+<!--
+ Copyright 2015 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<div id="qv-wrapper">
+ <div id="qv">
+ <h2>In this document</h2>
+ <ol id="auto-toc">
+ </ol>
+ </div>
+</div>
+
+<p>This page describes the process for deploying devices to corporate users.</p>
+
+<p>Device owner provisioning can be accomplished over NFC or with an activation
+code. See <a href="implement.html">Implementing Device Administration</a> for
+the complete list of requirements.</p>
+
+<p>Download the <a
+href="https://github.com/googlesamples/android-NfcProvisioning">NfcProvisioning
+APK</a> and <a
+href="https://github.com/googlesamples/android-DeviceOwner">Android-DeviceOwner
+APK</a>.</p>
+
+<h2 id=managed_provisioning>Managed Provisioning</h2>
+
+<p>Managed Provisioning is a framework UI flow to ensure users are adequately
+informed of the implications of setting a device owner or managed profile. You can
+think of it as a setup wizard for managed profiles.</p>
+
+<p class="note"><strong>Note:</strong> Remember, the device owner can be set
+only from an unprovisioned device. If
+<code>Settings.Secure.USER_SETUP_COMPLETE</code> has ever been set, then the
+device is considered provisioned & device owner cannot be set.</p>
+
+<p>Please note, devices that enable default encryption offer considerably
+simpler/quicker device administration provisioning flow. The managed provisioning
+component:</p>
+
+<ul>
+ <li>Encrypts the device</li>
+ <li>Creates the managed profile</li>
+ <li>Disables non-required applications</li>
+ <li>Sets the enterprise mobility management (EMM) app as profile owner</li>
+</ul>
+
+<p>In turn, the EMM app:</p>
+
+<ul>
+ <li>Adds user accounts</li>
+ <li>Enforces device compliance</li>
+ <li>Enables any additional system applications</li>
+</ul>
+
+<p>In this flow, managed provisioning triggers device encryption. The framework
+ copies the EMM app into the managed profile as part of managed provisioning.
+ The instance of the EMM app inside of the managed profile gets a callback from the
+framework when provisioning is done.</p>
+
+<p>The EMM can then add accounts and enforce policies; it then calls
+<code>setProfileEnabled()</code>, which makes the launcher icons visible.</p>
+
+<h2 id=profile_owner_provisioning>Profile Owner Provisioning</h2>
+
+<p>Profile owner provisioning assumes the user of the device oversees its
+management (and not a company IT department). To enable, profile owner
+provisioning, you must send an intent with appropriate extras. See the <a href="https://developer.android.com/samples/BasicManagedProfile/index.html">BasicManagedProfile.apk</a> for an example.</p>
+
+<p>Mobile Device Management (MDM) applications trigger the creation of the managed
+profile by sending an intent with action:</p>
+
+<p><a href="https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/app/admin/DevicePolicyManager.java">DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE</a></p>
+
+<p>Here is a sample intent that will trigger the creation of the managed profile
+and set the DeviceAdminSample as the profile owner:</p>
+
+<pre>
+adb shell am start -a android.app.action.PROVISION_MANAGED_PROFILE \
+ -c android.intent.category.DEFAULT \
+ -e wifiSsid $(printf '%q' \"GoogleGuest\") \
+ -e deviceAdminPackage "com.google.android.deviceadminsample" \
+ -e android.app.extra.deviceAdminPackageName $(printf '%q'
+ .DeviceAdminSample\$DeviceAdminSampleReceiver) \
+ -e android.app.extra.DEFAULT_MANAGED_PROFILE_NAME "My Organisation"
+</pre>
+
+<h2 id=device_owner_provisioning_via_nfc>Device Owner Provisioning via NFC</h2>
+
+<p>Device owner provisioning via NFC is similar to the profile owner method but
+requires more bootstrapping before managed provisioning.</p>
+
+<p>To use this method, <a href="http://developer.android.com/guide/topics/connectivity/nfc/nfc.html">NFC bump</a> the device from the first page of setup wizard (SUW). This offers a low-touch
