chore: Update discovery artifacts (#1291)
* chore: update docs/dyn/index.md
* chore(abusiveexperiencereport): update the api
* chore(acceleratedmobilepageurl): update the api
* chore(accessapproval): update the api
* chore(accesscontextmanager): update the api
* chore(adexchangebuyer2): update the api
* chore(adexperiencereport): update the api
* chore(admob): update the api
* chore(analytics): update the api
* chore(analyticsreporting): update the api
* chore(androiddeviceprovisioning): update the api
* chore(androidenterprise): update the api
* chore(androidpublisher): update the api
* chore(apigateway): update the api
* chore(artifactregistry): update the api
* chore(bigqueryconnection): update the api
* chore(bigquerydatatransfer): update the api
* chore(billingbudgets): update the api
* chore(binaryauthorization): update the api
* chore(blogger): update the api
* chore(books): update the api
* chore(calendar): update the api
* chore(chat): update the api
* chore(chromeuxreport): update the api
* chore(civicinfo): update the api
* chore(classroom): update the api
* chore(cloudbilling): update the api
* chore(cloudbuild): update the api
* chore(clouddebugger): update the api
* chore(clouderrorreporting): update the api
* chore(cloudfunctions): update the api
* chore(cloudidentity): update the api
* chore(cloudiot): update the api
* chore(cloudkms): update the api
* chore(cloudprofiler): update the api
* chore(cloudresourcemanager): update the api
* chore(cloudscheduler): update the api
* chore(cloudshell): update the api
* chore(cloudtasks): update the api
* chore(cloudtrace): update the api
* chore(composer): update the api
* chore(containeranalysis): update the api
* chore(content): update the api
* chore(customsearch): update the api
* chore(datacatalog): update the api
* chore(datafusion): update the api
* chore(datamigration): update the api
* chore(datastore): update the api
* chore(deploymentmanager): update the api
* chore(digitalassetlinks): update the api
* chore(displayvideo): update the api
* chore(dlp): update the api
* chore(dns): update the api
* chore(docs): update the api
* chore(domains): update the api
* chore(domainsrdap): update the api
* chore(doubleclickbidmanager): update the api
* chore(doubleclicksearch): update the api
* chore(drive): update the api
* chore(driveactivity): update the api
* chore(eventarc): update the api
* chore(factchecktools): update the api
* chore(fcm): update the api
* chore(file): update the api
* chore(firebase): update the api
* chore(firebasedatabase): update the api
* chore(firebasedynamiclinks): update the api
* chore(firebasehosting): update the api
* chore(firebaseml): update the api
* chore(firebaserules): update the api
* chore(firestore): update the api
* chore(fitness): update the api
* chore(gamesConfiguration): update the api
* chore(gamesManagement): update the api
* chore(gameservices): update the api
* chore(genomics): update the api
* chore(gmail): update the api
* chore(gmailpostmastertools): update the api
* chore(groupsmigration): update the api
* chore(groupssettings): update the api
* chore(healthcare): update the api
* chore(iam): update the api
* chore(iamcredentials): update the api
* chore(iap): update the api
* chore(identitytoolkit): update the api
* chore(indexing): update the api
* chore(jobs): update the api
* chore(kgsearch): update the api
* chore(language): update the api
* chore(libraryagent): update the api
* chore(licensing): update the api
* chore(lifesciences): update the api
* chore(logging): update the api
* chore(managedidentities): update the api
* chore(manufacturers): update the api
* chore(memcache): update the api
* chore(ml): update the api
* chore(monitoring): update the api
* chore(networkmanagement): update the api
* chore(osconfig): update the api
* chore(pagespeedonline): update the api
* chore(playablelocations): update the api
* chore(playcustomapp): update the api
* chore(policytroubleshooter): update the api
* chore(poly): update the api
* chore(privateca): update the api
* chore(prod_tt_sasportal): update the api
* chore(pubsub): update the api
* chore(pubsublite): update the api
* chore(realtimebidding): update the api
* chore(recommendationengine): update the api
* chore(recommender): update the api
* chore(redis): update the api
* chore(remotebuildexecution): update the api
* chore(reseller): update the api
* chore(runtimeconfig): update the api
* chore(safebrowsing): update the api
* chore(sasportal): update the api
* chore(script): update the api
* chore(searchconsole): update the api
* chore(secretmanager): update the api
* chore(servicecontrol): update the api
* chore(servicedirectory): update the api
* chore(siteVerification): update the api
* chore(slides): update the api
* chore(smartdevicemanagement): update the api
* chore(sourcerepo): update the api
* chore(sqladmin): update the api
* chore(storage): update the api
* chore(storagetransfer): update the api
* chore(streetviewpublish): update the api
* chore(sts): update the api
* chore(tagmanager): update the api
* chore(tasks): update the api
* chore(testing): update the api
* chore(texttospeech): update the api
* chore(toolresults): update the api
* chore(trafficdirector): update the api
* chore(transcoder): update the api
* chore(translate): update the api
* chore(vault): update the api
* chore(vectortile): update the api
* chore(verifiedaccess): update the api
* chore(videointelligence): update the api
* chore(vision): update the api
* chore(webfonts): update the api
* chore(webmasters): update the api
* chore(websecurityscanner): update the api
* chore(workflowexecutions): update the api
* chore(workflows): update the api
* chore(youtubeAnalytics): update the api
* chore(youtubereporting): update the api
* chore(docs): Add new discovery artifacts and reference documents
diff --git a/docs/dyn/androidmanagement_v1.enterprises.policies.html b/docs/dyn/androidmanagement_v1.enterprises.policies.html
index b41c6cf..5eda8a2 100644
--- a/docs/dyn/androidmanagement_v1.enterprises.policies.html
+++ b/docs/dyn/androidmanagement_v1.enterprises.policies.html
@@ -138,6 +138,8 @@
"adjustVolumeDisabled": True or False, # Whether adjusting the master volume is disabled. Also mutes the device.
