blob: 4bf03546e30b4076793f4d2ae105884fe910a40a [file] [log] [blame]
Dianne Hackbornd6847842010-01-12 18:14:19 -08001/*
2 * Copyright (C) 2010 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Dianne Hackborn87bba1e2010-02-26 17:25:54 -080017package android.app.admin;
Dianne Hackbornd6847842010-01-12 18:14:19 -080018
Dianne Hackbornd6847842010-01-12 18:14:19 -080019import android.annotation.SdkConstant;
20import android.annotation.SdkConstant.SdkConstantType;
Justin Moreyb5deda72014-07-24 10:53:40 -050021import android.annotation.SystemApi;
Jason Monkd7b86212014-06-16 13:15:38 -040022import android.app.Activity;
Svetoslav976e8bd2014-07-16 15:12:03 -070023import android.app.admin.IDevicePolicyManager;
Amith Yamasanif6e2fcc2014-07-10 13:41:55 -070024import android.content.AbstractRestrictionsProvider;
Dianne Hackbornd6847842010-01-12 18:14:19 -080025import android.content.ComponentName;
26import android.content.Context;
Adam Connors010cfd42014-04-16 12:48:13 +010027import android.content.Intent;
Sander Alewijnsef475ca32014-02-17 15:13:58 +000028import android.content.IntentFilter;
Dianne Hackbornd6847842010-01-12 18:14:19 -080029import android.content.pm.ActivityInfo;
30import android.content.pm.PackageManager;
31import android.content.pm.ResolveInfo;
Jason Monk03bc9912014-05-13 09:44:57 -040032import android.net.ProxyInfo;
Robin Lee66e5d962014-04-09 16:44:21 +010033import android.os.Bundle;
Dianne Hackbornd6847842010-01-12 18:14:19 -080034import android.os.Handler;
Adam Connors776c5552014-01-09 10:42:56 +000035import android.os.Process;
Dianne Hackborn8ea138c2010-01-26 18:01:04 -080036import android.os.RemoteCallback;
Dianne Hackbornd6847842010-01-12 18:14:19 -080037import android.os.RemoteException;
38import android.os.ServiceManager;
Amith Yamasani599dd7c2012-09-14 23:20:08 -070039import android.os.UserHandle;
Julia Reynolds1e958392014-05-16 14:25:21 -040040import android.os.UserManager;
Julia Reynoldsda551652014-05-14 17:15:16 -040041import android.provider.Settings;
Dianne Hackbornd6847842010-01-12 18:14:19 -080042import android.util.Log;
43
Maggie Benthallda51e682013-08-08 22:35:44 -040044import com.android.org.conscrypt.TrustedCertificateStore;
45
Jessica Hummel91da58d2014-04-10 17:39:43 +010046import org.xmlpull.v1.XmlPullParserException;
47
Maggie Benthallda51e682013-08-08 22:35:44 -040048import java.io.ByteArrayInputStream;
Dianne Hackbornd6847842010-01-12 18:14:19 -080049import java.io.IOException;
Oscar Montemayor69238c62010-08-03 10:51:06 -070050import java.net.InetSocketAddress;
51import java.net.Proxy;
Maggie Benthallda51e682013-08-08 22:35:44 -040052import java.security.cert.CertificateException;
53import java.security.cert.CertificateFactory;
54import java.security.cert.X509Certificate;
Jim Miller604e7552014-07-18 19:00:02 -070055import java.util.ArrayList;
Svetoslav976e8bd2014-07-16 15:12:03 -070056import java.util.Collections;
Dianne Hackbornd47c6ed2010-01-27 16:21:20 -080057import java.util.List;
Maggie Benthallda51e682013-08-08 22:35:44 -040058import java.util.Set;
Dianne Hackbornd6847842010-01-12 18:14:19 -080059
60/**
61 * Public interface for managing policies enforced on a device. Most clients
Dianne Hackbornef6b22f2010-02-16 20:38:49 -080062 * of this class must have published a {@link DeviceAdminReceiver} that the user
Dianne Hackbornd6847842010-01-12 18:14:19 -080063 * has currently enabled.
Joe Fernandez3aef8e1d2011-12-20 10:38:34 -080064 *
65 * <div class="special reference">
66 * <h3>Developer Guides</h3>
67 * <p>For more information about managing policies for device adminstration, read the
68 * <a href="{@docRoot}guide/topics/admin/device-admin.html">Device Administration</a>
69 * developer guide.</p>
70 * </div>
Dianne Hackbornd6847842010-01-12 18:14:19 -080071 */
72public class DevicePolicyManager {
73 private static String TAG = "DevicePolicyManager";
Dianne Hackbornd6847842010-01-12 18:14:19 -080074
75 private final Context mContext;
Dianne Hackbornd6847842010-01-12 18:14:19 -080076 private final IDevicePolicyManager mService;
Konstantin Lopyrev32558232010-05-20 16:18:05 -070077
Dianne Hackborn21f1bd12010-02-19 17:02:21 -080078 private DevicePolicyManager(Context context, Handler handler) {
Dianne Hackbornd6847842010-01-12 18:14:19 -080079 mContext = context;
Dianne Hackbornd6847842010-01-12 18:14:19 -080080 mService = IDevicePolicyManager.Stub.asInterface(
81 ServiceManager.getService(Context.DEVICE_POLICY_SERVICE));
82 }
83
Dianne Hackborn87bba1e2010-02-26 17:25:54 -080084 /** @hide */
85 public static DevicePolicyManager create(Context context, Handler handler) {
Dianne Hackborn21f1bd12010-02-19 17:02:21 -080086 DevicePolicyManager me = new DevicePolicyManager(context, handler);
87 return me.mService != null ? me : null;
88 }
Konstantin Lopyrev32558232010-05-20 16:18:05 -070089
Dianne Hackbornd6847842010-01-12 18:14:19 -080090 /**
Jessica Hummelf72078b2014-03-06 16:13:12 +000091 * Activity action: Starts the provisioning flow which sets up a managed profile.
Jessica Hummelf72078b2014-03-06 16:13:12 +000092 *
Jessica Hummel9da60392014-05-21 12:32:57 +010093 * <p>A managed profile allows data separation for example for the usage of a
94 * device as a personal and corporate device. The user which provisioning is started from and
95 * the managed profile share a launcher.
96 *
97 * <p>This intent will typically be sent by a mobile device management application (mdm).
98 * Provisioning adds a managed profile and sets the mdm as the profile owner who has full
99 * control over the profile
100 *
101 * <p>This intent must contain the extras {@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME}
102 * {@link #EXTRA_PROVISIONING_DEFAULT_MANAGED_PROFILE_NAME} and {@link #EXTRA_DEVICE_ADMIN}.
Jessica Hummelf72078b2014-03-06 16:13:12 +0000103 *
104 * <p> When managed provisioning has completed, an intent of the type
105 * {@link DeviceAdminReceiver#ACTION_PROFILE_PROVISIONING_COMPLETE} is broadcasted to the
Sander Alewijnse1cc4ecc2014-06-23 19:56:52 +0100106 * managed profile.
Jessica Hummel9da60392014-05-21 12:32:57 +0100107 *
Sander Alewijnse1cc4ecc2014-06-23 19:56:52 +0100108 * <p> If provisioning fails, the managedProfile is removed so the device returns to its
109 * previous state.
Jessica Hummelf72078b2014-03-06 16:13:12 +0000110 *
111 * <p>Input: Nothing.</p>
112 * <p>Output: Nothing</p>
113 */
114 @SdkConstant(SdkConstantType.ACTIVITY_INTENT_ACTION)
115 public static final String ACTION_PROVISION_MANAGED_PROFILE
Jessica Hummel03dd2202014-03-13 16:05:26 +0000116 = "android.app.action.ACTION_PROVISION_MANAGED_PROFILE";
Jessica Hummelf72078b2014-03-06 16:13:12 +0000117
118 /**
Sander Alewijnse1cc4ecc2014-06-23 19:56:52 +0100119 * A String extra holding the package name of the mobile device management application that
120 * will be set as the profile owner or device owner.
121 *
122 * <p>If an application starts provisioning directly via an intent with action
123 * {@link #ACTION_PROVISION_MANAGED_PROFILE} this package has to match the package name of the
124 * application that started provisioning. The package will be set as profile owner in that case.
125 *
126 * <p>This package is set as device owner when device owner provisioning is started by an Nfc
127 * message containing an Nfc record with MIME type {@link #PROVISIONING_NFC_MIME_TYPE}.
Jessica Hummelf72078b2014-03-06 16:13:12 +0000128 */
129 public static final String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME
Jessica Hummel9da60392014-05-21 12:32:57 +0100130 = "android.app.extra.deviceAdminPackageName";
Jessica Hummelf72078b2014-03-06 16:13:12 +0000131
132 /**
133 * A String extra holding the default name of the profile that is created during managed profile
134 * provisioning.
Sander Alewijnse1cc4ecc2014-06-23 19:56:52 +0100135 *
Jessica Hummelf72078b2014-03-06 16:13:12 +0000136 * <p>Use with {@link #ACTION_PROVISION_MANAGED_PROFILE}
137 */
138 public static final String EXTRA_PROVISIONING_DEFAULT_MANAGED_PROFILE_NAME
Jessica Hummel9da60392014-05-21 12:32:57 +0100139 = "android.app.extra.defaultManagedProfileName";
Jessica Hummelf72078b2014-03-06 16:13:12 +0000140
141 /**
Jessica Hummeledb7ae72014-06-26 12:55:38 +0100142 * A String extra that, holds the email address of the account which a managed profile is
143 * created for. Used with {@link #ACTION_PROVISION_MANAGED_PROFILE} and
Nicolas Prevot07ac20b2014-05-27 15:37:45 +0100144 * {@link DeviceAdminReceiver#ACTION_PROFILE_PROVISIONING_COMPLETE}.
Jessica Hummeledb7ae72014-06-26 12:55:38 +0100145 *
146 * <p> If the {@link #ACTION_PROVISION_MANAGED_PROFILE} intent that starts managed provisioning
147 * contains this extra, it is forwarded in the
148 * {@link DeviceAdminReceiver#ACTION_PROFILE_PROVISIONING_COMPLETE} intent to the mobile
149 * device management application that was set as the profile owner during provisioning.
150 * It is usually used to avoid that the user has to enter their email address twice.
Nicolas Prevot07ac20b2014-05-27 15:37:45 +0100151 */
152 public static final String EXTRA_PROVISIONING_EMAIL_ADDRESS
153 = "android.app.extra.ManagedProfileEmailAddress";
154
155 /**
Sander Alewijnse1cc4ecc2014-06-23 19:56:52 +0100156 * A String extra holding the time zone {@link android.app.AlarmManager} that the device
157 * will be set to.
158 *
159 * <p>Use in an Nfc record with {@link #PROVISIONING_NFC_MIME_TYPE} that starts device owner
160 * provisioning via an Nfc bump.
161 */
162 public static final String EXTRA_PROVISIONING_TIME_ZONE
163 = "android.app.extra.timeZone";
164
165 /**
166 * A Long extra holding the local time {@link android.app.AlarmManager} that the device
167 * will be set to.
168 *
169 * <p>Use in an Nfc record with {@link #PROVISIONING_NFC_MIME_TYPE} that starts device owner
170 * provisioning via an Nfc bump.
171 */
172 public static final String EXTRA_PROVISIONING_LOCAL_TIME
173 = "android.app.extra.localTime";
174
175 /**
176 * A String extra holding the {@link java.util.Locale} that the device will be set to.
177 * Format: xx_yy, where xx is the language code, and yy the country code.
178 *
179 * <p>Use in an Nfc record with {@link #PROVISIONING_NFC_MIME_TYPE} that starts device owner
180 * provisioning via an Nfc bump.
181 */
182 public static final String EXTRA_PROVISIONING_LOCALE
183 = "android.app.extra.locale";
184
185 /**
186 * A String extra holding the ssid of the wifi network that should be used during nfc device
187 * owner provisioning for downloading the mobile device management application.
188 *
189 * <p>Use in an Nfc record with {@link #PROVISIONING_NFC_MIME_TYPE} that starts device owner
190 * provisioning via an Nfc bump.
191 */
192 public static final String EXTRA_PROVISIONING_WIFI_SSID
193 = "android.app.extra.wifiSsid";
194
195 /**
196 * A boolean extra indicating whether the wifi network in {@link #EXTRA_PROVISIONING_WIFI_SSID}
197 * is hidden or not.
198 *
199 * <p>Use in an Nfc record with {@link #PROVISIONING_NFC_MIME_TYPE} that starts device owner
200 * provisioning via an Nfc bump.
201 */
202 public static final String EXTRA_PROVISIONING_WIFI_HIDDEN
203 = "android.app.extra.wifiHidden";
204
205 /**
206 * A String extra indicating the security type of the wifi network in
207 * {@link #EXTRA_PROVISIONING_WIFI_SSID}.
208 *
209 * <p>Use in an Nfc record with {@link #PROVISIONING_NFC_MIME_TYPE} that starts device owner
210 * provisioning via an Nfc bump.
211 */
212 public static final String EXTRA_PROVISIONING_WIFI_SECURITY_TYPE
213 = "android.app.extra.wifiSecurityType";
214
215 /**
216 * A String extra holding the password of the wifi network in
217 * {@link #EXTRA_PROVISIONING_WIFI_SSID}.
218 *
219 * <p>Use in an Nfc record with {@link #PROVISIONING_NFC_MIME_TYPE} that starts device owner
220 * provisioning via an Nfc bump.
221 */
222 public static final String EXTRA_PROVISIONING_WIFI_PASSWORD
223 = "android.app.extra.wifiPassword";
224
225 /**
226 * A String extra holding the proxy host for the wifi network in
227 * {@link #EXTRA_PROVISIONING_WIFI_SSID}.
228 *
229 * <p>Use in an Nfc record with {@link #PROVISIONING_NFC_MIME_TYPE} that starts device owner
230 * provisioning via an Nfc bump.
231 */
232 public static final String EXTRA_PROVISIONING_WIFI_PROXY_HOST
233 = "android.app.extra.wifiProxyHost";
234
235 /**
236 * An int extra holding the proxy port for the wifi network in
237 * {@link #EXTRA_PROVISIONING_WIFI_SSID}.
238 *
239 * <p>Use in an Nfc record with {@link #PROVISIONING_NFC_MIME_TYPE} that starts device owner
240 * provisioning via an Nfc bump.
241 */
242 public static final String EXTRA_PROVISIONING_WIFI_PROXY_PORT
243 = "android.app.extra.wifiProxyPort";
244
245 /**
246 * A String extra holding the proxy bypass for the wifi network in
247 * {@link #EXTRA_PROVISIONING_WIFI_SSID}.
248 *
249 * <p>Use in an Nfc record with {@link #PROVISIONING_NFC_MIME_TYPE} that starts device owner
250 * provisioning via an Nfc bump.
251 */
252 public static final String EXTRA_PROVISIONING_WIFI_PROXY_BYPASS
253 = "android.app.extra.wifiProxyBypassHosts";
254
255 /**
256 * A String extra holding the proxy auto-config (PAC) URL for the wifi network in
257 * {@link #EXTRA_PROVISIONING_WIFI_SSID}.
258 *
259 * <p>Use in an Nfc record with {@link #PROVISIONING_NFC_MIME_TYPE} that starts device owner
260 * provisioning via an Nfc bump.
261 */
262 public static final String EXTRA_PROVISIONING_WIFI_PAC_URL
263 = "android.app.extra.wifiPacUrl";
264
265 /**
266 * A String extra holding a url that specifies the download location of the device admin
267 * package. When not provided it is assumed that the device admin package is already installed.
268 *
269 * <p>Use in an Nfc record with {@link #PROVISIONING_NFC_MIME_TYPE} that starts device owner
270 * provisioning via an Nfc bump.
271 */
272 public static final String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION
273 = "android.app.extra.deviceAdminPackageDownloadLocation";
274
275 /**
Sander Alewijnse681bce92014-07-24 16:46:26 +0100276 * A String extra holding a http cookie header which should be used in the http request to the
277 * url specified in {@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION}.