+flow and configures Wi-Fi, installs the DPC, and sets the DPC as device owner.</p>
+
+<p>Here is the typical NFC bundle:</p>
+
+<pre>
+ EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME
+ EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_LOCATION
+ EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM
+ EXTRA_PROVISIONING_WIFI_SSID
+ EXTRA_PROVISIONING_WIFI_SECURITY_TYPE
+</pre>
+
+<p>The device must have NFC configured to accept the managed provisioning mimetype
+from SUW:</p>
+
+<pre>
+/packages/apps/Nfc/res/values/provisioning.xml
+
+ <bool name="enable_nfc_provisioning">true</bool>
+ <item>application/com.android.managedprovisioning</item>
+</pre>
+
+<h2 id=device_owner_provisioning_with_activation_code>Device Owner Provisioning with Activation Code</h2>
+
+<p>Select <em>Add Work Account</em> from the setup wizard. This triggers a
+lookup of the EMM from Android servers.</p>
+
+<p>The device installs the EMM app and starts provisioning flow. As an extra
+option, Android device administration supports the option of using email
+address with a six-digit activation code to bootstrap the process as part of
+setup wizard.</p>
+
+<h2 id=emm_benefits>EMM benefits</h2>
+
+<p>An EMM can help by conducting these tasks for you:</p>
+
+<ul>
+ <li>Provision managed profile
+ <li>Apply security policies
+ <ul>
+ <li>Set password complexity
+ <li>Lockdowns: disable screenshots, sharing from managed profile, etc.
+ </ul>
+ <li>Configure enterprise connectivity
+ <ul>
+ <li>Use WifiEnterpriseConfig to configure corporate Wi-Fi
+ <li>Configure VPN on the device
+ <li>Use DPM.setApplicationRestrictions() to configure corporate VPN
+ </ul>
+ <li>Enable corporate app Single Sign-On (SSO)
+ <ul>
+ <li>Install desired corporate apps
+ <li>Use DPM.installKeyPair()to silently install corp client certs
+ <li>Use DPM.setApplicationRestrictions() to configure hostnames, cert alias’ of
+corporate apps
+ </ul>
+</ul>
+
+<p>Managed provisioning is just one piece of the EMM end-to-end workflow, with the
+ end goal being to make corporate data accessible to apps in the managed profile.</p>
+
+<p>See <a href="https://docs.google.com/document/d/1xWdZHjsDB_4FWQcHfPh84EuTvljoMgrc2JINGMBtDQg/edit#">Manual Setup for Device Owner Testing</a> for testing instructions.</p>
diff --git a/src/devices/tech/admin/testing-setup.jd b/src/devices/tech/admin/testing-setup.jd
new file mode 100644
index 0000000..678c04b
--- /dev/null
+++ b/src/devices/tech/admin/testing-setup.jd
@@ -0,0 +1,93 @@
+page.title=Setting up Device Testing
+@jd:body
+
+<!--
+ Copyright 2015 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<div id="qv-wrapper">
+ <div id="qv">
+ <h2>In this document</h2>
+ <ol id="auto-toc">
+ </ol>
+ </div>
+</div>
+
+<p>These are the essential elements that must exist for OEM devices to ensure
+minimal support for managed profiles:</p>
+
+<ul>
+ <li>Profile Owner as described in <a
+href="https://developer.android.com/training/enterprise/app-compatibility.html">Ensuring
+Compatibility with Managed Profiles</a>
+ <li>Device Owner
+ <li>Activation Code Provisioning
+ </ul>
+<p>See <a href="implement.html">Implementing Device Administration</a> for the complete list of requirements.</p>
+
+<h2 id=summary>Summary</h2>
+<p>To test your device administration features:</p>
+
+<ol>
+ <li>For device owner, use the <a
+href="https://developer.android.com/samples/BasicManagedProfile/index.html">BasicManagedProfile.apk</a>
+test app.
+ <li>Consider working with other enterprise mobility management (EMM) providers
+directly.
+</ol>
+
+<h2 id=set_up_the_device_owner_for_testing>Set up the device owner for testing</h2>
+<ol>
+ <li>Device MUST be built with <strong>userdebug</strong> or <strong>eng</strong> build.
+ </li>
+ <li>Factory reset the target device (and continue with the next steps in the
+ meantime).