"advancedSecurityOverrides": { # Security policies set to the most secure values by default. To maintain the security posture of a device, we don't recommend overriding any of the default values. # Security policies set to the most secure values by default. To maintain the security posture of a device, we don't recommend overriding any of the default values.
"commonCriteriaMode": "A String", # Controls Common Criteria Mode—security standards defined in the Common Criteria for Information Technology Security Evaluation (https://www.commoncriteriaportal.org/) (CC). Enabling Common Criteria Mode increases certain security components on a device, including AES-GCM encryption of Bluetooth Long Term Keys, and Wi-Fi configuration stores.Warning: Common Criteria Mode enforces a strict security model typically only required for IT products used in national security systems and other highly sensitive organizations. Standard device use may be affected. Only enabled if required.
+ "developerSettings": "A String", # Controls access to developer settings: developer options and safe boot. Replaces safeBootDisabled (deprecated) and debuggingFeaturesAllowed (deprecated).
+ "googlePlayProtectVerifyApps": "A String", # Whether Google Play Protect verification (https://support.google.com/accounts/answer/2812853) is enforced. Replaces ensureVerifyAppsEnabled (deprecated).
"untrustedAppsPolicy": "A String", # The policy for untrusted apps (apps from unknown sources) enforced on the device. Replaces install_unknown_sources_allowed (deprecated).
},
"alwaysOnVpnPackage": { # Configuration for an always-on VPN connection. # Configuration for an always-on VPN connection. Use with vpn_config_disabled to prevent modification of this setting.
@@ -189,13 +191,13 @@
"bluetoothDisabled": True or False, # Whether bluetooth is disabled. Prefer this setting over bluetooth_config_disabled because bluetooth_config_disabled can be bypassed by the user.
"cameraDisabled": True or False, # Whether all cameras on the device are disabled.
"cellBroadcastsConfigDisabled": True or False, # Whether configuring cell broadcast is disabled.
- "choosePrivateKeyRules": [ # Rules for automatically choosing a private key and certificate to authenticate the device to a server. The rules are ordered by increasing precedence, so if an outgoing request matches more than one rule, the last rule defines which private key to use.
- { # A rule for automatically choosing a private key and certificate to authenticate the device to a server.
- "packageNames": [ # The package names for which outgoing requests are subject to this rule. If no package names are specified, then the rule applies to all packages. For each package name listed, the rule applies to that package and all other packages that shared the same Android UID. The SHA256 hash of the signing key signatures of each package_name will be verified against those provided by Play
+ "choosePrivateKeyRules": [ # Rules for determining apps' access to private keys. See ChoosePrivateKeyRule for details.
+ { # Controls apps' access to private keys. The rule determines which private key, if any, Android Device Policy grants to the specified app. Access is granted either when the app calls KeyChain.choosePrivateKeyAlias (https://developer.android.com/reference/android/security/KeyChain#choosePrivateKeyAlias%28android.app.Activity,%20android.security.KeyChainAliasCallback,%20java.lang.String[],%20java.security.Principal[],%20java.lang.String,%20int,%20java.lang.String%29) (or any overloads) to request a private key alias for a given URL, or for rules that are not URL-specific (that is, if urlPattern is not set, or set to the empty string or .*) on Android 11 and above, directly so that the app can call KeyChain.getPrivateKey (https://developer.android.com/reference/android/security/KeyChain#getPrivateKey%28android.content.Context,%20java.lang.String%29), without first having to call KeyChain.choosePrivateKeyAlias.When an app calls KeyChain.choosePrivateKeyAlias if more than one choosePrivateKeyRules matches, the last matching rule defines which key alias to return.
+ "packageNames": [ # The package names to which this rule applies. The hash of the signing certificate for each app is verified against the hash provided by Play. If no package names are specified, then the alias is provided to all apps that call KeyChain.choosePrivateKeyAlias (https://developer.android.com/reference/android/security/KeyChain#choosePrivateKeyAlias%28android.app.Activity,%20android.security.KeyChainAliasCallback,%20java.lang.String[],%20java.security.Principal[],%20java.lang.String,%20int,%20java.lang.String%29) or any overloads (but not without calling KeyChain.choosePrivateKeyAlias, even on Android 11 and above). Any app with the same Android UID as a package specified here will have access when they call KeyChain.choosePrivateKeyAlias.