278 *
279 * <p>Use in an Nfc record with {@link #PROVISIONING_NFC_MIME_TYPE} that starts device owner
280 * provisioning via an Nfc bump.
281 */
282 public static final String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_COOKIE_HEADER
283 = "android.app.extra.deviceAdminPackageDownloadCookieHeader";
284
285 /**
Sander Alewijnse1cc4ecc2014-06-23 19:56:52 +0100286 * A String extra holding the SHA-1 checksum of the file at download location specified in
287 * {@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION}. If this doesn't match
288 * the file at the download location an error will be shown to the user and the user will be
289 * asked to factory reset the device.
290 *
291 * <p>Use in an Nfc record with {@link #PROVISIONING_NFC_MIME_TYPE} that starts device owner
292 * provisioning via an Nfc bump.
293 */
294 public static final String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM
295 = "android.app.extra.deviceAdminPackageChecksum";
296
297 /**
298 * This MIME type is used for starting the Device Owner provisioning.
299 *
300 * <p>During device owner provisioning a device admin app is set as the owner of the device.
301 * A device owner has full control over the device. The device owner can not be modified by the
302 * user and the only way of resetting the device is if the device owner app calls a factory
303 * reset.
304 *
305 * <p> A typical use case would be a device that is owned by a company, but used by either an
306 * employee or client.
307 *
308 * <p> The Nfc message should be send to an unprovisioned device.
309 *
310 * <p>The Nfc record must contain a serialized {@link java.util.Properties} object which
311 * contains the following properties:
312 * <ul>
313 * <li>{@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME}</li>
314 * <li>{@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION}</li>
Sander Alewijnse681bce92014-07-24 16:46:26 +0100315 * <li>{@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_COOKIE_HEADER}, optional</li>
Sander Alewijnse1cc4ecc2014-06-23 19:56:52 +0100316 * <li>{@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM}</li>
317 * <li>{@link #EXTRA_PROVISIONING_LOCAL_TIME} (convert to String), optional</li>
318 * <li>{@link #EXTRA_PROVISIONING_TIME_ZONE}, optional</li>
319 * <li>{@link #EXTRA_PROVISIONING_LOCALE}, optional</li>
320 * <li>{@link #EXTRA_PROVISIONING_WIFI_SSID}, optional</li>
321 * <li>{@link #EXTRA_PROVISIONING_WIFI_HIDDEN} (convert to String), optional</li>
322 * <li>{@link #EXTRA_PROVISIONING_WIFI_SECURITY_TYPE}, optional</li>
323 * <li>{@link #EXTRA_PROVISIONING_WIFI_PASSWORD}, optional</li>
324 * <li>{@link #EXTRA_PROVISIONING_WIFI_PROXY_HOST}, optional</li>
325 * <li>{@link #EXTRA_PROVISIONING_WIFI_PROXY_PORT} (convert to String), optional</li>
326 * <li>{@link #EXTRA_PROVISIONING_WIFI_PROXY_BYPASS}, optional</li>
327 * <li>{@link #EXTRA_PROVISIONING_WIFI_PAC_URL}, optional</li></ul>
328 *
329 * <p> When device owner provisioning has completed, an intent of the type
330 * {@link DeviceAdminReceiver#ACTION_PROFILE_PROVISIONING_COMPLETE} is broadcasted to the
331 * device owner.
332 *
333 * <p>
334 * If provisioning fails, the device is factory reset.
335 *
336 * <p>Input: Nothing.</p>
337 * <p>Output: Nothing</p>
338 */
339 public static final String PROVISIONING_NFC_MIME_TYPE
340 = "application/com.android.managedprovisioning";
341
342 /**
Dianne Hackbornd6847842010-01-12 18:14:19 -0800343 * Activity action: ask the user to add a new device administrator to the system.
344 * The desired policy is the ComponentName of the policy in the
345 * {@link #EXTRA_DEVICE_ADMIN} extra field. This will invoke a UI to
346 * bring the user through adding the device administrator to the system (or
347 * allowing them to reject it).
Konstantin Lopyrev32558232010-05-20 16:18:05 -0700348 *
Dianne Hackborn8ea138c2010-01-26 18:01:04 -0800349 * <p>You can optionally include the {@link #EXTRA_ADD_EXPLANATION}
350 * field to provide the user with additional explanation (in addition
351 * to your component's description) about what is being added.
Andy Stadlerc25f70a2010-12-08 15:56:45 -0800352 *
353 * <p>If your administrator is already active, this will ordinarily return immediately (without
354 * user intervention). However, if your administrator has been updated and is requesting
355 * additional uses-policy flags, the user will be presented with the new list. New policies
356 * will not be available to the updated administrator until the user has accepted the new list.
Dianne Hackbornd6847842010-01-12 18:14:19 -0800357 */
358 @SdkConstant(SdkConstantType.ACTIVITY_INTENT_ACTION)
359 public static final String ACTION_ADD_DEVICE_ADMIN
360 = "android.app.action.ADD_DEVICE_ADMIN";
Konstantin Lopyrev32558232010-05-20 16:18:05 -0700361
Dianne Hackbornd6847842010-01-12 18:14:19 -0800362 /**
Amith Yamasanibf3a9462014-07-28 14:26:42 -0700363 * @hide
364 * Activity action: ask the user to add a new device administrator as the profile owner
365 * for this user. Only system privileged apps that have MANAGE_USERS and MANAGE_DEVICE_ADMINS
366 * permission can call this API.
367 *
368 * <p>The ComponentName of the profile owner admin is pass in {@link #EXTRA_DEVICE_ADMIN} extra
369 * field. This will invoke a UI to bring the user through adding the profile owner admin
370 * to remotely control restrictions on the user.
371 *
372 * <p>The intent must be invoked via {@link Activity#startActivityForResult()} to receive the
373 * result of whether or not the user approved the action. If approved, the result will
374 * be {@link Activity#RESULT_OK} and the component will be set as an active admin as well
375 * as a profile owner.
376 *
377 * <p>You can optionally include the {@link #EXTRA_ADD_EXPLANATION}
378 * field to provide the user with additional explanation (in addition
379 * to your component's description) about what is being added.
380 *
381 * <p>If there is already a profile owner active or the caller doesn't have the required
382 * permissions, the operation will return a failure result.
383 */
384 @SystemApi
385 public static final String ACTION_SET_PROFILE_OWNER
386 = "android.app.action.SET_PROFILE_OWNER";
387
388 /**
389 * @hide
390 * Name of the profile owner admin that controls the user.
391 */
392 @SystemApi
393 public static final String EXTRA_PROFILE_OWNER_NAME
394 = "android.app.extra.PROFILE_OWNER_NAME";
395
396 /**
Jim Miller284b62e2010-06-08 14:27:42 -0700397 * Activity action: send when any policy admin changes a policy.
398 * This is generally used to find out when a new policy is in effect.
Jim Miller3e5d3fd2011-09-02 17:30:35 -0700399 *
Jim Miller284b62e2010-06-08 14:27:42 -0700400 * @hide
401 */
402 public static final String ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED
403 = "android.app.action.DEVICE_POLICY_MANAGER_STATE_CHANGED";
404
405 /**
Dianne Hackbornd6847842010-01-12 18:14:19 -0800406 * The ComponentName of the administrator component.
407 *
408 * @see #ACTION_ADD_DEVICE_ADMIN
409 */
410 public static final String EXTRA_DEVICE_ADMIN = "android.app.extra.DEVICE_ADMIN";
Konstantin Lopyrev32558232010-05-20 16:18:05 -0700411
Dianne Hackbornd6847842010-01-12 18:14:19 -0800412 /**
Dianne Hackborn8ea138c2010-01-26 18:01:04 -0800413 * An optional CharSequence providing additional explanation for why the
414 * admin is being added.
415 *
416 * @see #ACTION_ADD_DEVICE_ADMIN
417 */
418 public static final String EXTRA_ADD_EXPLANATION = "android.app.extra.ADD_EXPLANATION";
Konstantin Lopyrev32558232010-05-20 16:18:05 -0700419
Dianne Hackborn8ea138c2010-01-26 18:01:04 -0800420 /**
Konstantin Lopyrev32558232010-05-20 16:18:05 -0700421 * Activity action: have the user enter a new password. This activity should
422 * be launched after using {@link #setPasswordQuality(ComponentName, int)},
423 * or {@link #setPasswordMinimumLength(ComponentName, int)} to have the user
424 * enter a new password that meets the current requirements. You can use
425 * {@link #isActivePasswordSufficient()} to determine whether you need to
426 * have the user select a new password in order to meet the current
427 * constraints. Upon being resumed from this activity, you can check the new
428 * password characteristics to see if they are sufficient.
Dianne Hackbornd6847842010-01-12 18:14:19 -0800429 */
430 @SdkConstant(SdkConstantType.ACTIVITY_INTENT_ACTION)
431 public static final String ACTION_SET_NEW_PASSWORD
432 = "android.app.action.SET_NEW_PASSWORD";
Amith Yamasanibf3a9462014-07-28 14:26:42 -0700433
Nicolas Prevot10fa67c2014-03-24 13:44:38 +0000434 /**
Nicolas Prevot81948992014-05-16 18:25:26 +0100435 * Flag used by {@link #addCrossProfileIntentFilter} to allow access of certain intents from a
436 * managed profile to its parent.
Nicolas Prevot10fa67c2014-03-24 13:44:38 +0000437 */
Nicolas Prevot81948992014-05-16 18:25:26 +0100438 public static int FLAG_PARENT_CAN_ACCESS_MANAGED = 0x0001;
Nicolas Prevot10fa67c2014-03-24 13:44:38 +0000439
440 /**
Nicolas Prevot81948992014-05-16 18:25:26 +0100441 * Flag used by {@link #addCrossProfileIntentFilter} to allow access of certain intents from the
442 * parent to its managed profile.
Nicolas Prevot10fa67c2014-03-24 13:44:38 +0000443 */
Nicolas Prevot81948992014-05-16 18:25:26 +0100444 public static int FLAG_MANAGED_CAN_ACCESS_PARENT = 0x0002;
Konstantin Lopyrev32558232010-05-20 16:18:05 -0700445
Dianne Hackbornd6847842010-01-12 18:14:19 -0800446 /**
447 * Return true if the given administrator component is currently
448 * active (enabled) in the system.
449 */
450 public boolean isAdminActive(ComponentName who) {
Zoltan Szatmary-Ban3f1ddf82014-07-02 16:42:05 +0100451 return isAdminActiveAsUser(who, UserHandle.myUserId());
452 }
453
454 /**
455 * @see #isAdminActive(ComponentName)
456 * @hide
457 */
458 public boolean isAdminActiveAsUser(ComponentName who, int userId) {
Dianne Hackbornd6847842010-01-12 18:14:19 -0800459 if (mService != null) {
460 try {
Zoltan Szatmary-Ban3f1ddf82014-07-02 16:42:05 +0100461 return mService.isAdminActive(who, userId);
Dianne Hackbornd6847842010-01-12 18:14:19 -0800462 } catch (RemoteException e) {
463 Log.w(TAG, "Failed talking with device policy service", e);
464 }
465 }
466 return false;
467 }
Konstantin Lopyrev32558232010-05-20 16:18:05 -0700468
Dianne Hackbornd6847842010-01-12 18:14:19 -0800469 /**
Dianne Hackbornd47c6ed2010-01-27 16:21:20 -0800470 * Return a list of all currently active device administrator's component
471 * names. Note that if there are no administrators than null may be
472 * returned.
473 */
474 public List<ComponentName> getActiveAdmins() {
Zoltan Szatmary-Ban3f1ddf82014-07-02 16:42:05 +0100475 return getActiveAdminsAsUser(UserHandle.myUserId());
476 }
477
478 /**
479 * @see #getActiveAdmins()
480 * @hide
481 */
482 public List<ComponentName> getActiveAdminsAsUser(int userId) {
Dianne Hackbornd47c6ed2010-01-27 16:21:20 -0800483 if (mService != null) {
484 try {
Zoltan Szatmary-Ban3f1ddf82014-07-02 16:42:05 +0100485 return mService.getActiveAdmins(userId);
Dianne Hackbornd47c6ed2010-01-27 16:21:20 -0800486 } catch (RemoteException e) {
487 Log.w(TAG, "Failed talking with device policy service", e);
488 }
489 }
490 return null;
491 }
Konstantin Lopyrev32558232010-05-20 16:18:05 -0700492
Dianne Hackbornd47c6ed2010-01-27 16:21:20 -0800493 /**
Amith Yamasani599dd7c2012-09-14 23:20:08 -0700494 * Used by package administration code to determine if a package can be stopped
495 * or uninstalled.
Dianne Hackborn21f1bd12010-02-19 17:02:21 -0800496 * @hide
497 */
498 public boolean packageHasActiveAdmins(String packageName) {
499 if (mService != null) {
500 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -0700501 return mService.packageHasActiveAdmins(packageName, UserHandle.myUserId());
Dianne Hackborn21f1bd12010-02-19 17:02:21 -0800502 } catch (RemoteException e) {
503 Log.w(TAG, "Failed talking with device policy service", e);
504 }
505 }
506 return false;
507 }
Konstantin Lopyrev32558232010-05-20 16:18:05 -0700508
Dianne Hackborn21f1bd12010-02-19 17:02:21 -0800509 /**
Dianne Hackbornd6847842010-01-12 18:14:19 -0800510 * Remove a current administration component. This can only be called
511 * by the application that owns the administration component; if you
512 * try to remove someone else's component, a security exception will be
513 * thrown.
514 */
515 public void removeActiveAdmin(ComponentName who) {
516 if (mService != null) {
517 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -0700518 mService.removeActiveAdmin(who, UserHandle.myUserId());
Dianne Hackbornd6847842010-01-12 18:14:19 -0800519 } catch (RemoteException e) {
520 Log.w(TAG, "Failed talking with device policy service", e);
521 }
522 }
523 }
Konstantin Lopyrev32558232010-05-20 16:18:05 -0700524
Dianne Hackbornd6847842010-01-12 18:14:19 -0800525 /**
Andy Stadlerc25f70a2010-12-08 15:56:45 -0800526 * Returns true if an administrator has been granted a particular device policy. This can
527 * be used to check if the administrator was activated under an earlier set of policies,
528 * but requires additional policies after an upgrade.
529 *
530 * @param admin Which {@link DeviceAdminReceiver} this request is associated with. Must be
531 * an active administrator, or an exception will be thrown.
532 * @param usesPolicy Which uses-policy to check, as defined in {@link DeviceAdminInfo}.
533 */
534 public boolean hasGrantedPolicy(ComponentName admin, int usesPolicy) {
535 if (mService != null) {
536 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -0700537 return mService.hasGrantedPolicy(admin, usesPolicy, UserHandle.myUserId());
Andy Stadlerc25f70a2010-12-08 15:56:45 -0800538 } catch (RemoteException e) {
539 Log.w(TAG, "Failed talking with device policy service", e);
540 }
541 }
542 return false;
543 }
544
545 /**
Dianne Hackborn9327f4f2010-01-29 10:38:29 -0800546 * Constant for {@link #setPasswordQuality}: the policy has no requirements
547 * for the password. Note that quality constants are ordered so that higher
Dianne Hackborndf83afa2010-01-20 13:37:26 -0800548 * values are more restrictive.
Dianne Hackbornd6847842010-01-12 18:14:19 -0800549 */
Dianne Hackborn9327f4f2010-01-29 10:38:29 -0800550 public static final int PASSWORD_QUALITY_UNSPECIFIED = 0;
Konstantin Lopyrev32558232010-05-20 16:18:05 -0700551
Dianne Hackbornd6847842010-01-12 18:14:19 -0800552 /**
Jim Miller3e5d3fd2011-09-02 17:30:35 -0700553 * Constant for {@link #setPasswordQuality}: the policy allows for low-security biometric
554 * recognition technology. This implies technologies that can recognize the identity of
555 * an individual to about a 3 digit PIN (false detection is less than 1 in 1,000).
556 * Note that quality constants are ordered so that higher values are more restrictive.