+ </li>
+ <li>Download <a
+ href="http://developer.android.com/downloads/samples/BasicManagedProfile.zip">BasicManagedProfile.zip</a>. (Also see the <a
+ href="http://developer.android.com/samples/BasicManagedProfile/index.html">BasicManagedProfile</a> documentation.)</li>
+ <li>Unzip the file.
+ <li>Navigate (<code>cd</code>) to the unzipped directory.</li>
+ <li>If you don't have it, download the <a href="http://developer.android.com/sdk/index.html#Other">Android SDK Tools</a> package.</li>
+ <li>Create a file with the name <code>local.properties</code> containing the following single
+ line:<br>
+ <code>sdk.dir=<em><path to your android SDK folder></em></code><br>
+ <li>On Linux and Mac OS, run:<br>
+ <code>./gradlew assembleDebug</code><br>
+ Or on windows run:<br>
+ <code>gradlew.bat assembleDebug</code></li>
+ <li>If the build is unsuccessful because you have an outdated android SDK, run:<br>
+ <code><em><your android sdk folder></em>/tools/android update sdk -u -a</code></li>
+ <li>Wait for factory reset to complete if it hasn’t yet.<br>
+ <p class="Caution"><strong>Caution</strong>: Stay on the first screen
+ after factory reset and do not finish the setup wizard.</li>
+ <li>Install the BasicManagedProfile app by running the following command:<br>
+ <code>adb install ./Application/build/outputs/apk/Application-debug.apk </code>
+ </li>
+ <li>Set this app as the device owner by running this command:<br><code>$ adb shell am start -a
+ com.android.managedprovisioning.ACTION_PROVISION_MANAGED_DEVICE --es
+ android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME
+ com.example.android.basicmanagedprofile</code>
+ </li>
+ <li>Go through device owner setup on the device (encrypt, select Wi-Fi, etc.)</li>
+</ol>
+
+<h2 id=verify_the_device_owner_was_correctly_setup>Verify the device owner was correctly setup</h2>
+<ol>
+ <li>Go to <em>Settings > Security > Device Administrators</em>.
+ </li>
+ <li>Confirm the BasicManagedProfile is in the list and verify it cannot be
+ disabled. (This signifies it is a device owner.)
+ </li>
+</ol>
diff --git a/src/devices/tech/index.jd b/src/devices/tech/index.jd
index 62a1f59..10c42ab 100644
--- a/src/devices/tech/index.jd
+++ b/src/devices/tech/index.jd
@@ -30,14 +30,6 @@
are looking to modify, contribute to, or port the Android software. This is
"under the hood" information intended for engineers.</p>
-<h2 id="accessory-protocol-information">Accessories</h2>
-<p>Android devices can connect to hardware accessories, such as audio docks,
-keyboards and custom hardware, through USB or Bluetooth. This section
-describes the Android Open Accessory protocol (AOAP) for accessory hardware
-builders.</p>
-<p><a href="{@docRoot}accessories/index.html">» Accessory Protocol
-Information</a></p>
-
<h2 id="art-technical-information">ART</h2>
<p>The Android runtime (ART) is the heart of Android. It's a fast, ahead-of-time
compiled runtime with modern garbage collection designed to scale.
@@ -61,6 +53,13 @@
<p><a href="{@docRoot}devices/tech/debug/index.html">» Debugging
Information</a></p>
+<h2 id="admin-information">Device Administration</h2>
+<p>Since Android 5.0, the platform supports use cases in a corporate
+environment under the auspices of each company’s information technology (IT)
+department.</p>
+<p><a href="{@docRoot}devices/tech/admin/index.html">» Device
+administration information</a></p>
+
<h2 id="HAL-technical-information">HAL File Reference</h2>
<p>Android's Hardware Abstraction Layer (HAL) provides the interface between
software APIs and hardware drivers. This section contains the commented code
@@ -109,4 +108,4 @@
slot into environments with existing build, test, and reporting
infrastructures.</p>
<p><a href="{@docRoot}devices/tech/test_infra/tradefed/index.html">
-» Trade Federation Testing Infrastructure Overview</a></p>
\ No newline at end of file
+» Trade Federation Testing Infrastructure Overview</a></p>