"A String",
],
"privateKeyAlias": "A String", # The alias of the private key to be used.
- "urlPattern": "A String", # The URL pattern to match against the URL of the outgoing request. The pattern may contain asterisk (*) wildcards. Any URL is matched if unspecified.
+ "urlPattern": "A String", # The URL pattern to match against the URL of the request. If not set or empty, it matches all URLs. This uses the regular expression syntax of java.util.regex.Pattern.
},
],
"complianceRules": [ # Rules declaring which mitigating actions to take when a device is not compliant with its policy. When the conditions for multiple rules are satisfied, all of the mitigating actions for the rules are taken. There is a maximum limit of 100 rules. Use policy enforcement rules instead.
@@ -259,7 +261,7 @@
"modifyAccountsDisabled": True or False, # Whether adding or removing accounts is disabled.
"mountPhysicalMediaDisabled": True or False, # Whether the user mounting physical external media is disabled.
"name": "A String", # The name of the policy in the form enterprises/{enterpriseId}/policies/{policyId}.
- "networkEscapeHatchEnabled": True or False, # Whether the network escape hatch is enabled. If a network connection can't be made at boot time, the escape hatch prompts the user to temporarily connect to a network in order to refresh the device policy. After applying policy, the temporary network will be forgotten and the device will continue booting. This prevents being unable to connect to a network if there is no suitable network in the last policy and the device boots into an app in lock task mode, or the user is otherwise unable to reach device settings.
+ "networkEscapeHatchEnabled": True or False, # Whether the network escape hatch is enabled. If a network connection can't be made at boot time, the escape hatch prompts the user to temporarily connect to a network in order to refresh the device policy. After applying policy, the temporary network will be forgotten and the device will continue booting. This prevents being unable to connect to a network if there is no suitable network in the last policy and the device boots into an app in lock task mode, or the user is otherwise unable to reach device settings.Note: Setting wifiConfigDisabled to true will override this setting under specific circumstances. Please see wifiConfigDisabled for further details.
"networkResetDisabled": True or False, # Whether resetting network settings is disabled.
"oncCertificateProviders": [ # This feature is not generally available.
{ # This feature is not generally available.
@@ -297,7 +299,7 @@
"requirePasswordUnlock": "A String", # The length of time after a device or work profile is unlocked using a strong form of authentication (password, PIN, pattern) that it can be unlocked using any other authentication method (e.g. fingerprint, trust agents, face). After the specified time period elapses, only strong forms of authentication can be used to unlock the device or work profile.
},
],
- "passwordRequirements": { # Requirements for the password used to unlock a device. # Password requirements. The field password_requirements.require_password_unlock must not be set. DEPRECATED - Use password_policies.
+ "passwordRequirements": { # Requirements for the password used to unlock a device. # Password requirements. The field password_requirements.require_password_unlock must not be set. DEPRECATED - Use password_policies.Note:Complexity-based values of PasswordQuality, that is, COMPLEXITY_LOW, COMPLEXITY_MEDIUM, and COMPLEXITY_HIGH, cannot be used here.
"maximumFailedPasswordsForWipe": 42, # Number of incorrect device-unlock passwords that can be entered before a device is wiped. A value of 0 means there is no restriction.
"passwordExpirationTimeout": "A String", # Password expiration timeout.
"passwordHistoryLength": 42, # The length of the password history. After setting this field, the user won't be able to enter a new password that is the same as any password in the history. A value of 0 means there is no restriction.
@@ -455,7 +457,7 @@
"usbMassStorageEnabled": True or False, # Whether USB storage is enabled. Deprecated.
"version": "A String", # The version of the policy. This is a read-only field. The version is incremented each time the policy is updated.
"vpnConfigDisabled": True or False, # Whether configuring VPN is disabled.
- "wifiConfigDisabled": True or False, # Whether configuring Wi-Fi access points is disabled.
+ "wifiConfigDisabled": True or False, # Whether configuring Wi-Fi access points is disabled.Note: If a network connection can't be made at boot time and configuring Wi-Fi is disabled then network escape hatch will be shown in order to refresh the device policy (see networkEscapeHatchEnabled).
"wifiConfigsLockdownEnabled": True or False, # DEPRECATED - Use wifi_config_disabled.
}</pre>
</div>
@@ -487,6 +489,8 @@
"adjustVolumeDisabled": True or False, # Whether adjusting the master volume is disabled. Also mutes the device.
"advancedSecurityOverrides": { # Security policies set to the most secure values by default. To maintain the security posture of a device, we don't recommend overriding any of the default values. # Security policies set to the most secure values by default. To maintain the security posture of a device, we don't recommend overriding any of the default values.
"commonCriteriaMode": "A String", # Controls Common Criteria Mode—security standards defined in the Common Criteria for Information Technology Security Evaluation (https://www.commoncriteriaportal.org/) (CC). Enabling Common Criteria Mode increases certain security components on a device, including AES-GCM encryption of Bluetooth Long Term Keys, and Wi-Fi configuration stores.Warning: Common Criteria Mode enforces a strict security model typically only required for IT products used in national security systems and other highly sensitive organizations. Standard device use may be affected. Only enabled if required.