557 */
558 public static final int PASSWORD_QUALITY_BIOMETRIC_WEAK = 0x8000;
559
560 /**
Dianne Hackborn9327f4f2010-01-29 10:38:29 -0800561 * Constant for {@link #setPasswordQuality}: the policy requires some kind
562 * of password, but doesn't care what it is. Note that quality constants
Dianne Hackborndf83afa2010-01-20 13:37:26 -0800563 * are ordered so that higher values are more restrictive.
Dianne Hackbornd6847842010-01-12 18:14:19 -0800564 */
Dianne Hackborn9327f4f2010-01-29 10:38:29 -0800565 public static final int PASSWORD_QUALITY_SOMETHING = 0x10000;
Konstantin Lopyrev32558232010-05-20 16:18:05 -0700566
Dianne Hackborndf83afa2010-01-20 13:37:26 -0800567 /**
Dianne Hackborn9327f4f2010-01-29 10:38:29 -0800568 * Constant for {@link #setPasswordQuality}: the user must have entered a
569 * password containing at least numeric characters. Note that quality
570 * constants are ordered so that higher values are more restrictive.
Dianne Hackborndf83afa2010-01-20 13:37:26 -0800571 */
Dianne Hackborn9327f4f2010-01-29 10:38:29 -0800572 public static final int PASSWORD_QUALITY_NUMERIC = 0x20000;
Konstantin Lopyrev32558232010-05-20 16:18:05 -0700573
Dianne Hackbornd6847842010-01-12 18:14:19 -0800574 /**
Dianne Hackborn9327f4f2010-01-29 10:38:29 -0800575 * Constant for {@link #setPasswordQuality}: the user must have entered a
Jim Miller85516d02014-01-31 17:08:37 -0800576 * password containing at least numeric characters with no repeating (4444)
577 * or ordered (1234, 4321, 2468) sequences. Note that quality
578 * constants are ordered so that higher values are more restrictive.
579 */
580 public static final int PASSWORD_QUALITY_NUMERIC_COMPLEX = 0x30000;
581
582 /**
583 * Constant for {@link #setPasswordQuality}: the user must have entered a
Dianne Hackborn85f2c9c2010-03-22 11:12:48 -0700584 * password containing at least alphabetic (or other symbol) characters.
585 * Note that quality constants are ordered so that higher values are more
586 * restrictive.
587 */
588 public static final int PASSWORD_QUALITY_ALPHABETIC = 0x40000;
Konstantin Lopyrev32558232010-05-20 16:18:05 -0700589
Dianne Hackborn85f2c9c2010-03-22 11:12:48 -0700590 /**
591 * Constant for {@link #setPasswordQuality}: the user must have entered a
Dianne Hackborn9327f4f2010-01-29 10:38:29 -0800592 * password containing at least <em>both></em> numeric <em>and</em>
Dianne Hackborn85f2c9c2010-03-22 11:12:48 -0700593 * alphabetic (or other symbol) characters. Note that quality constants are
Dianne Hackborn9327f4f2010-01-29 10:38:29 -0800594 * ordered so that higher values are more restrictive.
Dianne Hackbornd6847842010-01-12 18:14:19 -0800595 */
Dianne Hackborn85f2c9c2010-03-22 11:12:48 -0700596 public static final int PASSWORD_QUALITY_ALPHANUMERIC = 0x50000;
Konstantin Lopyrev32558232010-05-20 16:18:05 -0700597
Dianne Hackbornd6847842010-01-12 18:14:19 -0800598 /**
Konstantin Lopyreva15dcfa2010-05-24 17:10:56 -0700599 * Constant for {@link #setPasswordQuality}: the user must have entered a
Konstantin Lopyrevc8577402010-06-04 17:15:02 -0700600 * password containing at least a letter, a numerical digit and a special
601 * symbol, by default. With this password quality, passwords can be
602 * restricted to contain various sets of characters, like at least an
603 * uppercase letter, etc. These are specified using various methods,
604 * like {@link #setPasswordMinimumLowerCase(ComponentName, int)}. Note
605 * that quality constants are ordered so that higher values are more
606 * restrictive.
Konstantin Lopyreva15dcfa2010-05-24 17:10:56 -0700607 */
608 public static final int PASSWORD_QUALITY_COMPLEX = 0x60000;
609
610 /**
Dianne Hackbornd6847842010-01-12 18:14:19 -0800611 * Called by an application that is administering the device to set the
612 * password restrictions it is imposing. After setting this, the user
613 * will not be able to enter a new password that is not at least as
614 * restrictive as what has been set. Note that the current password
615 * will remain until the user has set a new one, so the change does not
616 * take place immediately. To prompt the user for a new password, use
617 * {@link #ACTION_SET_NEW_PASSWORD} after setting this value.
Konstantin Lopyrev32558232010-05-20 16:18:05 -0700618 *
Dianne Hackborn9327f4f2010-01-29 10:38:29 -0800619 * <p>Quality constants are ordered so that higher values are more restrictive;
620 * thus the highest requested quality constant (between the policy set here,
Dianne Hackborndf83afa2010-01-20 13:37:26 -0800621 * the user's preference, and any other considerations) is the one that
622 * is in effect.
Konstantin Lopyrev32558232010-05-20 16:18:05 -0700623 *
Dianne Hackborn8aa2e892010-01-22 11:31:30 -0800624 * <p>The calling device admin must have requested
625 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call
626 * this method; if it has not, a security exception will be thrown.
Konstantin Lopyrev32558232010-05-20 16:18:05 -0700627 *
Dianne Hackbornef6b22f2010-02-16 20:38:49 -0800628 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
Dianne Hackborn9327f4f2010-01-29 10:38:29 -0800629 * @param quality The new desired quality. One of
630 * {@link #PASSWORD_QUALITY_UNSPECIFIED}, {@link #PASSWORD_QUALITY_SOMETHING},
Jim Miller85516d02014-01-31 17:08:37 -0800631 * {@link #PASSWORD_QUALITY_NUMERIC}, {@link #PASSWORD_QUALITY_NUMERIC_COMPLEX},
632 * {@link #PASSWORD_QUALITY_ALPHABETIC}, {@link #PASSWORD_QUALITY_ALPHANUMERIC}
633 * or {@link #PASSWORD_QUALITY_COMPLEX}.
Dianne Hackbornd6847842010-01-12 18:14:19 -0800634 */
Dianne Hackborn9327f4f2010-01-29 10:38:29 -0800635 public void setPasswordQuality(ComponentName admin, int quality) {
Dianne Hackbornd6847842010-01-12 18:14:19 -0800636 if (mService != null) {
637 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -0700638 mService.setPasswordQuality(admin, quality, UserHandle.myUserId());
Dianne Hackbornd6847842010-01-12 18:14:19 -0800639 } catch (RemoteException e) {
640 Log.w(TAG, "Failed talking with device policy service", e);
641 }
642 }
643 }
Konstantin Lopyrev32558232010-05-20 16:18:05 -0700644
Dianne Hackbornd6847842010-01-12 18:14:19 -0800645 /**
Jessica Hummel91da58d2014-04-10 17:39:43 +0100646 * Retrieve the current minimum password quality for all admins of this user
647 * and its profiles or a particular one.
Dianne Hackborn254cb442010-01-27 19:23:59 -0800648 * @param admin The name of the admin component to check, or null to aggregate
649 * all admins.
Dianne Hackbornd6847842010-01-12 18:14:19 -0800650 */
Dianne Hackborn9327f4f2010-01-29 10:38:29 -0800651 public int getPasswordQuality(ComponentName admin) {
Amith Yamasani599dd7c2012-09-14 23:20:08 -0700652 return getPasswordQuality(admin, UserHandle.myUserId());
653 }
654
655 /** @hide per-user version */
656 public int getPasswordQuality(ComponentName admin, int userHandle) {
Dianne Hackbornd6847842010-01-12 18:14:19 -0800657 if (mService != null) {
658 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -0700659 return mService.getPasswordQuality(admin, userHandle);
Dianne Hackbornd6847842010-01-12 18:14:19 -0800660 } catch (RemoteException e) {
661 Log.w(TAG, "Failed talking with device policy service", e);
662 }
663 }
Dianne Hackborn9327f4f2010-01-29 10:38:29 -0800664 return PASSWORD_QUALITY_UNSPECIFIED;
Dianne Hackbornd6847842010-01-12 18:14:19 -0800665 }
Konstantin Lopyrev32558232010-05-20 16:18:05 -0700666
Dianne Hackbornd6847842010-01-12 18:14:19 -0800667 /**
Dianne Hackbornd6847842010-01-12 18:14:19 -0800668 * Called by an application that is administering the device to set the
669 * minimum allowed password length. After setting this, the user
670 * will not be able to enter a new password that is not at least as
671 * restrictive as what has been set. Note that the current password
672 * will remain until the user has set a new one, so the change does not
673 * take place immediately. To prompt the user for a new password, use
674 * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This
675 * constraint is only imposed if the administrator has also requested either
Jim Miller85516d02014-01-31 17:08:37 -0800676 * {@link #PASSWORD_QUALITY_NUMERIC}, {@link #PASSWORD_QUALITY_NUMERIC_COMPLEX},
677 * {@link #PASSWORD_QUALITY_ALPHABETIC}, {@link #PASSWORD_QUALITY_ALPHANUMERIC},
678 * or {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}.
Konstantin Lopyrev32558232010-05-20 16:18:05 -0700679 *
Dianne Hackborn8aa2e892010-01-22 11:31:30 -0800680 * <p>The calling device admin must have requested
681 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call
682 * this method; if it has not, a security exception will be thrown.
Konstantin Lopyrev32558232010-05-20 16:18:05 -0700683 *
Dianne Hackbornef6b22f2010-02-16 20:38:49 -0800684 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
Dianne Hackbornd6847842010-01-12 18:14:19 -0800685 * @param length The new desired minimum password length. A value of 0
686 * means there is no restriction.
687 */
Dianne Hackborn254cb442010-01-27 19:23:59 -0800688 public void setPasswordMinimumLength(ComponentName admin, int length) {
Dianne Hackbornd6847842010-01-12 18:14:19 -0800689 if (mService != null) {
690 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -0700691 mService.setPasswordMinimumLength(admin, length, UserHandle.myUserId());
Dianne Hackbornd6847842010-01-12 18:14:19 -0800692 } catch (RemoteException e) {
693 Log.w(TAG, "Failed talking with device policy service", e);
694 }
695 }
696 }
Konstantin Lopyrev32558232010-05-20 16:18:05 -0700697
Dianne Hackbornd6847842010-01-12 18:14:19 -0800698 /**
Jessica Hummel91da58d2014-04-10 17:39:43 +0100699 * Retrieve the current minimum password length for all admins of this
700 * user and its profiles or a particular one.
Dianne Hackborn254cb442010-01-27 19:23:59 -0800701 * @param admin The name of the admin component to check, or null to aggregate
702 * all admins.
Dianne Hackbornd6847842010-01-12 18:14:19 -0800703 */
Dianne Hackborn254cb442010-01-27 19:23:59 -0800704 public int getPasswordMinimumLength(ComponentName admin) {
Amith Yamasani599dd7c2012-09-14 23:20:08 -0700705 return getPasswordMinimumLength(admin, UserHandle.myUserId());
706 }
707
708 /** @hide per-user version */
709 public int getPasswordMinimumLength(ComponentName admin, int userHandle) {
Dianne Hackbornd6847842010-01-12 18:14:19 -0800710 if (mService != null) {
711 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -0700712 return mService.getPasswordMinimumLength(admin, userHandle);
Dianne Hackbornd6847842010-01-12 18:14:19 -0800713 } catch (RemoteException e) {
714 Log.w(TAG, "Failed talking with device policy service", e);
715 }
716 }
717 return 0;
718 }
Konstantin Lopyrev32558232010-05-20 16:18:05 -0700719
Konstantin Lopyreva15dcfa2010-05-24 17:10:56 -0700720 /**
721 * Called by an application that is administering the device to set the
722 * minimum number of upper case letters required in the password. After
723 * setting this, the user will not be able to enter a new password that is
724 * not at least as restrictive as what has been set. Note that the current
725 * password will remain until the user has set a new one, so the change does
726 * not take place immediately. To prompt the user for a new password, use
727 * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This
728 * constraint is only imposed if the administrator has also requested
Konstantin Lopyrevc8577402010-06-04 17:15:02 -0700729 * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The
730 * default value is 0.
Konstantin Lopyreva15dcfa2010-05-24 17:10:56 -0700731 * <p>
732 * The calling device admin must have requested
733 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call
734 * this method; if it has not, a security exception will be thrown.
735 *
736 * @param admin Which {@link DeviceAdminReceiver} this request is associated
737 * with.
738 * @param length The new desired minimum number of upper case letters
739 * required in the password. A value of 0 means there is no
740 * restriction.
741 */
742 public void setPasswordMinimumUpperCase(ComponentName admin, int length) {
743 if (mService != null) {
744 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -0700745 mService.setPasswordMinimumUpperCase(admin, length, UserHandle.myUserId());
Konstantin Lopyreva15dcfa2010-05-24 17:10:56 -0700746 } catch (RemoteException e) {
747 Log.w(TAG, "Failed talking with device policy service", e);
748 }
749 }
750 }
751
752 /**
753 * Retrieve the current number of upper case letters required in the
Jessica Hummel91da58d2014-04-10 17:39:43 +0100754 * password for all admins of this user and its profiles or a particular one.
755 * This is the same value as set by
756 * {#link {@link #setPasswordMinimumUpperCase(ComponentName, int)}
Konstantin Lopyrevc8577402010-06-04 17:15:02 -0700757 * and only applies when the password quality is
758 * {@link #PASSWORD_QUALITY_COMPLEX}.
Konstantin Lopyreva15dcfa2010-05-24 17:10:56 -0700759 *
760 * @param admin The name of the admin component to check, or null to
761 * aggregate all admins.
762 * @return The minimum number of upper case letters required in the
763 * password.
764 */
765 public int getPasswordMinimumUpperCase(ComponentName admin) {
Amith Yamasani599dd7c2012-09-14 23:20:08 -0700766 return getPasswordMinimumUpperCase(admin, UserHandle.myUserId());
767 }
768
769 /** @hide per-user version */
770 public int getPasswordMinimumUpperCase(ComponentName admin, int userHandle) {
Konstantin Lopyreva15dcfa2010-05-24 17:10:56 -0700771 if (mService != null) {
772 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -0700773 return mService.getPasswordMinimumUpperCase(admin, userHandle);
Konstantin Lopyreva15dcfa2010-05-24 17:10:56 -0700774 } catch (RemoteException e) {
775 Log.w(TAG, "Failed talking with device policy service", e);
776 }
777 }
778 return 0;
779 }
780
781 /**
782 * Called by an application that is administering the device to set the
783 * minimum number of lower case letters required in the password. After
784 * setting this, the user will not be able to enter a new password that is
785 * not at least as restrictive as what has been set. Note that the current
786 * password will remain until the user has set a new one, so the change does
787 * not take place immediately. To prompt the user for a new password, use
788 * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This
789 * constraint is only imposed if the administrator has also requested
Konstantin Lopyrevc8577402010-06-04 17:15:02 -0700790 * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The
791 * default value is 0.
Konstantin Lopyreva15dcfa2010-05-24 17:10:56 -0700792 * <p>
793 * The calling device admin must have requested
794 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call
795 * this method; if it has not, a security exception will be thrown.
796 *
797 * @param admin Which {@link DeviceAdminReceiver} this request is associated
798 * with.
799 * @param length The new desired minimum number of lower case letters
800 * required in the password. A value of 0 means there is no
801 * restriction.
802 */
803 public void setPasswordMinimumLowerCase(ComponentName admin, int length) {
804 if (mService != null) {
805 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -0700806 mService.setPasswordMinimumLowerCase(admin, length, UserHandle.myUserId());
Konstantin Lopyreva15dcfa2010-05-24 17:10:56 -0700807 } catch (RemoteException e) {
808 Log.w(TAG, "Failed talking with device policy service", e);
809 }
810 }
811 }
812
813 /**
814 * Retrieve the current number of lower case letters required in the
Jessica Hummel91da58d2014-04-10 17:39:43 +0100815 * password for all admins of this user and its profiles or a particular one.