+ "developerSettings": "A String", # Controls access to developer settings: developer options and safe boot. Replaces safeBootDisabled (deprecated) and debuggingFeaturesAllowed (deprecated).
+ "googlePlayProtectVerifyApps": "A String", # Whether Google Play Protect verification (https://support.google.com/accounts/answer/2812853) is enforced. Replaces ensureVerifyAppsEnabled (deprecated).
"untrustedAppsPolicy": "A String", # The policy for untrusted apps (apps from unknown sources) enforced on the device. Replaces install_unknown_sources_allowed (deprecated).
},
"alwaysOnVpnPackage": { # Configuration for an always-on VPN connection. # Configuration for an always-on VPN connection. Use with vpn_config_disabled to prevent modification of this setting.
@@ -538,13 +542,13 @@
"bluetoothDisabled": True or False, # Whether bluetooth is disabled. Prefer this setting over bluetooth_config_disabled because bluetooth_config_disabled can be bypassed by the user.
"cameraDisabled": True or False, # Whether all cameras on the device are disabled.
"cellBroadcastsConfigDisabled": True or False, # Whether configuring cell broadcast is disabled.
- "choosePrivateKeyRules": [ # Rules for automatically choosing a private key and certificate to authenticate the device to a server. The rules are ordered by increasing precedence, so if an outgoing request matches more than one rule, the last rule defines which private key to use.
- { # A rule for automatically choosing a private key and certificate to authenticate the device to a server.
- "packageNames": [ # The package names for which outgoing requests are subject to this rule. If no package names are specified, then the rule applies to all packages. For each package name listed, the rule applies to that package and all other packages that shared the same Android UID. The SHA256 hash of the signing key signatures of each package_name will be verified against those provided by Play
+ "choosePrivateKeyRules": [ # Rules for determining apps' access to private keys. See ChoosePrivateKeyRule for details.
+ { # Controls apps' access to private keys. The rule determines which private key, if any, Android Device Policy grants to the specified app. Access is granted either when the app calls KeyChain.choosePrivateKeyAlias (https://developer.android.com/reference/android/security/KeyChain#choosePrivateKeyAlias%28android.app.Activity,%20android.security.KeyChainAliasCallback,%20java.lang.String[],%20java.security.Principal[],%20java.lang.String,%20int,%20java.lang.String%29) (or any overloads) to request a private key alias for a given URL, or for rules that are not URL-specific (that is, if urlPattern is not set, or set to the empty string or .*) on Android 11 and above, directly so that the app can call KeyChain.getPrivateKey (https://developer.android.com/reference/android/security/KeyChain#getPrivateKey%28android.content.Context,%20java.lang.String%29), without first having to call KeyChain.choosePrivateKeyAlias.When an app calls KeyChain.choosePrivateKeyAlias if more than one choosePrivateKeyRules matches, the last matching rule defines which key alias to return.
+ "packageNames": [ # The package names to which this rule applies. The hash of the signing certificate for each app is verified against the hash provided by Play. If no package names are specified, then the alias is provided to all apps that call KeyChain.choosePrivateKeyAlias (https://developer.android.com/reference/android/security/KeyChain#choosePrivateKeyAlias%28android.app.Activity,%20android.security.KeyChainAliasCallback,%20java.lang.String[],%20java.security.Principal[],%20java.lang.String,%20int,%20java.lang.String%29) or any overloads (but not without calling KeyChain.choosePrivateKeyAlias, even on Android 11 and above). Any app with the same Android UID as a package specified here will have access when they call KeyChain.choosePrivateKeyAlias.
"A String",
],
"privateKeyAlias": "A String", # The alias of the private key to be used.
- "urlPattern": "A String", # The URL pattern to match against the URL of the outgoing request. The pattern may contain asterisk (*) wildcards. Any URL is matched if unspecified.
+ "urlPattern": "A String", # The URL pattern to match against the URL of the request. If not set or empty, it matches all URLs. This uses the regular expression syntax of java.util.regex.Pattern.
},
],
"complianceRules": [ # Rules declaring which mitigating actions to take when a device is not compliant with its policy. When the conditions for multiple rules are satisfied, all of the mitigating actions for the rules are taken. There is a maximum limit of 100 rules. Use policy enforcement rules instead.
@@ -608,7 +612,7 @@
"modifyAccountsDisabled": True or False, # Whether adding or removing accounts is disabled.
"mountPhysicalMediaDisabled": True or False, # Whether the user mounting physical external media is disabled.
"name": "A String", # The name of the policy in the form enterprises/{enterpriseId}/policies/{policyId}.
- "networkEscapeHatchEnabled": True or False, # Whether the network escape hatch is enabled. If a network connection can't be made at boot time, the escape hatch prompts the user to temporarily connect to a network in order to refresh the device policy. After applying policy, the temporary network will be forgotten and the device will continue booting. This prevents being unable to connect to a network if there is no suitable network in the last policy and the device boots into an app in lock task mode, or the user is otherwise unable to reach device settings.
+ "networkEscapeHatchEnabled": True or False, # Whether the network escape hatch is enabled. If a network connection can't be made at boot time, the escape hatch prompts the user to temporarily connect to a network in order to refresh the device policy. After applying policy, the temporary network will be forgotten and the device will continue booting. This prevents being unable to connect to a network if there is no suitable network in the last policy and the device boots into an app in lock task mode, or the user is otherwise unable to reach device settings.Note: Setting wifiConfigDisabled to true will override this setting under specific circumstances. Please see wifiConfigDisabled for further details.
"networkResetDisabled": True or False, # Whether resetting network settings is disabled.
"oncCertificateProviders": [ # This feature is not generally available.
{ # This feature is not generally available.
@@ -646,7 +650,7 @@
"requirePasswordUnlock": "A String", # The length of time after a device or work profile is unlocked using a strong form of authentication (password, PIN, pattern) that it can be unlocked using any other authentication method (e.g. fingerprint, trust agents, face). After the specified time period elapses, only strong forms of authentication can be used to unlock the device or work profile.
},
],
- "passwordRequirements": { # Requirements for the password used to unlock a device. # Password requirements. The field password_requirements.require_password_unlock must not be set. DEPRECATED - Use password_policies.
+ "passwordRequirements": { # Requirements for the password used to unlock a device. # Password requirements. The field password_requirements.require_password_unlock must not be set. DEPRECATED - Use password_policies.Note:Complexity-based values of PasswordQuality, that is, COMPLEXITY_LOW, COMPLEXITY_MEDIUM, and COMPLEXITY_HIGH, cannot be used here.
"maximumFailedPasswordsForWipe": 42, # Number of incorrect device-unlock passwords that can be entered before a device is wiped. A value of 0 means there is no restriction.
"passwordExpirationTimeout": "A String", # Password expiration timeout.
"passwordHistoryLength": 42, # The length of the password history. After setting this field, the user won't be able to enter a new password that is the same as any password in the history. A value of 0 means there is no restriction.
@@ -804,7 +808,7 @@
"usbMassStorageEnabled": True or False, # Whether USB storage is enabled. Deprecated.
"version": "A String", # The version of the policy. This is a read-only field. The version is incremented each time the policy is updated.
"vpnConfigDisabled": True or False, # Whether configuring VPN is disabled.
- "wifiConfigDisabled": True or False, # Whether configuring Wi-Fi access points is disabled.
+ "wifiConfigDisabled": True or False, # Whether configuring Wi-Fi access points is disabled.Note: If a network connection can't be made at boot time and configuring Wi-Fi is disabled then network escape hatch will be shown in order to refresh the device policy (see networkEscapeHatchEnabled).
"wifiConfigsLockdownEnabled": True or False, # DEPRECATED - Use wifi_config_disabled.
},
],
@@ -842,6 +846,8 @@
"adjustVolumeDisabled": True or False, # Whether adjusting the master volume is disabled. Also mutes the device.
"advancedSecurityOverrides": { # Security policies set to the most secure values by default. To maintain the security posture of a device, we don't recommend overriding any of the default values. # Security policies set to the most secure values by default. To maintain the security posture of a device, we don't recommend overriding any of the default values.
"commonCriteriaMode": "A String", # Controls Common Criteria Mode—security standards defined in the Common Criteria for Information Technology Security Evaluation (https://www.commoncriteriaportal.org/) (CC). Enabling Common Criteria Mode increases certain security components on a device, including AES-GCM encryption of Bluetooth Long Term Keys, and Wi-Fi configuration stores.Warning: Common Criteria Mode enforces a strict security model typically only required for IT products used in national security systems and other highly sensitive organizations. Standard device use may be affected. Only enabled if required.
+ "developerSettings": "A String", # Controls access to developer settings: developer options and safe boot. Replaces safeBootDisabled (deprecated) and debuggingFeaturesAllowed (deprecated).
+ "googlePlayProtectVerifyApps": "A String", # Whether Google Play Protect verification (https://support.google.com/accounts/answer/2812853) is enforced. Replaces ensureVerifyAppsEnabled (deprecated).
"untrustedAppsPolicy": "A String", # The policy for untrusted apps (apps from unknown sources) enforced on the device. Replaces install_unknown_sources_allowed (deprecated).
},
"alwaysOnVpnPackage": { # Configuration for an always-on VPN connection. # Configuration for an always-on VPN connection. Use with vpn_config_disabled to prevent modification of this setting.
@@ -893,13 +899,13 @@
"bluetoothDisabled": True or False, # Whether bluetooth is disabled. Prefer this setting over bluetooth_config_disabled because bluetooth_config_disabled can be bypassed by the user.
"cameraDisabled": True or False, # Whether all cameras on the device are disabled.
"cellBroadcastsConfigDisabled": True or False, # Whether configuring cell broadcast is disabled.
- "choosePrivateKeyRules": [ # Rules for automatically choosing a private key and certificate to authenticate the device to a server. The rules are ordered by increasing precedence, so if an outgoing request matches more than one rule, the last rule defines which private key to use.