816 * This is the same value as set by
817 * {#link {@link #setPasswordMinimumLowerCase(ComponentName, int)}
Konstantin Lopyrevc8577402010-06-04 17:15:02 -0700818 * and only applies when the password quality is
819 * {@link #PASSWORD_QUALITY_COMPLEX}.
Konstantin Lopyreva15dcfa2010-05-24 17:10:56 -0700820 *
821 * @param admin The name of the admin component to check, or null to
822 * aggregate all admins.
823 * @return The minimum number of lower case letters required in the
824 * password.
825 */
826 public int getPasswordMinimumLowerCase(ComponentName admin) {
Amith Yamasani599dd7c2012-09-14 23:20:08 -0700827 return getPasswordMinimumLowerCase(admin, UserHandle.myUserId());
828 }
829
830 /** @hide per-user version */
831 public int getPasswordMinimumLowerCase(ComponentName admin, int userHandle) {
Konstantin Lopyreva15dcfa2010-05-24 17:10:56 -0700832 if (mService != null) {
833 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -0700834 return mService.getPasswordMinimumLowerCase(admin, userHandle);
Konstantin Lopyreva15dcfa2010-05-24 17:10:56 -0700835 } catch (RemoteException e) {
836 Log.w(TAG, "Failed talking with device policy service", e);
837 }
838 }
839 return 0;
840 }
841
842 /**
843 * Called by an application that is administering the device to set the
844 * minimum number of letters required in the password. After setting this,
845 * the user will not be able to enter a new password that is not at least as
846 * restrictive as what has been set. Note that the current password will
847 * remain until the user has set a new one, so the change does not take
848 * place immediately. To prompt the user for a new password, use
849 * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This
850 * constraint is only imposed if the administrator has also requested
Konstantin Lopyrevc8577402010-06-04 17:15:02 -0700851 * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The
852 * default value is 1.
Konstantin Lopyreva15dcfa2010-05-24 17:10:56 -0700853 * <p>
854 * The calling device admin must have requested
855 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call
856 * this method; if it has not, a security exception will be thrown.
857 *
858 * @param admin Which {@link DeviceAdminReceiver} this request is associated
859 * with.
860 * @param length The new desired minimum number of letters required in the
861 * password. A value of 0 means there is no restriction.
862 */
863 public void setPasswordMinimumLetters(ComponentName admin, int length) {
864 if (mService != null) {
865 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -0700866 mService.setPasswordMinimumLetters(admin, length, UserHandle.myUserId());
Konstantin Lopyreva15dcfa2010-05-24 17:10:56 -0700867 } catch (RemoteException e) {
868 Log.w(TAG, "Failed talking with device policy service", e);
869 }
870 }
871 }
872
873 /**
874 * Retrieve the current number of letters required in the password for all
Konstantin Lopyrevc8577402010-06-04 17:15:02 -0700875 * admins or a particular one. This is the same value as
876 * set by {#link {@link #setPasswordMinimumLetters(ComponentName, int)}
877 * and only applies when the password quality is
878 * {@link #PASSWORD_QUALITY_COMPLEX}.
Konstantin Lopyreva15dcfa2010-05-24 17:10:56 -0700879 *
880 * @param admin The name of the admin component to check, or null to
881 * aggregate all admins.
882 * @return The minimum number of letters required in the password.
883 */
884 public int getPasswordMinimumLetters(ComponentName admin) {
Amith Yamasani599dd7c2012-09-14 23:20:08 -0700885 return getPasswordMinimumLetters(admin, UserHandle.myUserId());
886 }
887
888 /** @hide per-user version */
889 public int getPasswordMinimumLetters(ComponentName admin, int userHandle) {
Konstantin Lopyreva15dcfa2010-05-24 17:10:56 -0700890 if (mService != null) {
891 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -0700892 return mService.getPasswordMinimumLetters(admin, userHandle);
Konstantin Lopyreva15dcfa2010-05-24 17:10:56 -0700893 } catch (RemoteException e) {
894 Log.w(TAG, "Failed talking with device policy service", e);
895 }
896 }
897 return 0;
898 }
899
900 /**
901 * Called by an application that is administering the device to set the
902 * minimum number of numerical digits required in the password. After
903 * setting this, the user will not be able to enter a new password that is
904 * not at least as restrictive as what has been set. Note that the current
905 * password will remain until the user has set a new one, so the change does
906 * not take place immediately. To prompt the user for a new password, use
907 * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This
908 * constraint is only imposed if the administrator has also requested
Konstantin Lopyrevc8577402010-06-04 17:15:02 -0700909 * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The
910 * default value is 1.
Konstantin Lopyreva15dcfa2010-05-24 17:10:56 -0700911 * <p>
912 * The calling device admin must have requested
913 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call
914 * this method; if it has not, a security exception will be thrown.
915 *
916 * @param admin Which {@link DeviceAdminReceiver} this request is associated
917 * with.
918 * @param length The new desired minimum number of numerical digits required
919 * in the password. A value of 0 means there is no restriction.
920 */
921 public void setPasswordMinimumNumeric(ComponentName admin, int length) {
922 if (mService != null) {
923 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -0700924 mService.setPasswordMinimumNumeric(admin, length, UserHandle.myUserId());
Konstantin Lopyreva15dcfa2010-05-24 17:10:56 -0700925 } catch (RemoteException e) {
926 Log.w(TAG, "Failed talking with device policy service", e);
927 }
928 }
929 }
930
931 /**
932 * Retrieve the current number of numerical digits required in the password
Jessica Hummel91da58d2014-04-10 17:39:43 +0100933 * for all admins of this user and its profiles or a particular one.
934 * This is the same value as set by
935 * {#link {@link #setPasswordMinimumNumeric(ComponentName, int)}
Konstantin Lopyrevc8577402010-06-04 17:15:02 -0700936 * and only applies when the password quality is
937 * {@link #PASSWORD_QUALITY_COMPLEX}.
Konstantin Lopyreva15dcfa2010-05-24 17:10:56 -0700938 *
939 * @param admin The name of the admin component to check, or null to
940 * aggregate all admins.
941 * @return The minimum number of numerical digits required in the password.
942 */
943 public int getPasswordMinimumNumeric(ComponentName admin) {
Amith Yamasani599dd7c2012-09-14 23:20:08 -0700944 return getPasswordMinimumNumeric(admin, UserHandle.myUserId());
945 }
946
947 /** @hide per-user version */
948 public int getPasswordMinimumNumeric(ComponentName admin, int userHandle) {
Konstantin Lopyreva15dcfa2010-05-24 17:10:56 -0700949 if (mService != null) {
950 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -0700951 return mService.getPasswordMinimumNumeric(admin, userHandle);
Konstantin Lopyreva15dcfa2010-05-24 17:10:56 -0700952 } catch (RemoteException e) {
953 Log.w(TAG, "Failed talking with device policy service", e);
954 }
955 }
956 return 0;
957 }
958
959 /**
960 * Called by an application that is administering the device to set the
961 * minimum number of symbols required in the password. After setting this,
962 * the user will not be able to enter a new password that is not at least as
963 * restrictive as what has been set. Note that the current password will
964 * remain until the user has set a new one, so the change does not take
965 * place immediately. To prompt the user for a new password, use
966 * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This
967 * constraint is only imposed if the administrator has also requested
Konstantin Lopyrevc8577402010-06-04 17:15:02 -0700968 * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The
969 * default value is 1.
Konstantin Lopyreva15dcfa2010-05-24 17:10:56 -0700970 * <p>
971 * The calling device admin must have requested
972 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call
973 * this method; if it has not, a security exception will be thrown.
974 *
975 * @param admin Which {@link DeviceAdminReceiver} this request is associated
976 * with.
977 * @param length The new desired minimum number of symbols required in the
978 * password. A value of 0 means there is no restriction.
979 */
980 public void setPasswordMinimumSymbols(ComponentName admin, int length) {
981 if (mService != null) {
982 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -0700983 mService.setPasswordMinimumSymbols(admin, length, UserHandle.myUserId());
Konstantin Lopyreva15dcfa2010-05-24 17:10:56 -0700984 } catch (RemoteException e) {
985 Log.w(TAG, "Failed talking with device policy service", e);
986 }
987 }
988 }
989
990 /**
991 * Retrieve the current number of symbols required in the password for all
Konstantin Lopyrevc8577402010-06-04 17:15:02 -0700992 * admins or a particular one. This is the same value as
993 * set by {#link {@link #setPasswordMinimumSymbols(ComponentName, int)}
994 * and only applies when the password quality is
995 * {@link #PASSWORD_QUALITY_COMPLEX}.
Konstantin Lopyreva15dcfa2010-05-24 17:10:56 -0700996 *
997 * @param admin The name of the admin component to check, or null to
998 * aggregate all admins.
999 * @return The minimum number of symbols required in the password.
1000 */
1001 public int getPasswordMinimumSymbols(ComponentName admin) {
Amith Yamasani599dd7c2012-09-14 23:20:08 -07001002 return getPasswordMinimumSymbols(admin, UserHandle.myUserId());
1003 }
1004
1005 /** @hide per-user version */
1006 public int getPasswordMinimumSymbols(ComponentName admin, int userHandle) {
Konstantin Lopyreva15dcfa2010-05-24 17:10:56 -07001007 if (mService != null) {
1008 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -07001009 return mService.getPasswordMinimumSymbols(admin, userHandle);
Konstantin Lopyreva15dcfa2010-05-24 17:10:56 -07001010 } catch (RemoteException e) {
1011 Log.w(TAG, "Failed talking with device policy service", e);
1012 }
1013 }
1014 return 0;
1015 }
1016
Konstantin Lopyrevc8577402010-06-04 17:15:02 -07001017 /**
1018 * Called by an application that is administering the device to set the
1019 * minimum number of non-letter characters (numerical digits or symbols)
1020 * required in the password. After setting this, the user will not be able
1021 * to enter a new password that is not at least as restrictive as what has
1022 * been set. Note that the current password will remain until the user has
1023 * set a new one, so the change does not take place immediately. To prompt
1024 * the user for a new password, use {@link #ACTION_SET_NEW_PASSWORD} after
1025 * setting this value. This constraint is only imposed if the administrator
1026 * has also requested {@link #PASSWORD_QUALITY_COMPLEX} with
1027 * {@link #setPasswordQuality}. The default value is 0.
1028 * <p>
1029 * The calling device admin must have requested
1030 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call
1031 * this method; if it has not, a security exception will be thrown.
1032 *
1033 * @param admin Which {@link DeviceAdminReceiver} this request is associated
1034 * with.
1035 * @param length The new desired minimum number of letters required in the
1036 * password. A value of 0 means there is no restriction.
1037 */
1038 public void setPasswordMinimumNonLetter(ComponentName admin, int length) {
1039 if (mService != null) {
1040 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -07001041 mService.setPasswordMinimumNonLetter(admin, length, UserHandle.myUserId());
Konstantin Lopyrevc8577402010-06-04 17:15:02 -07001042 } catch (RemoteException e) {
1043 Log.w(TAG, "Failed talking with device policy service", e);
1044 }
1045 }
1046 }
1047
1048 /**
1049 * Retrieve the current number of non-letter characters required in the
Jessica Hummel91da58d2014-04-10 17:39:43 +01001050 * password for all admins of this user and its profiles or a particular one.
1051 * This is the same value as set by
1052 * {#link {@link #setPasswordMinimumNonLetter(ComponentName, int)}
Konstantin Lopyrevc8577402010-06-04 17:15:02 -07001053 * and only applies when the password quality is
1054 * {@link #PASSWORD_QUALITY_COMPLEX}.
1055 *
1056 * @param admin The name of the admin component to check, or null to
1057 * aggregate all admins.
1058 * @return The minimum number of letters required in the password.
1059 */
1060 public int getPasswordMinimumNonLetter(ComponentName admin) {
Amith Yamasani599dd7c2012-09-14 23:20:08 -07001061 return getPasswordMinimumNonLetter(admin, UserHandle.myUserId());
1062 }
1063
1064 /** @hide per-user version */
1065 public int getPasswordMinimumNonLetter(ComponentName admin, int userHandle) {
Konstantin Lopyrevc8577402010-06-04 17:15:02 -07001066 if (mService != null) {
1067 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -07001068 return mService.getPasswordMinimumNonLetter(admin, userHandle);
Konstantin Lopyrevc8577402010-06-04 17:15:02 -07001069 } catch (RemoteException e) {
1070 Log.w(TAG, "Failed talking with device policy service", e);
1071 }
1072 }
1073 return 0;
1074 }
1075
Konstantin Lopyrev32558232010-05-20 16:18:05 -07001076 /**
1077 * Called by an application that is administering the device to set the length
1078 * of the password history. After setting this, the user will not be able to
1079 * enter a new password that is the same as any password in the history. Note
1080 * that the current password will remain until the user has set a new one, so
1081 * the change does not take place immediately. To prompt the user for a new
1082 * password, use {@link #ACTION_SET_NEW_PASSWORD} after setting this value.
1083 * This constraint is only imposed if the administrator has also requested
Jim Miller85516d02014-01-31 17:08:37 -08001084 * either {@link #PASSWORD_QUALITY_NUMERIC}, {@link #PASSWORD_QUALITY_NUMERIC_COMPLEX}
1085 * {@link #PASSWORD_QUALITY_ALPHABETIC}, or {@link #PASSWORD_QUALITY_ALPHANUMERIC}
1086 * with {@link #setPasswordQuality}.
Konstantin Lopyrev32558232010-05-20 16:18:05 -07001087 *
1088 * <p>
1089 * The calling device admin must have requested
1090 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call this
1091 * method; if it has not, a security exception will be thrown.
1092 *
1093 * @param admin Which {@link DeviceAdminReceiver} this request is associated
1094 * with.
1095 * @param length The new desired length of password history. A value of 0
1096 * means there is no restriction.
1097 */
1098 public void setPasswordHistoryLength(ComponentName admin, int length) {
1099 if (mService != null) {
1100 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -07001101 mService.setPasswordHistoryLength(admin, length, UserHandle.myUserId());
Konstantin Lopyrev32558232010-05-20 16:18:05 -07001102 } catch (RemoteException e) {
1103 Log.w(TAG, "Failed talking with device policy service", e);
1104 }
1105 }
1106 }
1107
1108 /**
Jim Millera4e28d12010-11-08 16:15:47 -08001109 * Called by a device admin to set the password expiration timeout. Calling this method
1110 * will restart the countdown for password expiration for the given admin, as will changing
1111 * the device password (for all admins).
1112 *
1113 * <p>The provided timeout is the time delta in ms and will be added to the current time.
1114 * For example, to have the password expire 5 days from now, timeout would be
1115 * 5 * 86400 * 1000 = 432000000 ms for timeout.
1116 *
1117 * <p>To disable password expiration, a value of 0 may be used for timeout.
1118 *
Jim Millera4e28d12010-11-08 16:15:47 -08001119 * <p>The calling device admin must have requested
1120 * {@link DeviceAdminInfo#USES_POLICY_EXPIRE_PASSWORD} to be able to call this
1121 * method; if it has not, a security exception will be thrown.
1122 *
Jessica Hummel9da60392014-05-21 12:32:57 +01001123 * <p> Note that setting the password will automatically reset the expiration time for all
1124 * active admins. Active admins do not need to explicitly call this method in that case.
1125 *
Jim Millera4e28d12010-11-08 16:15:47 -08001126 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
1127 * @param timeout The limit (in ms) that a password can remain in effect. A value of 0
1128 * means there is no restriction (unlimited).
1129 */
1130 public void setPasswordExpirationTimeout(ComponentName admin, long timeout) {
1131 if (mService != null) {
1132 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -07001133 mService.setPasswordExpirationTimeout(admin, timeout, UserHandle.myUserId());
Jim Millera4e28d12010-11-08 16:15:47 -08001134 } catch (RemoteException e) {
1135 Log.w(TAG, "Failed talking with device policy service", e);
1136 }
1137 }
1138 }
1139
1140 /**
Jim Miller6b857682011-02-16 16:27:41 -08001141 * Get the password expiration timeout for the given admin. The expiration timeout is the
1142 * recurring expiration timeout provided in the call to
1143 * {@link #setPasswordExpirationTimeout(ComponentName, long)} for the given admin or the
1144 * aggregate of all policy administrators if admin is null.
Jim Millera4e28d12010-11-08 16:15:47 -08001145 *
1146 * @param admin The name of the admin component to check, or null to aggregate all admins.
1147 * @return The timeout for the given admin or the minimum of all timeouts
1148 */
1149 public long getPasswordExpirationTimeout(ComponentName admin) {
1150 if (mService != null) {
1151 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -07001152 return mService.getPasswordExpirationTimeout(admin, UserHandle.myUserId());
Jim Millera4e28d12010-11-08 16:15:47 -08001153 } catch (RemoteException e) {
1154 Log.w(TAG, "Failed talking with device policy service", e);
1155 }
1156 }
1157 return 0;
1158 }
1159
1160 /**
1161 * Get the current password expiration time for the given admin or an aggregate of
Jessica Hummel91da58d2014-04-10 17:39:43 +01001162 * all admins of this user and its profiles if admin is null. If the password is
1163 * expired, this will return the time since the password expired as a negative number.
1164 * If admin is null, then a composite of all expiration timeouts is returned
1165 * - which will be the minimum of all timeouts.
Jim Millera4e28d12010-11-08 16:15:47 -08001166 *
1167 * @param admin The name of the admin component to check, or null to aggregate all admins.
1168 * @return The password expiration time, in ms.
1169 */
1170 public long getPasswordExpiration(ComponentName admin) {
1171 if (mService != null) {
1172 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -07001173 return mService.getPasswordExpiration(admin, UserHandle.myUserId());
Jim Millera4e28d12010-11-08 16:15:47 -08001174 } catch (RemoteException e) {
1175 Log.w(TAG, "Failed talking with device policy service", e);
1176 }
1177 }
1178 return 0;
1179 }
1180
1181 /**
Jessica Hummel91da58d2014-04-10 17:39:43 +01001182 * Retrieve the current password history length for all admins of this
1183 * user and its profiles or a particular one.
Konstantin Lopyrev32558232010-05-20 16:18:05 -07001184 * @param admin The name of the admin component to check, or null to aggregate
1185 * all admins.
1186 * @return The length of the password history
1187 */
1188 public int getPasswordHistoryLength(ComponentName admin) {
Amith Yamasani599dd7c2012-09-14 23:20:08 -07001189 return getPasswordHistoryLength(admin, UserHandle.myUserId());
1190 }
1191
1192 /** @hide per-user version */
1193 public int getPasswordHistoryLength(ComponentName admin, int userHandle) {
Konstantin Lopyrev32558232010-05-20 16:18:05 -07001194 if (mService != null) {
1195 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -07001196 return mService.getPasswordHistoryLength(admin, userHandle);
Konstantin Lopyrev32558232010-05-20 16:18:05 -07001197 } catch (RemoteException e) {
1198 Log.w(TAG, "Failed talking with device policy service", e);
1199 }
1200 }
1201 return 0;
1202 }
1203
Dianne Hackbornd6847842010-01-12 18:14:19 -08001204 /**
Dianne Hackborn254cb442010-01-27 19:23:59 -08001205 * Return the maximum password length that the device supports for a
Dianne Hackborn9327f4f2010-01-29 10:38:29 -08001206 * particular password quality.
Dianne Hackborn364f6e32010-01-29 17:38:20 -08001207 * @param quality The quality being interrogated.
Dianne Hackborn254cb442010-01-27 19:23:59 -08001208 * @return Returns the maximum length that the user can enter.
1209 */
Dianne Hackborn9327f4f2010-01-29 10:38:29 -08001210 public int getPasswordMaximumLength(int quality) {
Dianne Hackborn254cb442010-01-27 19:23:59 -08001211 // Kind-of arbitrary.
1212 return 16;
1213 }
Konstantin Lopyrev32558232010-05-20 16:18:05 -07001214
Dianne Hackborn254cb442010-01-27 19:23:59 -08001215 /**
Dianne Hackborndf83afa2010-01-20 13:37:26 -08001216 * Determine whether the current password the user has set is sufficient
Dianne Hackborn9327f4f2010-01-29 10:38:29 -08001217 * to meet the policy requirements (quality, minimum length) that have been
Jessica Hummel91da58d2014-04-10 17:39:43 +01001218 * requested by the admins of this user and its profiles.
Konstantin Lopyrev32558232010-05-20 16:18:05 -07001219 *
Dianne Hackborn8aa2e892010-01-22 11:31:30 -08001220 * <p>The calling device admin must have requested
1221 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call
1222 * this method; if it has not, a security exception will be thrown.
Konstantin Lopyrev32558232010-05-20 16:18:05 -07001223 *
Jessica Hummel91da58d2014-04-10 17:39:43 +01001224 * @return Returns true if the password meets the current requirements, else false.
Dianne Hackbornd6847842010-01-12 18:14:19 -08001225 */
Dianne Hackborndf83afa2010-01-20 13:37:26 -08001226 public boolean isActivePasswordSufficient() {
Dianne Hackbornd6847842010-01-12 18:14:19 -08001227 if (mService != null) {
1228 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -07001229 return mService.isActivePasswordSufficient(UserHandle.myUserId());
Dianne Hackbornd6847842010-01-12 18:14:19 -08001230 } catch (RemoteException e) {
1231 Log.w(TAG, "Failed talking with device policy service", e);
1232 }
1233 }
Dianne Hackborndf83afa2010-01-20 13:37:26 -08001234 return false;
Dianne Hackbornd6847842010-01-12 18:14:19 -08001235 }
Konstantin Lopyrev32558232010-05-20 16:18:05 -07001236
Dianne Hackbornd6847842010-01-12 18:14:19 -08001237 /**
1238 * Retrieve the number of times the user has failed at entering a
1239 * password since that last successful password entry.
Konstantin Lopyrev32558232010-05-20 16:18:05 -07001240 *
Dianne Hackborn8aa2e892010-01-22 11:31:30 -08001241 * <p>The calling device admin must have requested
1242 * {@link DeviceAdminInfo#USES_POLICY_WATCH_LOGIN} to be able to call
1243 * this method; if it has not, a security exception will be thrown.
Dianne Hackbornd6847842010-01-12 18:14:19 -08001244 */
1245 public int getCurrentFailedPasswordAttempts() {
1246 if (mService != null) {
1247 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -07001248 return mService.getCurrentFailedPasswordAttempts(UserHandle.myUserId());
Dianne Hackbornd6847842010-01-12 18:14:19 -08001249 } catch (RemoteException e) {
1250 Log.w(TAG, "Failed talking with device policy service", e);
1251 }
1252 }
1253 return -1;
1254 }
Dianne Hackborndf83afa2010-01-20 13:37:26 -08001255
1256 /**
Andrew Stadler88209d12010-02-08 22:59:36 -08001257 * Setting this to a value greater than zero enables a built-in policy
1258 * that will perform a device wipe after too many incorrect
1259 * device-unlock passwords have been entered. This built-in policy combines
1260 * watching for failed passwords and wiping the device, and requires
1261 * that you request both {@link DeviceAdminInfo#USES_POLICY_WATCH_LOGIN} and
Dianne Hackborn8ea138c2010-01-26 18:01:04 -08001262 * {@link DeviceAdminInfo#USES_POLICY_WIPE_DATA}}.
Konstantin Lopyrev32558232010-05-20 16:18:05 -07001263 *
Andrew Stadler88209d12010-02-08 22:59:36 -08001264 * <p>To implement any other policy (e.g. wiping data for a particular
1265 * application only, erasing or revoking credentials, or reporting the
1266 * failure to a server), you should implement
Dianne Hackbornef6b22f2010-02-16 20:38:49 -08001267 * {@link DeviceAdminReceiver#onPasswordFailed(Context, android.content.Intent)}
Andrew Stadler88209d12010-02-08 22:59:36 -08001268 * instead. Do not use this API, because if the maximum count is reached,
1269 * the device will be wiped immediately, and your callback will not be invoked.
Konstantin Lopyrev32558232010-05-20 16:18:05 -07001270 *
Dianne Hackbornef6b22f2010-02-16 20:38:49 -08001271 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
Dianne Hackborn8ea138c2010-01-26 18:01:04 -08001272 * @param num The number of failed password attempts at which point the
1273 * device will wipe its data.
1274 */
1275 public void setMaximumFailedPasswordsForWipe(ComponentName admin, int num) {
1276 if (mService != null) {
1277 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -07001278 mService.setMaximumFailedPasswordsForWipe(admin, num, UserHandle.myUserId());
Dianne Hackborn8ea138c2010-01-26 18:01:04 -08001279 } catch (RemoteException e) {
1280 Log.w(TAG, "Failed talking with device policy service", e);
1281 }
1282 }
1283 }
Konstantin Lopyrev32558232010-05-20 16:18:05 -07001284
Dianne Hackborn8ea138c2010-01-26 18:01:04 -08001285 /**
Dianne Hackborn254cb442010-01-27 19:23:59 -08001286 * Retrieve the current maximum number of login attempts that are allowed
Jessica Hummel91da58d2014-04-10 17:39:43 +01001287 * before the device wipes itself, for all admins of this user and its profiles
Dianne Hackborn254cb442010-01-27 19:23:59 -08001288 * or a particular one.
1289 * @param admin The name of the admin component to check, or null to aggregate
1290 * all admins.
1291 */
1292 public int getMaximumFailedPasswordsForWipe(ComponentName admin) {
Amith Yamasani599dd7c2012-09-14 23:20:08 -07001293 return getMaximumFailedPasswordsForWipe(admin, UserHandle.myUserId());
1294 }
1295
1296 /** @hide per-user version */
1297 public int getMaximumFailedPasswordsForWipe(ComponentName admin, int userHandle) {
Dianne Hackborn254cb442010-01-27 19:23:59 -08001298 if (mService != null) {
1299 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -07001300 return mService.getMaximumFailedPasswordsForWipe(admin, userHandle);
Dianne Hackborn254cb442010-01-27 19:23:59 -08001301 } catch (RemoteException e) {
1302 Log.w(TAG, "Failed talking with device policy service", e);
1303 }
1304 }
1305 return 0;
1306 }
Konstantin Lopyrev32558232010-05-20 16:18:05 -07001307
Dianne Hackborn254cb442010-01-27 19:23:59 -08001308 /**
Dianne Hackborn87bba1e2010-02-26 17:25:54 -08001309 * Flag for {@link #resetPassword}: don't allow other admins to change
1310 * the password again until the user has entered it.
1311 */
1312 public static final int RESET_PASSWORD_REQUIRE_ENTRY = 0x0001;
Konstantin Lopyrev32558232010-05-20 16:18:05 -07001313
Dianne Hackborn87bba1e2010-02-26 17:25:54 -08001314 /**
Dianne Hackbornef6b22f2010-02-16 20:38:49 -08001315 * Force a new device unlock password (the password needed to access the
1316 * entire device, not for individual accounts) on the user. This takes
1317 * effect immediately.
Dianne Hackborn9327f4f2010-01-29 10:38:29 -08001318 * The given password must be sufficient for the
1319 * current password quality and length constraints as returned by
1320 * {@link #getPasswordQuality(ComponentName)} and
1321 * {@link #getPasswordMinimumLength(ComponentName)}; if it does not meet
1322 * these constraints, then it will be rejected and false returned. Note
1323 * that the password may be a stronger quality (containing alphanumeric
1324 * characters when the requested quality is only numeric), in which case
1325 * the currently active quality will be increased to match.
Konstantin Lopyrev32558232010-05-20 16:18:05 -07001326 *
Dianne Hackborn8aa2e892010-01-22 11:31:30 -08001327 * <p>The calling device admin must have requested
1328 * {@link DeviceAdminInfo#USES_POLICY_RESET_PASSWORD} to be able to call
1329 * this method; if it has not, a security exception will be thrown.
Konstantin Lopyrev32558232010-05-20 16:18:05 -07001330 *
Jessica Hummel91da58d2014-04-10 17:39:43 +01001331 * Can not be called from a managed profile.
1332 *
Dianne Hackborndf83afa2010-01-20 13:37:26 -08001333 * @param password The new password for the user.
Dianne Hackborn87bba1e2010-02-26 17:25:54 -08001334 * @param flags May be 0 or {@link #RESET_PASSWORD_REQUIRE_ENTRY}.
Dianne Hackborndf83afa2010-01-20 13:37:26 -08001335 * @return Returns true if the password was applied, or false if it is
1336 * not acceptable for the current constraints.
1337 */
Dianne Hackborn87bba1e2010-02-26 17:25:54 -08001338 public boolean resetPassword(String password, int flags) {
Dianne Hackborndf83afa2010-01-20 13:37:26 -08001339 if (mService != null) {
1340 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -07001341 return mService.resetPassword(password, flags, UserHandle.myUserId());
Dianne Hackborndf83afa2010-01-20 13:37:26 -08001342 } catch (RemoteException e) {
1343 Log.w(TAG, "Failed talking with device policy service", e);
1344 }
1345 }
1346 return false;
1347 }
Konstantin Lopyrev32558232010-05-20 16:18:05 -07001348
Dianne Hackbornd6847842010-01-12 18:14:19 -08001349 /**
1350 * Called by an application that is administering the device to set the
1351 * maximum time for user activity until the device will lock. This limits
1352 * the length that the user can set. It takes effect immediately.
Konstantin Lopyrev32558232010-05-20 16:18:05 -07001353 *
Dianne Hackborn8aa2e892010-01-22 11:31:30 -08001354 * <p>The calling device admin must have requested
Dianne Hackborn315ada72010-02-11 12:14:08 -08001355 * {@link DeviceAdminInfo#USES_POLICY_FORCE_LOCK} to be able to call
Dianne Hackborn8aa2e892010-01-22 11:31:30 -08001356 * this method; if it has not, a security exception will be thrown.
Konstantin Lopyrev32558232010-05-20 16:18:05 -07001357 *
Dianne Hackbornef6b22f2010-02-16 20:38:49 -08001358 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
Dianne Hackbornd6847842010-01-12 18:14:19 -08001359 * @param timeMs The new desired maximum time to lock in milliseconds.
1360 * A value of 0 means there is no restriction.
1361 */
1362 public void setMaximumTimeToLock(ComponentName admin, long timeMs) {
1363 if (mService != null) {
1364 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -07001365 mService.setMaximumTimeToLock(admin, timeMs, UserHandle.myUserId());
Dianne Hackbornd6847842010-01-12 18:14:19 -08001366 } catch (RemoteException e) {
1367 Log.w(TAG, "Failed talking with device policy service", e);
1368 }
1369 }
1370 }
Konstantin Lopyrev32558232010-05-20 16:18:05 -07001371
Dianne Hackbornd6847842010-01-12 18:14:19 -08001372 /**
Jessica Hummel91da58d2014-04-10 17:39:43 +01001373 * Retrieve the current maximum time to unlock for all admins of this user
1374 * and its profiles or a particular one.
Dianne Hackborn254cb442010-01-27 19:23:59 -08001375 * @param admin The name of the admin component to check, or null to aggregate
1376 * all admins.
Dianne Hackbornd6847842010-01-12 18:14:19 -08001377 */
Dianne Hackborn254cb442010-01-27 19:23:59 -08001378 public long getMaximumTimeToLock(ComponentName admin) {
Amith Yamasani599dd7c2012-09-14 23:20:08 -07001379 return getMaximumTimeToLock(admin, UserHandle.myUserId());
1380 }
1381
1382 /** @hide per-user version */
1383 public long getMaximumTimeToLock(ComponentName admin, int userHandle) {
Dianne Hackbornd6847842010-01-12 18:14:19 -08001384 if (mService != null) {
1385 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -07001386 return mService.getMaximumTimeToLock(admin, userHandle);
Dianne Hackbornd6847842010-01-12 18:14:19 -08001387 } catch (RemoteException e) {
1388 Log.w(TAG, "Failed talking with device policy service", e);
1389 }
1390 }
1391 return 0;
1392 }
Konstantin Lopyrev32558232010-05-20 16:18:05 -07001393
Dianne Hackbornd6847842010-01-12 18:14:19 -08001394 /**
Dianne Hackborndf83afa2010-01-20 13:37:26 -08001395 * Make the device lock immediately, as if the lock screen timeout has
1396 * expired at the point of this call.