- { # A rule for automatically choosing a private key and certificate to authenticate the device to a server.
- "packageNames": [ # The package names for which outgoing requests are subject to this rule. If no package names are specified, then the rule applies to all packages. For each package name listed, the rule applies to that package and all other packages that shared the same Android UID. The SHA256 hash of the signing key signatures of each package_name will be verified against those provided by Play
+ "choosePrivateKeyRules": [ # Rules for determining apps' access to private keys. See ChoosePrivateKeyRule for details.
+ { # Controls apps' access to private keys. The rule determines which private key, if any, Android Device Policy grants to the specified app. Access is granted either when the app calls KeyChain.choosePrivateKeyAlias (https://developer.android.com/reference/android/security/KeyChain#choosePrivateKeyAlias%28android.app.Activity,%20android.security.KeyChainAliasCallback,%20java.lang.String[],%20java.security.Principal[],%20java.lang.String,%20int,%20java.lang.String%29) (or any overloads) to request a private key alias for a given URL, or for rules that are not URL-specific (that is, if urlPattern is not set, or set to the empty string or .*) on Android 11 and above, directly so that the app can call KeyChain.getPrivateKey (https://developer.android.com/reference/android/security/KeyChain#getPrivateKey%28android.content.Context,%20java.lang.String%29), without first having to call KeyChain.choosePrivateKeyAlias.When an app calls KeyChain.choosePrivateKeyAlias if more than one choosePrivateKeyRules matches, the last matching rule defines which key alias to return.
+ "packageNames": [ # The package names to which this rule applies. The hash of the signing certificate for each app is verified against the hash provided by Play. If no package names are specified, then the alias is provided to all apps that call KeyChain.choosePrivateKeyAlias (https://developer.android.com/reference/android/security/KeyChain#choosePrivateKeyAlias%28android.app.Activity,%20android.security.KeyChainAliasCallback,%20java.lang.String[],%20java.security.Principal[],%20java.lang.String,%20int,%20java.lang.String%29) or any overloads (but not without calling KeyChain.choosePrivateKeyAlias, even on Android 11 and above). Any app with the same Android UID as a package specified here will have access when they call KeyChain.choosePrivateKeyAlias.
"A String",
],
"privateKeyAlias": "A String", # The alias of the private key to be used.
- "urlPattern": "A String", # The URL pattern to match against the URL of the outgoing request. The pattern may contain asterisk (*) wildcards. Any URL is matched if unspecified.
+ "urlPattern": "A String", # The URL pattern to match against the URL of the request. If not set or empty, it matches all URLs. This uses the regular expression syntax of java.util.regex.Pattern.
},
],
"complianceRules": [ # Rules declaring which mitigating actions to take when a device is not compliant with its policy. When the conditions for multiple rules are satisfied, all of the mitigating actions for the rules are taken. There is a maximum limit of 100 rules. Use policy enforcement rules instead.
@@ -963,7 +969,7 @@
"modifyAccountsDisabled": True or False, # Whether adding or removing accounts is disabled.
"mountPhysicalMediaDisabled": True or False, # Whether the user mounting physical external media is disabled.
"name": "A String", # The name of the policy in the form enterprises/{enterpriseId}/policies/{policyId}.
- "networkEscapeHatchEnabled": True or False, # Whether the network escape hatch is enabled. If a network connection can't be made at boot time, the escape hatch prompts the user to temporarily connect to a network in order to refresh the device policy. After applying policy, the temporary network will be forgotten and the device will continue booting. This prevents being unable to connect to a network if there is no suitable network in the last policy and the device boots into an app in lock task mode, or the user is otherwise unable to reach device settings.
+ "networkEscapeHatchEnabled": True or False, # Whether the network escape hatch is enabled. If a network connection can't be made at boot time, the escape hatch prompts the user to temporarily connect to a network in order to refresh the device policy. After applying policy, the temporary network will be forgotten and the device will continue booting. This prevents being unable to connect to a network if there is no suitable network in the last policy and the device boots into an app in lock task mode, or the user is otherwise unable to reach device settings.Note: Setting wifiConfigDisabled to true will override this setting under specific circumstances. Please see wifiConfigDisabled for further details.
"networkResetDisabled": True or False, # Whether resetting network settings is disabled.
"oncCertificateProviders": [ # This feature is not generally available.
{ # This feature is not generally available.
@@ -1001,7 +1007,7 @@
"requirePasswordUnlock": "A String", # The length of time after a device or work profile is unlocked using a strong form of authentication (password, PIN, pattern) that it can be unlocked using any other authentication method (e.g. fingerprint, trust agents, face). After the specified time period elapses, only strong forms of authentication can be used to unlock the device or work profile.
},
],
- "passwordRequirements": { # Requirements for the password used to unlock a device. # Password requirements. The field password_requirements.require_password_unlock must not be set. DEPRECATED - Use password_policies.