Konstantin Lopyrev32558232010-05-20 16:18:05 -07001397 *
Dianne Hackborn8aa2e892010-01-22 11:31:30 -08001398 * <p>The calling device admin must have requested
1399 * {@link DeviceAdminInfo#USES_POLICY_FORCE_LOCK} to be able to call
1400 * this method; if it has not, a security exception will be thrown.
Dianne Hackbornd6847842010-01-12 18:14:19 -08001401 */
Dianne Hackborndf83afa2010-01-20 13:37:26 -08001402 public void lockNow() {
1403 if (mService != null) {
1404 try {
1405 mService.lockNow();
1406 } catch (RemoteException e) {
1407 Log.w(TAG, "Failed talking with device policy service", e);
1408 }
1409 }
1410 }
Konstantin Lopyrev32558232010-05-20 16:18:05 -07001411
Dianne Hackbornd6847842010-01-12 18:14:19 -08001412 /**
Dianne Hackborn42499172010-10-15 18:45:07 -07001413 * Flag for {@link #wipeData(int)}: also erase the device's external
1414 * storage.
1415 */
1416 public static final int WIPE_EXTERNAL_STORAGE = 0x0001;
1417
1418 /**
Paul Quei2450a0e2013-09-20 09:26:21 +08001419 * Ask the user data be wiped. This will cause the device to reboot,
Dianne Hackborndf83afa2010-01-20 13:37:26 -08001420 * erasing all user data while next booting up. External storage such
Masanori Oginof535cb042012-02-15 19:25:50 +09001421 * as SD cards will be also erased if the flag {@link #WIPE_EXTERNAL_STORAGE}
1422 * is set.
Konstantin Lopyrev32558232010-05-20 16:18:05 -07001423 *
Dianne Hackborn8aa2e892010-01-22 11:31:30 -08001424 * <p>The calling device admin must have requested
1425 * {@link DeviceAdminInfo#USES_POLICY_WIPE_DATA} to be able to call
1426 * this method; if it has not, a security exception will be thrown.
Konstantin Lopyrev32558232010-05-20 16:18:05 -07001427 *
Masanori Oginof535cb042012-02-15 19:25:50 +09001428 * @param flags Bit mask of additional options: currently 0 and
1429 * {@link #WIPE_EXTERNAL_STORAGE} are supported.
Dianne Hackbornd6847842010-01-12 18:14:19 -08001430 */
1431 public void wipeData(int flags) {
1432 if (mService != null) {
1433 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -07001434 mService.wipeData(flags, UserHandle.myUserId());
Dianne Hackbornd6847842010-01-12 18:14:19 -08001435 } catch (RemoteException e) {
1436 Log.w(TAG, "Failed talking with device policy service", e);
1437 }
1438 }
1439 }
Konstantin Lopyrev32558232010-05-20 16:18:05 -07001440
Dianne Hackbornd6847842010-01-12 18:14:19 -08001441 /**
Oscar Montemayor69238c62010-08-03 10:51:06 -07001442 * Called by an application that is administering the device to set the
1443 * global proxy and exclusion list.
1444 * <p>
1445 * The calling device admin must have requested
1446 * {@link DeviceAdminInfo#USES_POLICY_SETS_GLOBAL_PROXY} to be able to call
1447 * this method; if it has not, a security exception will be thrown.
1448 * Only the first device admin can set the proxy. If a second admin attempts
1449 * to set the proxy, the {@link ComponentName} of the admin originally setting the
1450 * proxy will be returned. If successful in setting the proxy, null will
1451 * be returned.
1452 * The method can be called repeatedly by the device admin alrady setting the
1453 * proxy to update the proxy and exclusion list.
1454 *
1455 * @param admin Which {@link DeviceAdminReceiver} this request is associated
1456 * with.
1457 * @param proxySpec the global proxy desired. Must be an HTTP Proxy.
1458 * Pass Proxy.NO_PROXY to reset the proxy.
1459 * @param exclusionList a list of domains to be excluded from the global proxy.
Oscar Montemayor69238c62010-08-03 10:51:06 -07001460 * @return returns null if the proxy was successfully set, or a {@link ComponentName}
1461 * of the device admin that sets thew proxy otherwise.
Andy Stadlerd2672722011-02-16 10:53:33 -08001462 * @hide
Oscar Montemayor69238c62010-08-03 10:51:06 -07001463 */
1464 public ComponentName setGlobalProxy(ComponentName admin, Proxy proxySpec,
1465 List<String> exclusionList ) {
1466 if (proxySpec == null) {
1467 throw new NullPointerException();
1468 }
1469 if (mService != null) {
1470 try {
1471 String hostSpec;
1472 String exclSpec;
1473 if (proxySpec.equals(Proxy.NO_PROXY)) {
1474 hostSpec = null;
1475 exclSpec = null;
1476 } else {
1477 if (!proxySpec.type().equals(Proxy.Type.HTTP)) {
1478 throw new IllegalArgumentException();
1479 }
1480 InetSocketAddress sa = (InetSocketAddress)proxySpec.address();
1481 String hostName = sa.getHostName();
1482 int port = sa.getPort();
1483 StringBuilder hostBuilder = new StringBuilder();
1484 hostSpec = hostBuilder.append(hostName)
1485 .append(":").append(Integer.toString(port)).toString();
1486 if (exclusionList == null) {
1487 exclSpec = "";
1488 } else {
1489 StringBuilder listBuilder = new StringBuilder();
1490 boolean firstDomain = true;
1491 for (String exclDomain : exclusionList) {
1492 if (!firstDomain) {
1493 listBuilder = listBuilder.append(",");
1494 } else {
1495 firstDomain = false;
1496 }
1497 listBuilder = listBuilder.append(exclDomain.trim());
1498 }
1499 exclSpec = listBuilder.toString();
1500 }
Yuhao Zheng90704842014-02-28 17:22:45 -08001501 if (android.net.Proxy.validate(hostName, Integer.toString(port), exclSpec)
1502 != android.net.Proxy.PROXY_VALID)
1503 throw new IllegalArgumentException();
Oscar Montemayor69238c62010-08-03 10:51:06 -07001504 }
Amith Yamasani599dd7c2012-09-14 23:20:08 -07001505 return mService.setGlobalProxy(admin, hostSpec, exclSpec, UserHandle.myUserId());
Oscar Montemayor69238c62010-08-03 10:51:06 -07001506 } catch (RemoteException e) {
1507 Log.w(TAG, "Failed talking with device policy service", e);
1508 }
1509 }
1510 return null;
1511 }
1512
1513 /**
Jason Monk03bc9912014-05-13 09:44:57 -04001514 * Set a network-independent global HTTP proxy. This is not normally what you want
1515 * for typical HTTP proxies - they are generally network dependent. However if you're
1516 * doing something unusual like general internal filtering this may be useful. On
1517 * a private network where the proxy is not accessible, you may break HTTP using this.
1518 *
1519 * <p>This method requires the caller to be the device owner.
1520 *
1521 * <p>This proxy is only a recommendation and it is possible that some apps will ignore it.
1522 * @see ProxyInfo
1523 *
1524 * @param admin Which {@link DeviceAdminReceiver} this request is associated
1525 * with.
1526 * @param proxyInfo The a {@link ProxyInfo} object defining the new global
1527 * HTTP proxy. A {@code null} value will clear the global HTTP proxy.
1528 */
1529 public void setRecommendedGlobalProxy(ComponentName admin, ProxyInfo proxyInfo) {
1530 if (mService != null) {
1531 try {
1532 mService.setRecommendedGlobalProxy(admin, proxyInfo);
1533 } catch (RemoteException e) {
1534 Log.w(TAG, "Failed talking with device policy service", e);
1535 }
1536 }
1537 }
1538
1539 /**
Oscar Montemayor69238c62010-08-03 10:51:06 -07001540 * Returns the component name setting the global proxy.
1541 * @return ComponentName object of the device admin that set the global proxy, or
1542 * null if no admin has set the proxy.
Andy Stadlerd2672722011-02-16 10:53:33 -08001543 * @hide
Oscar Montemayor69238c62010-08-03 10:51:06 -07001544 */
1545 public ComponentName getGlobalProxyAdmin() {
1546 if (mService != null) {
1547 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -07001548 return mService.getGlobalProxyAdmin(UserHandle.myUserId());
Oscar Montemayor69238c62010-08-03 10:51:06 -07001549 } catch (RemoteException e) {
1550 Log.w(TAG, "Failed talking with device policy service", e);
1551 }
1552 }
1553 return null;
1554 }
1555
1556 /**
Andy Stadler22dbfda2011-01-17 12:47:31 -08001557 * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}:
Andy Stadler7b0f8f02011-01-12 14:59:52 -08001558 * indicating that encryption is not supported.
1559 */
1560 public static final int ENCRYPTION_STATUS_UNSUPPORTED = 0;
1561
1562 /**
Andy Stadler22dbfda2011-01-17 12:47:31 -08001563 * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}:
Andy Stadler7b0f8f02011-01-12 14:59:52 -08001564 * indicating that encryption is supported, but is not currently active.
1565 */
1566 public static final int ENCRYPTION_STATUS_INACTIVE = 1;
1567
1568 /**
Andy Stadler22dbfda2011-01-17 12:47:31 -08001569 * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}:
Andy Stadler7b0f8f02011-01-12 14:59:52 -08001570 * indicating that encryption is not currently active, but is currently
1571 * being activated. This is only reported by devices that support
1572 * encryption of data and only when the storage is currently
1573 * undergoing a process of becoming encrypted. A device that must reboot and/or wipe data
1574 * to become encrypted will never return this value.
1575 */
Andy Stadler22dbfda2011-01-17 12:47:31 -08001576 public static final int ENCRYPTION_STATUS_ACTIVATING = 2;
Andy Stadler7b0f8f02011-01-12 14:59:52 -08001577
1578 /**
Andy Stadler22dbfda2011-01-17 12:47:31 -08001579 * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}:
Andy Stadler7b0f8f02011-01-12 14:59:52 -08001580 * indicating that encryption is active.
1581 */
Andy Stadler22dbfda2011-01-17 12:47:31 -08001582 public static final int ENCRYPTION_STATUS_ACTIVE = 3;
Andy Stadler7b0f8f02011-01-12 14:59:52 -08001583
1584 /**
1585 * Activity action: begin the process of encrypting data on the device. This activity should
1586 * be launched after using {@link #setStorageEncryption} to request encryption be activated.
1587 * After resuming from this activity, use {@link #getStorageEncryption}
1588 * to check encryption status. However, on some devices this activity may never return, as
1589 * it may trigger a reboot and in some cases a complete data wipe of the device.
1590 */
1591 @SdkConstant(SdkConstantType.ACTIVITY_INTENT_ACTION)
1592 public static final String ACTION_START_ENCRYPTION
1593 = "android.app.action.START_ENCRYPTION";
1594
1595 /**
Jim Millerb8ec4702012-08-31 17:19:10 -07001596 * Widgets are enabled in keyguard
1597 */
Jim Miller48b9b0d2012-09-19 23:16:50 -07001598 public static final int KEYGUARD_DISABLE_FEATURES_NONE = 0;
Jim Millerb8ec4702012-08-31 17:19:10 -07001599
1600 /**
Jim Miller50e62182014-04-23 17:25:00 -07001601 * Disable all keyguard widgets. Has no effect.
Jim Millerb8ec4702012-08-31 17:19:10 -07001602 */
Jim Miller48b9b0d2012-09-19 23:16:50 -07001603 public static final int KEYGUARD_DISABLE_WIDGETS_ALL = 1 << 0;
1604
1605 /**
1606 * Disable the camera on secure keyguard screens (e.g. PIN/Pattern/Password)
1607 */
1608 public static final int KEYGUARD_DISABLE_SECURE_CAMERA = 1 << 1;
1609
1610 /**
Jim Miller50e62182014-04-23 17:25:00 -07001611 * Disable showing all notifications on secure keyguard screens (e.g. PIN/Pattern/Password)
1612 */
1613 public static final int KEYGUARD_DISABLE_SECURE_NOTIFICATIONS = 1 << 2;
1614
1615 /**
1616 * Only allow redacted notifications on secure keyguard screens (e.g. PIN/Pattern/Password)
1617 */
1618 public static final int KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS = 1 << 3;
1619
1620 /**
Adrian Roosa06d5ca2014-07-28 15:14:21 +02001621 * Ignore trust agent state on secure keyguard screens
Jim Miller50e62182014-04-23 17:25:00 -07001622 * (e.g. PIN/Pattern/Password).
1623 */
1624 public static final int KEYGUARD_DISABLE_TRUST_AGENTS = 1 << 4;
1625
1626 /**
Jim Miller06e34502014-07-17 14:46:05 -07001627 * Disable fingerprint sensor on keyguard secure screens (e.g. PIN/Pattern/Password).
1628 */
1629 public static final int KEYGUARD_DISABLE_FINGERPRINT = 1 << 5;
1630
1631 /**
Jim Miller35207742012-11-02 15:33:20 -07001632 * Disable all current and future keyguard customizations.
Jim Miller48b9b0d2012-09-19 23:16:50 -07001633 */
1634 public static final int KEYGUARD_DISABLE_FEATURES_ALL = 0x7fffffff;
Jim Millerb8ec4702012-08-31 17:19:10 -07001635
1636 /**
Andy Stadler7b0f8f02011-01-12 14:59:52 -08001637 * Called by an application that is administering the device to
Andy Stadler22dbfda2011-01-17 12:47:31 -08001638 * request that the storage system be encrypted.
Andy Stadler7b0f8f02011-01-12 14:59:52 -08001639 *
1640 * <p>When multiple device administrators attempt to control device
1641 * encryption, the most secure, supported setting will always be
1642 * used. If any device administrator requests device encryption,
1643 * it will be enabled; Conversely, if a device administrator
1644 * attempts to disable device encryption while another
1645 * device administrator has enabled it, the call to disable will
1646 * fail (most commonly returning {@link #ENCRYPTION_STATUS_ACTIVE}).
1647 *
1648 * <p>This policy controls encryption of the secure (application data) storage area. Data
Andy Stadler50c294f2011-03-07 19:13:42 -08001649 * written to other storage areas may or may not be encrypted, and this policy does not require
1650 * or control the encryption of any other storage areas.
1651 * There is one exception: If {@link android.os.Environment#isExternalStorageEmulated()} is
1652 * {@code true}, then the directory returned by
1653 * {@link android.os.Environment#getExternalStorageDirectory()} must be written to disk
1654 * within the encrypted storage area.
Andy Stadler7b0f8f02011-01-12 14:59:52 -08001655 *
1656 * <p>Important Note: On some devices, it is possible to encrypt storage without requiring
1657 * the user to create a device PIN or Password. In this case, the storage is encrypted, but
1658 * the encryption key may not be fully secured. For maximum security, the administrator should
1659 * also require (and check for) a pattern, PIN, or password.
1660 *
1661 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
1662 * @param encrypt true to request encryption, false to release any previous request
Andy Stadler22dbfda2011-01-17 12:47:31 -08001663 * @return the new request status (for all active admins) - will be one of
1664 * {@link #ENCRYPTION_STATUS_UNSUPPORTED}, {@link #ENCRYPTION_STATUS_INACTIVE}, or
1665 * {@link #ENCRYPTION_STATUS_ACTIVE}. This is the value of the requests; Use
1666 * {@link #getStorageEncryptionStatus()} to query the actual device state.