+ "passwordRequirements": { # Requirements for the password used to unlock a device. # Password requirements. The field password_requirements.require_password_unlock must not be set. DEPRECATED - Use password_policies.Note:Complexity-based values of PasswordQuality, that is, COMPLEXITY_LOW, COMPLEXITY_MEDIUM, and COMPLEXITY_HIGH, cannot be used here.
"maximumFailedPasswordsForWipe": 42, # Number of incorrect device-unlock passwords that can be entered before a device is wiped. A value of 0 means there is no restriction.
"passwordExpirationTimeout": "A String", # Password expiration timeout.
"passwordHistoryLength": 42, # The length of the password history. After setting this field, the user won't be able to enter a new password that is the same as any password in the history. A value of 0 means there is no restriction.
@@ -1159,7 +1165,7 @@
"usbMassStorageEnabled": True or False, # Whether USB storage is enabled. Deprecated.
"version": "A String", # The version of the policy. This is a read-only field. The version is incremented each time the policy is updated.
"vpnConfigDisabled": True or False, # Whether configuring VPN is disabled.
- "wifiConfigDisabled": True or False, # Whether configuring Wi-Fi access points is disabled.
+ "wifiConfigDisabled": True or False, # Whether configuring Wi-Fi access points is disabled.Note: If a network connection can't be made at boot time and configuring Wi-Fi is disabled then network escape hatch will be shown in order to refresh the device policy (see networkEscapeHatchEnabled).
"wifiConfigsLockdownEnabled": True or False, # DEPRECATED - Use wifi_config_disabled.
}
@@ -1180,6 +1186,8 @@
"adjustVolumeDisabled": True or False, # Whether adjusting the master volume is disabled. Also mutes the device.
"advancedSecurityOverrides": { # Security policies set to the most secure values by default. To maintain the security posture of a device, we don't recommend overriding any of the default values. # Security policies set to the most secure values by default. To maintain the security posture of a device, we don't recommend overriding any of the default values.
"commonCriteriaMode": "A String", # Controls Common Criteria Mode—security standards defined in the Common Criteria for Information Technology Security Evaluation (https://www.commoncriteriaportal.org/) (CC). Enabling Common Criteria Mode increases certain security components on a device, including AES-GCM encryption of Bluetooth Long Term Keys, and Wi-Fi configuration stores.Warning: Common Criteria Mode enforces a strict security model typically only required for IT products used in national security systems and other highly sensitive organizations. Standard device use may be affected. Only enabled if required.
+ "developerSettings": "A String", # Controls access to developer settings: developer options and safe boot. Replaces safeBootDisabled (deprecated) and debuggingFeaturesAllowed (deprecated).
+ "googlePlayProtectVerifyApps": "A String", # Whether Google Play Protect verification (https://support.google.com/accounts/answer/2812853) is enforced. Replaces ensureVerifyAppsEnabled (deprecated).
"untrustedAppsPolicy": "A String", # The policy for untrusted apps (apps from unknown sources) enforced on the device. Replaces install_unknown_sources_allowed (deprecated).
},
"alwaysOnVpnPackage": { # Configuration for an always-on VPN connection. # Configuration for an always-on VPN connection. Use with vpn_config_disabled to prevent modification of this setting.
@@ -1231,13 +1239,13 @@
"bluetoothDisabled": True or False, # Whether bluetooth is disabled. Prefer this setting over bluetooth_config_disabled because bluetooth_config_disabled can be bypassed by the user.
"cameraDisabled": True or False, # Whether all cameras on the device are disabled.
"cellBroadcastsConfigDisabled": True or False, # Whether configuring cell broadcast is disabled.
- "choosePrivateKeyRules": [ # Rules for automatically choosing a private key and certificate to authenticate the device to a server. The rules are ordered by increasing precedence, so if an outgoing request matches more than one rule, the last rule defines which private key to use.
- { # A rule for automatically choosing a private key and certificate to authenticate the device to a server.
- "packageNames": [ # The package names for which outgoing requests are subject to this rule. If no package names are specified, then the rule applies to all packages. For each package name listed, the rule applies to that package and all other packages that shared the same Android UID. The SHA256 hash of the signing key signatures of each package_name will be verified against those provided by Play
+ "choosePrivateKeyRules": [ # Rules for determining apps' access to private keys. See ChoosePrivateKeyRule for details.
+ { # Controls apps' access to private keys. The rule determines which private key, if any, Android Device Policy grants to the specified app. Access is granted either when the app calls KeyChain.choosePrivateKeyAlias (https://developer.android.com/reference/android/security/KeyChain#choosePrivateKeyAlias%28android.app.Activity,%20android.security.KeyChainAliasCallback,%20java.lang.String[],%20java.security.Principal[],%20java.lang.String,%20int,%20java.lang.String%29) (or any overloads) to request a private key alias for a given URL, or for rules that are not URL-specific (that is, if urlPattern is not set, or set to the empty string or .*) on Android 11 and above, directly so that the app can call KeyChain.getPrivateKey (https://developer.android.com/reference/android/security/KeyChain#getPrivateKey%28android.content.Context,%20java.lang.String%29), without first having to call KeyChain.choosePrivateKeyAlias.When an app calls KeyChain.choosePrivateKeyAlias if more than one choosePrivateKeyRules matches, the last matching rule defines which key alias to return.
+ "packageNames": [ # The package names to which this rule applies. The hash of the signing certificate for each app is verified against the hash provided by Play. If no package names are specified, then the alias is provided to all apps that call KeyChain.choosePrivateKeyAlias (https://developer.android.com/reference/android/security/KeyChain#choosePrivateKeyAlias%28android.app.Activity,%20android.security.KeyChainAliasCallback,%20java.lang.String[],%20java.security.Principal[],%20java.lang.String,%20int,%20java.lang.String%29) or any overloads (but not without calling KeyChain.choosePrivateKeyAlias, even on Android 11 and above). Any app with the same Android UID as a package specified here will have access when they call KeyChain.choosePrivateKeyAlias.
"A String",
],
"privateKeyAlias": "A String", # The alias of the private key to be used.
- "urlPattern": "A String", # The URL pattern to match against the URL of the outgoing request. The pattern may contain asterisk (*) wildcards. Any URL is matched if unspecified.
+ "urlPattern": "A String", # The URL pattern to match against the URL of the request. If not set or empty, it matches all URLs. This uses the regular expression syntax of java.util.regex.Pattern.
},
],
"complianceRules": [ # Rules declaring which mitigating actions to take when a device is not compliant with its policy. When the conditions for multiple rules are satisfied, all of the mitigating actions for the rules are taken. There is a maximum limit of 100 rules. Use policy enforcement rules instead.
@@ -1301,7 +1309,7 @@
"modifyAccountsDisabled": True or False, # Whether adding or removing accounts is disabled.
"mountPhysicalMediaDisabled": True or False, # Whether the user mounting physical external media is disabled.
"name": "A String", # The name of the policy in the form enterprises/{enterpriseId}/policies/{policyId}.
- "networkEscapeHatchEnabled": True or False, # Whether the network escape hatch is enabled. If a network connection can't be made at boot time, the escape hatch prompts the user to temporarily connect to a network in order to refresh the device policy. After applying policy, the temporary network will be forgotten and the device will continue booting. This prevents being unable to connect to a network if there is no suitable network in the last policy and the device boots into an app in lock task mode, or the user is otherwise unable to reach device settings.
+ "networkEscapeHatchEnabled": True or False, # Whether the network escape hatch is enabled. If a network connection can't be made at boot time, the escape hatch prompts the user to temporarily connect to a network in order to refresh the device policy. After applying policy, the temporary network will be forgotten and the device will continue booting. This prevents being unable to connect to a network if there is no suitable network in the last policy and the device boots into an app in lock task mode, or the user is otherwise unable to reach device settings.Note: Setting wifiConfigDisabled to true will override this setting under specific circumstances. Please see wifiConfigDisabled for further details.
"networkResetDisabled": True or False, # Whether resetting network settings is disabled.
"oncCertificateProviders": [ # This feature is not generally available.
{ # This feature is not generally available.
@@ -1339,7 +1347,7 @@
"requirePasswordUnlock": "A String", # The length of time after a device or work profile is unlocked using a strong form of authentication (password, PIN, pattern) that it can be unlocked using any other authentication method (e.g. fingerprint, trust agents, face). After the specified time period elapses, only strong forms of authentication can be used to unlock the device or work profile.
},
],
- "passwordRequirements": { # Requirements for the password used to unlock a device. # Password requirements. The field password_requirements.require_password_unlock must not be set. DEPRECATED - Use password_policies.
+ "passwordRequirements": { # Requirements for the password used to unlock a device. # Password requirements. The field password_requirements.require_password_unlock must not be set. DEPRECATED - Use password_policies.Note:Complexity-based values of PasswordQuality, that is, COMPLEXITY_LOW, COMPLEXITY_MEDIUM, and COMPLEXITY_HIGH, cannot be used here.
"maximumFailedPasswordsForWipe": 42, # Number of incorrect device-unlock passwords that can be entered before a device is wiped. A value of 0 means there is no restriction.
"passwordExpirationTimeout": "A String", # Password expiration timeout.
"passwordHistoryLength": 42, # The length of the password history. After setting this field, the user won't be able to enter a new password that is the same as any password in the history. A value of 0 means there is no restriction.
@@ -1497,7 +1505,7 @@
"usbMassStorageEnabled": True or False, # Whether USB storage is enabled. Deprecated.
"version": "A String", # The version of the policy. This is a read-only field. The version is incremented each time the policy is updated.
"vpnConfigDisabled": True or False, # Whether configuring VPN is disabled.
- "wifiConfigDisabled": True or False, # Whether configuring Wi-Fi access points is disabled.
+ "wifiConfigDisabled": True or False, # Whether configuring Wi-Fi access points is disabled.Note: If a network connection can't be made at boot time and configuring Wi-Fi is disabled then network escape hatch will be shown in order to refresh the device policy (see networkEscapeHatchEnabled).
"wifiConfigsLockdownEnabled": True or False, # DEPRECATED - Use wifi_config_disabled.
}</pre>
</div>