Andy Stadler7b0f8f02011-01-12 14:59:52 -08001667 */
1668 public int setStorageEncryption(ComponentName admin, boolean encrypt) {
1669 if (mService != null) {
1670 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -07001671 return mService.setStorageEncryption(admin, encrypt, UserHandle.myUserId());
Andy Stadler7b0f8f02011-01-12 14:59:52 -08001672 } catch (RemoteException e) {
1673 Log.w(TAG, "Failed talking with device policy service", e);
1674 }
1675 }
1676 return ENCRYPTION_STATUS_UNSUPPORTED;
1677 }
1678
1679 /**
1680 * Called by an application that is administering the device to
Andy Stadler22dbfda2011-01-17 12:47:31 -08001681 * determine the requested setting for secure storage.
Andy Stadler7b0f8f02011-01-12 14:59:52 -08001682 *
Andy Stadler22dbfda2011-01-17 12:47:31 -08001683 * @param admin Which {@link DeviceAdminReceiver} this request is associated with. If null,
1684 * this will return the requested encryption setting as an aggregate of all active
1685 * administrators.
1686 * @return true if the admin(s) are requesting encryption, false if not.
Andy Stadler7b0f8f02011-01-12 14:59:52 -08001687 */
Andy Stadler22dbfda2011-01-17 12:47:31 -08001688 public boolean getStorageEncryption(ComponentName admin) {
Andy Stadler7b0f8f02011-01-12 14:59:52 -08001689 if (mService != null) {
1690 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -07001691 return mService.getStorageEncryption(admin, UserHandle.myUserId());
Andy Stadler7b0f8f02011-01-12 14:59:52 -08001692 } catch (RemoteException e) {
1693 Log.w(TAG, "Failed talking with device policy service", e);
1694 }
1695 }
Andy Stadler22dbfda2011-01-17 12:47:31 -08001696 return false;
1697 }
1698
1699 /**
1700 * Called by an application that is administering the device to
1701 * determine the current encryption status of the device.
1702 *
1703 * Depending on the returned status code, the caller may proceed in different
1704 * ways. If the result is {@link #ENCRYPTION_STATUS_UNSUPPORTED}, the
1705 * storage system does not support encryption. If the
1706 * result is {@link #ENCRYPTION_STATUS_INACTIVE}, use {@link
1707 * #ACTION_START_ENCRYPTION} to begin the process of encrypting or decrypting the
1708 * storage. If the result is {@link #ENCRYPTION_STATUS_ACTIVATING} or
1709 * {@link #ENCRYPTION_STATUS_ACTIVE}, no further action is required.
1710 *
1711 * @return current status of encryption. The value will be one of
1712 * {@link #ENCRYPTION_STATUS_UNSUPPORTED}, {@link #ENCRYPTION_STATUS_INACTIVE},
1713 * {@link #ENCRYPTION_STATUS_ACTIVATING}, or{@link #ENCRYPTION_STATUS_ACTIVE}.
1714 */
1715 public int getStorageEncryptionStatus() {
Amith Yamasani599dd7c2012-09-14 23:20:08 -07001716 return getStorageEncryptionStatus(UserHandle.myUserId());
1717 }
1718
1719 /** @hide per-user version */
1720 public int getStorageEncryptionStatus(int userHandle) {
Andy Stadler22dbfda2011-01-17 12:47:31 -08001721 if (mService != null) {
1722 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -07001723 return mService.getStorageEncryptionStatus(userHandle);
Andy Stadler22dbfda2011-01-17 12:47:31 -08001724 } catch (RemoteException e) {
1725 Log.w(TAG, "Failed talking with device policy service", e);
1726 }
1727 }
Andy Stadler7b0f8f02011-01-12 14:59:52 -08001728 return ENCRYPTION_STATUS_UNSUPPORTED;
1729 }
1730
1731 /**
Maggie Benthallda51e682013-08-08 22:35:44 -04001732 * Installs the given certificate as a User CA.
1733 *
1734 * @return false if the certBuffer cannot be parsed or installation is
1735 * interrupted, otherwise true
Maggie Benthallda51e682013-08-08 22:35:44 -04001736 */
Robin Lee306fe082014-06-19 14:04:24 +00001737 public boolean installCaCert(ComponentName who, byte[] certBuffer) {
Maggie Benthallda51e682013-08-08 22:35:44 -04001738 if (mService != null) {
1739 try {
Robin Lee306fe082014-06-19 14:04:24 +00001740 return mService.installCaCert(who, certBuffer);
Maggie Benthallda51e682013-08-08 22:35:44 -04001741 } catch (RemoteException e) {
1742 Log.w(TAG, "Failed talking with device policy service", e);
1743 }
1744 }
1745 return false;
1746 }
1747
1748 /**
1749 * Uninstalls the given certificate from the list of User CAs, if present.
Maggie Benthallda51e682013-08-08 22:35:44 -04001750 */
Robin Lee306fe082014-06-19 14:04:24 +00001751 public void uninstallCaCert(ComponentName who, byte[] certBuffer) {
Maggie Benthallda51e682013-08-08 22:35:44 -04001752 if (mService != null) {
1753 try {
Robin Lee306fe082014-06-19 14:04:24 +00001754 final String alias = getCaCertAlias(certBuffer);
1755 mService.uninstallCaCert(who, alias);
1756 } catch (CertificateException e) {
1757 Log.w(TAG, "Unable to parse certificate", e);
Maggie Benthallda51e682013-08-08 22:35:44 -04001758 } catch (RemoteException e) {
1759 Log.w(TAG, "Failed talking with device policy service", e);
1760 }
1761 }
1762 }
1763
1764 /**
1765 * Returns whether there are any user-installed CA certificates.
Maggie Benthallda51e682013-08-08 22:35:44 -04001766 */
Robin Lee306fe082014-06-19 14:04:24 +00001767 public boolean hasAnyCaCertsInstalled() {
Maggie Benthallda51e682013-08-08 22:35:44 -04001768 TrustedCertificateStore certStore = new TrustedCertificateStore();
1769 Set<String> aliases = certStore.userAliases();
1770 return aliases != null && !aliases.isEmpty();
1771 }
1772
1773 /**
1774 * Returns whether this certificate has been installed as a User CA.
Maggie Benthallda51e682013-08-08 22:35:44 -04001775 */
1776 public boolean hasCaCertInstalled(byte[] certBuffer) {
Maggie Benthallda51e682013-08-08 22:35:44 -04001777 try {
Robin Lee306fe082014-06-19 14:04:24 +00001778 return getCaCertAlias(certBuffer) != null;
Maggie Benthallda51e682013-08-08 22:35:44 -04001779 } catch (CertificateException ce) {
1780 Log.w(TAG, "Could not parse certificate", ce);
1781 }
1782 return false;
1783 }
1784
1785 /**
Robin Lee306fe082014-06-19 14:04:24 +00001786 * Returns the alias of a given CA certificate in the certificate store, or null if it
1787 * doesn't exist.
1788 */
1789 private static String getCaCertAlias(byte[] certBuffer) throws CertificateException {
1790 final CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
1791 final X509Certificate cert = (X509Certificate) certFactory.generateCertificate(
1792 new ByteArrayInputStream(certBuffer));
1793 return new TrustedCertificateStore().getCertificateAlias(cert);
1794 }
1795
1796 /**
Ben Komalo2447edd2011-05-09 16:05:33 -07001797 * Called by an application that is administering the device to disable all cameras
1798 * on the device. After setting this, no applications will be able to access any cameras
1799 * on the device.
1800 *
1801 * <p>The calling device admin must have requested
1802 * {@link DeviceAdminInfo#USES_POLICY_DISABLE_CAMERA} to be able to call
1803 * this method; if it has not, a security exception will be thrown.
1804 *
1805 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
1806 * @param disabled Whether or not the camera should be disabled.
1807 */
1808 public void setCameraDisabled(ComponentName admin, boolean disabled) {
1809 if (mService != null) {
1810 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -07001811 mService.setCameraDisabled(admin, disabled, UserHandle.myUserId());
Ben Komalo2447edd2011-05-09 16:05:33 -07001812 } catch (RemoteException e) {
1813 Log.w(TAG, "Failed talking with device policy service", e);
1814 }
1815 }
1816 }
1817
1818 /**
1819 * Determine whether or not the device's cameras have been disabled either by the current
1820 * admin, if specified, or all admins.
1821 * @param admin The name of the admin component to check, or null to check if any admins
1822 * have disabled the camera
1823 */
1824 public boolean getCameraDisabled(ComponentName admin) {
Amith Yamasani599dd7c2012-09-14 23:20:08 -07001825 return getCameraDisabled(admin, UserHandle.myUserId());
1826 }
1827
1828 /** @hide per-user version */
1829 public boolean getCameraDisabled(ComponentName admin, int userHandle) {
Ben Komalo2447edd2011-05-09 16:05:33 -07001830 if (mService != null) {
1831 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -07001832 return mService.getCameraDisabled(admin, userHandle);
Ben Komalo2447edd2011-05-09 16:05:33 -07001833 } catch (RemoteException e) {
1834 Log.w(TAG, "Failed talking with device policy service", e);
1835 }
1836 }
1837 return false;
1838 }
1839
1840 /**
Sander Alewijnsed2a1eec2014-07-09 12:57:05 +01001841 * Called by a device/profile owner to set whether the screen capture is disabled.
1842 *
1843 * <p>The calling device admin must be a device or profile owner. If it is not, a
1844 * security exception will be thrown.
1845 *
1846 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
1847 */
1848 public void setScreenCaptureDisabled(ComponentName admin, boolean disabled) {
1849 if (mService != null) {
1850 try {
1851 mService.setScreenCaptureDisabled(admin, UserHandle.myUserId(), disabled);
1852 } catch (RemoteException e) {
1853 Log.w(TAG, "Failed talking with device policy service", e);
1854 }
1855 }
1856 }
1857
1858 /**
1859 * Determine whether or not screen capture has been disabled by the current
1860 * admin, if specified, or all admins.
1861 * @param admin The name of the admin component to check, or null to check if any admins
1862 * have disabled screen capture.
1863 */
1864 public boolean getScreenCaptureDisabled(ComponentName admin) {
1865 return getScreenCaptureDisabled(admin, UserHandle.myUserId());
1866 }
1867
1868 /** @hide per-user version */
1869 public boolean getScreenCaptureDisabled(ComponentName admin, int userHandle) {
1870 if (mService != null) {
1871 try {
1872 return mService.getScreenCaptureDisabled(admin, userHandle);
1873 } catch (RemoteException e) {
1874 Log.w(TAG, "Failed talking with device policy service", e);
1875 }
1876 }
1877 return false;
1878 }
1879
1880 /**
Jim Miller48b9b0d2012-09-19 23:16:50 -07001881 * Called by an application that is administering the device to disable keyguard customizations,
1882 * such as widgets. After setting this, keyguard features will be disabled according to the
1883 * provided feature list.
Jim Millerb8ec4702012-08-31 17:19:10 -07001884 *
1885 * <p>The calling device admin must have requested
Jim Miller48b9b0d2012-09-19 23:16:50 -07001886 * {@link DeviceAdminInfo#USES_POLICY_DISABLE_KEYGUARD_FEATURES} to be able to call
Jim Millerb8ec4702012-08-31 17:19:10 -07001887 * this method; if it has not, a security exception will be thrown.
1888 *
1889 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
Jim Miller35207742012-11-02 15:33:20 -07001890 * @param which {@link #KEYGUARD_DISABLE_FEATURES_NONE} (default),
1891 * {@link #KEYGUARD_DISABLE_WIDGETS_ALL}, {@link #KEYGUARD_DISABLE_SECURE_CAMERA},
Jim Miller50e62182014-04-23 17:25:00 -07001892 * {@link #KEYGUARD_DISABLE_SECURE_NOTIFICATIONS}, {@link #KEYGUARD_DISABLE_TRUST_AGENTS},
1893 * {@link #KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS}, {@link #KEYGUARD_DISABLE_FEATURES_ALL}
Jim Millerb8ec4702012-08-31 17:19:10 -07001894 */
Jim Miller48b9b0d2012-09-19 23:16:50 -07001895 public void setKeyguardDisabledFeatures(ComponentName admin, int which) {
Jim Millerb8ec4702012-08-31 17:19:10 -07001896 if (mService != null) {
1897 try {
Jim Miller48b9b0d2012-09-19 23:16:50 -07001898 mService.setKeyguardDisabledFeatures(admin, which, UserHandle.myUserId());
Jim Millerb8ec4702012-08-31 17:19:10 -07001899 } catch (RemoteException e) {
1900 Log.w(TAG, "Failed talking with device policy service", e);
1901 }
1902 }
1903 }
1904
1905 /**
Jim Miller48b9b0d2012-09-19 23:16:50 -07001906 * Determine whether or not features have been disabled in keyguard either by the current
Jim Millerb8ec4702012-08-31 17:19:10 -07001907 * admin, if specified, or all admins.
1908 * @param admin The name of the admin component to check, or null to check if any admins
Jim Miller48b9b0d2012-09-19 23:16:50 -07001909 * have disabled features in keyguard.
Jim Miller35207742012-11-02 15:33:20 -07001910 * @return bitfield of flags. See {@link #setKeyguardDisabledFeatures(ComponentName, int)}
1911 * for a list.
Jim Millerb8ec4702012-08-31 17:19:10 -07001912 */
Jim Miller48b9b0d2012-09-19 23:16:50 -07001913 public int getKeyguardDisabledFeatures(ComponentName admin) {
1914 return getKeyguardDisabledFeatures(admin, UserHandle.myUserId());
Amith Yamasani599dd7c2012-09-14 23:20:08 -07001915 }
1916
1917 /** @hide per-user version */
Jim Miller48b9b0d2012-09-19 23:16:50 -07001918 public int getKeyguardDisabledFeatures(ComponentName admin, int userHandle) {
Jim Millerb8ec4702012-08-31 17:19:10 -07001919 if (mService != null) {
1920 try {
Jim Miller48b9b0d2012-09-19 23:16:50 -07001921 return mService.getKeyguardDisabledFeatures(admin, userHandle);
Jim Millerb8ec4702012-08-31 17:19:10 -07001922 } catch (RemoteException e) {
1923 Log.w(TAG, "Failed talking with device policy service", e);
1924 }
1925 }
Jim Miller48b9b0d2012-09-19 23:16:50 -07001926 return KEYGUARD_DISABLE_FEATURES_NONE;
Jim Millerb8ec4702012-08-31 17:19:10 -07001927 }
1928
1929 /**
Dianne Hackbornd6847842010-01-12 18:14:19 -08001930 * @hide
1931 */
Jessica Hummel6d36b602014-04-04 12:42:17 +01001932 public void setActiveAdmin(ComponentName policyReceiver, boolean refreshing, int userHandle) {
Dianne Hackbornd6847842010-01-12 18:14:19 -08001933 if (mService != null) {
1934 try {
Jessica Hummel6d36b602014-04-04 12:42:17 +01001935 mService.setActiveAdmin(policyReceiver, refreshing, userHandle);
Dianne Hackbornd6847842010-01-12 18:14:19 -08001936 } catch (RemoteException e) {
1937 Log.w(TAG, "Failed talking with device policy service", e);
1938 }
1939 }
1940 }
Konstantin Lopyrev32558232010-05-20 16:18:05 -07001941
Dianne Hackbornd6847842010-01-12 18:14:19 -08001942 /**
Jessica Hummel6d36b602014-04-04 12:42:17 +01001943 * @hide
1944 */
1945 public void setActiveAdmin(ComponentName policyReceiver, boolean refreshing) {
1946 setActiveAdmin(policyReceiver, refreshing, UserHandle.myUserId());
1947 }
1948
1949 /**
Andy Stadlerc25f70a2010-12-08 15:56:45 -08001950 * Returns the DeviceAdminInfo as defined by the administrator's package info & meta-data
Dianne Hackbornd6847842010-01-12 18:14:19 -08001951 * @hide
1952 */
Dianne Hackbornd47c6ed2010-01-27 16:21:20 -08001953 public DeviceAdminInfo getAdminInfo(ComponentName cn) {
Dianne Hackbornd6847842010-01-12 18:14:19 -08001954 ActivityInfo ai;
1955 try {
1956 ai = mContext.getPackageManager().getReceiverInfo(cn,
1957 PackageManager.GET_META_DATA);
1958 } catch (PackageManager.NameNotFoundException e) {
1959 Log.w(TAG, "Unable to retrieve device policy " + cn, e);
1960 return null;
1961 }
Konstantin Lopyrev32558232010-05-20 16:18:05 -07001962
Dianne Hackbornd6847842010-01-12 18:14:19 -08001963 ResolveInfo ri = new ResolveInfo();
1964 ri.activityInfo = ai;
Konstantin Lopyrev32558232010-05-20 16:18:05 -07001965
Dianne Hackbornd6847842010-01-12 18:14:19 -08001966 try {
1967 return new DeviceAdminInfo(mContext, ri);
1968 } catch (XmlPullParserException e) {
1969 Log.w(TAG, "Unable to parse device policy " + cn, e);
1970 return null;
1971 } catch (IOException e) {
1972 Log.w(TAG, "Unable to parse device policy " + cn, e);
1973 return null;
1974 }
1975 }
Konstantin Lopyrev32558232010-05-20 16:18:05 -07001976
Dianne Hackbornd6847842010-01-12 18:14:19 -08001977 /**
1978 * @hide
1979 */
Dianne Hackborn8ea138c2010-01-26 18:01:04 -08001980 public void getRemoveWarning(ComponentName admin, RemoteCallback result) {
1981 if (mService != null) {
1982 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -07001983 mService.getRemoveWarning(admin, result, UserHandle.myUserId());
Dianne Hackborn8ea138c2010-01-26 18:01:04 -08001984 } catch (RemoteException e) {
1985 Log.w(TAG, "Failed talking with device policy service", e);
1986 }
1987 }
1988 }
1989
1990 /**
1991 * @hide
1992 */
Konstantin Lopyreva15dcfa2010-05-24 17:10:56 -07001993 public void setActivePasswordState(int quality, int length, int letters, int uppercase,
Amith Yamasani599dd7c2012-09-14 23:20:08 -07001994 int lowercase, int numbers, int symbols, int nonletter, int userHandle) {
Dianne Hackbornd6847842010-01-12 18:14:19 -08001995 if (mService != null) {
1996 try {
Konstantin Lopyreva15dcfa2010-05-24 17:10:56 -07001997 mService.setActivePasswordState(quality, length, letters, uppercase, lowercase,
Amith Yamasani599dd7c2012-09-14 23:20:08 -07001998 numbers, symbols, nonletter, userHandle);
Dianne Hackbornd6847842010-01-12 18:14:19 -08001999 } catch (RemoteException e) {
2000 Log.w(TAG, "Failed talking with device policy service", e);
2001 }
2002 }
2003 }
Konstantin Lopyrev32558232010-05-20 16:18:05 -07002004
Dianne Hackbornd6847842010-01-12 18:14:19 -08002005 /**
2006 * @hide
2007 */
Amith Yamasani599dd7c2012-09-14 23:20:08 -07002008 public void reportFailedPasswordAttempt(int userHandle) {
Dianne Hackbornd6847842010-01-12 18:14:19 -08002009 if (mService != null) {
2010 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -07002011 mService.reportFailedPasswordAttempt(userHandle);
Dianne Hackbornd6847842010-01-12 18:14:19 -08002012 } catch (RemoteException e) {
2013 Log.w(TAG, "Failed talking with device policy service", e);
2014 }
2015 }
2016 }
Konstantin Lopyrev32558232010-05-20 16:18:05 -07002017
Dianne Hackbornd6847842010-01-12 18:14:19 -08002018 /**
2019 * @hide
2020 */
Amith Yamasani599dd7c2012-09-14 23:20:08 -07002021 public void reportSuccessfulPasswordAttempt(int userHandle) {
Dianne Hackbornd6847842010-01-12 18:14:19 -08002022 if (mService != null) {
2023 try {
Amith Yamasani599dd7c2012-09-14 23:20:08 -07002024 mService.reportSuccessfulPasswordAttempt(userHandle);
Dianne Hackbornd6847842010-01-12 18:14:19 -08002025 } catch (RemoteException e) {
2026 Log.w(TAG, "Failed talking with device policy service", e);
2027 }
2028 }
2029 }
Amith Yamasani71e6c692013-03-24 17:39:28 -07002030
2031 /**
2032 * @hide
2033 * Sets the given package as the device owner. The package must already be installed and there
2034 * shouldn't be an existing device owner registered, for this call to succeed. Also, this
2035 * method must be called before the device is provisioned.
2036 * @param packageName the package name of the application to be registered as the device owner.
2037 * @return whether the package was successfully registered as the device owner.
2038 * @throws IllegalArgumentException if the package name is null or invalid
2039 * @throws IllegalStateException if a device owner is already registered or the device has
2040 * already been provisioned.
2041 */
2042 public boolean setDeviceOwner(String packageName) throws IllegalArgumentException,
2043 IllegalStateException {
Geoffrey Borggaard334c7e32013-08-08 14:31:36 -04002044 return setDeviceOwner(packageName, null);
2045 }
2046
2047 /**
2048 * @hide
2049 * Sets the given package as the device owner. The package must already be installed and there
2050 * shouldn't be an existing device owner registered, for this call to succeed. Also, this
2051 * method must be called before the device is provisioned.
2052 * @param packageName the package name of the application to be registered as the device owner.
2053 * @param ownerName the human readable name of the institution that owns this device.
2054 * @return whether the package was successfully registered as the device owner.
2055 * @throws IllegalArgumentException if the package name is null or invalid
2056 * @throws IllegalStateException if a device owner is already registered or the device has
2057 * already been provisioned.
2058 */
2059 public boolean setDeviceOwner(String packageName, String ownerName)
2060 throws IllegalArgumentException, IllegalStateException {
Amith Yamasani71e6c692013-03-24 17:39:28 -07002061 if (mService != null) {
2062 try {
Geoffrey Borggaard334c7e32013-08-08 14:31:36 -04002063 return mService.setDeviceOwner(packageName, ownerName);
Amith Yamasani71e6c692013-03-24 17:39:28 -07002064 } catch (RemoteException re) {
2065 Log.w(TAG, "Failed to set device owner");
2066 }
2067 }
2068 return false;
2069 }
2070
2071 /**
Amith Yamasani3b458ad2013-04-18 18:40:07 -07002072 * Used to determine if a particular package has been registered as a Device Owner app.
2073 * A device owner app is a special device admin that cannot be deactivated by the user, once
2074 * activated as a device admin. It also cannot be uninstalled. To check if a particular
2075 * package is currently registered as the device owner app, pass in the package name from
2076 * {@link Context#getPackageName()} to this method.<p/>This is useful for device
2077 * admin apps that want to check if they are also registered as the device owner app. The
2078 * exact mechanism by which a device admin app is registered as a device owner app is defined by
2079 * the setup process.
2080 * @param packageName the package name of the app, to compare with the registered device owner
2081 * app, if any.
2082 * @return whether or not the package is registered as the device owner app.
Amith Yamasani71e6c692013-03-24 17:39:28 -07002083 */
Amith Yamasani3b458ad2013-04-18 18:40:07 -07002084 public boolean isDeviceOwnerApp(String packageName) {
Amith Yamasani71e6c692013-03-24 17:39:28 -07002085 if (mService != null) {
2086 try {
2087 return mService.isDeviceOwner(packageName);
2088 } catch (RemoteException re) {
2089 Log.w(TAG, "Failed to check device owner");
2090 }
2091 }
2092 return false;
2093 }
2094
Amith Yamasani3b458ad2013-04-18 18:40:07 -07002095 /**
2096 * @hide
2097 * Redirect to isDeviceOwnerApp.
2098 */
2099 public boolean isDeviceOwner(String packageName) {
2100 return isDeviceOwnerApp(packageName);
2101 }
2102
Jason Monkb0dced82014-06-06 14:36:20 -04002103 /**
2104 * Clears the current device owner. The caller must be the device owner.
2105 *
2106 * This function should be used cautiously as once it is called it cannot
2107 * be undone. The device owner can only be set as a part of device setup
2108 * before setup completes.
Jason Monk94d2cf92014-06-18 09:53:34 -04002109 *
2110 * @param packageName The package name of the device owner.
Jason Monkb0dced82014-06-06 14:36:20 -04002111 */
Jason Monk94d2cf92014-06-18 09:53:34 -04002112 public void clearDeviceOwnerApp(String packageName) {
Jason Monkb0dced82014-06-06 14:36:20 -04002113 if (mService != null) {
2114 try {
Jason Monk94d2cf92014-06-18 09:53:34 -04002115 mService.clearDeviceOwner(packageName);
Jason Monkb0dced82014-06-06 14:36:20 -04002116 } catch (RemoteException re) {
2117 Log.w(TAG, "Failed to clear device owner");
2118 }
2119 }
2120 }
2121
Amith Yamasani71e6c692013-03-24 17:39:28 -07002122 /** @hide */
2123 public String getDeviceOwner() {
2124 if (mService != null) {
2125 try {
2126 return mService.getDeviceOwner();
2127 } catch (RemoteException re) {
2128 Log.w(TAG, "Failed to get device owner");
2129 }
2130 }
2131 return null;
2132 }
Geoffrey Borggaard334c7e32013-08-08 14:31:36 -04002133
2134 /** @hide */
2135 public String getDeviceOwnerName() {
2136 if (mService != null) {
2137 try {
2138 return mService.getDeviceOwnerName();
2139 } catch (RemoteException re) {
2140 Log.w(TAG, "Failed to get device owner");
2141 }
2142 }
2143 return null;
2144 }
Adam Connors776c5552014-01-09 10:42:56 +00002145
2146 /**
2147 * @hide
Amith Yamasanibf3a9462014-07-28 14:26:42 -07002148 * @deprecated Use #ACTION_SET_PROFILE_OWNER
Amith Yamasaniaba4f1b2014-07-01 15:36:12 +05302149 * Sets the given component as an active admin and registers the package as the profile
2150 * owner for this user. The package must already be installed and there shouldn't be
2151 * an existing profile owner registered for this user. Also, this method must be called
2152 * before the user setup has been completed.
2153 * <p>
2154 * This method can only be called by system apps that hold MANAGE_USERS permission and
2155 * MANAGE_DEVICE_ADMINS permission.
2156 * @param admin The component to register as an active admin and profile owner.
2157 * @param ownerName The user-visible name of the entity that is managing this user.
2158 * @return whether the admin was successfully registered as the profile owner.
2159 * @throws IllegalArgumentException if packageName is null, the package isn't installed, or
2160 * the user has already been set up.
2161 */
Justin Morey80440cc2014-07-24 09:16:35 -05002162 @SystemApi
Amith Yamasaniaba4f1b2014-07-01 15:36:12 +05302163 public boolean setActiveProfileOwner(ComponentName admin, String ownerName)
2164 throws IllegalArgumentException {
2165 if (mService != null) {
2166 try {
2167 final int myUserId = UserHandle.myUserId();
2168 mService.setActiveAdmin(admin, false, myUserId);
Amith Yamasanibf3a9462014-07-28 14:26:42 -07002169 return mService.setProfileOwner(admin, ownerName, myUserId);
Amith Yamasaniaba4f1b2014-07-01 15:36:12 +05302170 } catch (RemoteException re) {
2171 Log.w(TAG, "Failed to set profile owner " + re);
2172 throw new IllegalArgumentException("Couldn't set profile owner.", re);
2173 }
2174 }
2175 return false;
2176 }
2177
2178 /**
2179 * @hide
Amith Yamasanibf3a9462014-07-28 14:26:42 -07002180 * Clears the active profile owner and removes all user restrictions. The caller must
2181 * be from the same package as the active profile owner for this user, otherwise a
2182 * SecurityException will be thrown.
2183 *
2184 * @param admin The component to remove as the profile owner.
2185 * @return
2186 */
2187 @SystemApi
2188 public void clearProfileOwner(ComponentName admin) {
2189 if (mService != null) {
2190 try {
2191 mService.clearProfileOwner(admin);
2192 } catch (RemoteException re) {
2193 Log.w(TAG, "Failed to clear profile owner " + admin + re);
2194 }
2195 }
2196 }
2197
2198 /**
2199 * @hide
2200 * Checks if the user was already setup.
2201 */
2202 public boolean hasUserSetupCompleted() {
2203 if (mService != null) {
2204 try {
2205 return mService.hasUserSetupCompleted();
2206 } catch (RemoteException re) {
2207 Log.w(TAG, "Failed to check if user setup has completed");
2208 }
2209 }
2210 return true;
2211 }
2212
2213 /**
2214 * @deprecated Use setProfileOwner(ComponentName ...)
2215 * @hide
Adam Connors776c5552014-01-09 10:42:56 +00002216 * Sets the given package as the profile owner of the given user profile. The package must
2217 * already be installed and there shouldn't be an existing profile owner registered for this
2218 * user. Also, this method must be called before the user has been used for the first time.
2219 * @param packageName the package name of the application to be registered as profile owner.
2220 * @param ownerName the human readable name of the organisation associated with this DPM.
Adam Connors661ec472014-02-11 13:59:46 +00002221 * @param userHandle the userId to set the profile owner for.
Adam Connors776c5552014-01-09 10:42:56 +00002222 * @return whether the package was successfully registered as the profile owner.
2223 * @throws IllegalArgumentException if packageName is null, the package isn't installed, or
2224 * the user has already been set up.
2225 */
Adam Connors661ec472014-02-11 13:59:46 +00002226 public boolean setProfileOwner(String packageName, String ownerName, int userHandle)
Adam Connors776c5552014-01-09 10:42:56 +00002227 throws IllegalArgumentException {
Amith Yamasanibf3a9462014-07-28 14:26:42 -07002228 if (packageName == null) {
2229 throw new NullPointerException("packageName cannot be null");
2230 }
2231 return setProfileOwner(new ComponentName(packageName, ""), ownerName, userHandle);
2232 }
2233
2234 /**
2235 * @hide
2236 * Sets the given component as the profile owner of the given user profile. The package must
2237 * already be installed and there shouldn't be an existing profile owner registered for this
2238 * user. Only the system can call this API if the user has already completed setup.
2239 * @param admin the component name to be registered as profile owner.
2240 * @param ownerName the human readable name of the organisation associated with this DPM.
2241 * @param userHandle the userId to set the profile owner for.
2242 * @return whether the component was successfully registered as the profile owner.
2243 * @throws IllegalArgumentException if admin is null, the package isn't installed, or
2244 * the user has already been set up.
2245 */
2246 public boolean setProfileOwner(ComponentName admin, String ownerName, int userHandle)
2247 throws IllegalArgumentException {
2248 if (admin == null) {
2249 throw new NullPointerException("admin cannot be null");
2250 }
Adam Connors776c5552014-01-09 10:42:56 +00002251 if (mService != null) {
2252 try {
Amith Yamasanibf3a9462014-07-28 14:26:42 -07002253 if (ownerName == null) {
2254 ownerName = "";
2255 }
2256 return mService.setProfileOwner(admin, ownerName, userHandle);
Adam Connors776c5552014-01-09 10:42:56 +00002257 } catch (RemoteException re) {
2258 Log.w(TAG, "Failed to set profile owner", re);
2259 throw new IllegalArgumentException("Couldn't set profile owner.", re);
2260 }
2261 }
2262 return false;
2263 }
2264
2265 /**
Alexandra Gherghina512675b2014-04-02 11:23:54 +01002266 * Sets the enabled state of the profile. A profile should be enabled only once it is ready to
2267 * be used. Only the profile owner can call this.
2268 *
Alexandra Gherghinadf35d572014-04-09 13:54:39 +01002269 * @see #isProfileOwnerApp
Alexandra Gherghina512675b2014-04-02 11:23:54 +01002270 *
2271 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
2272 */
2273 public void setProfileEnabled(ComponentName admin) {
2274 if (mService != null) {
2275 try {
2276 mService.setProfileEnabled(admin);
2277 } catch (RemoteException e) {
2278 Log.w(TAG, "Failed talking with device policy service", e);
2279 }
2280 }
2281 }
2282
2283 /**
Jessica Hummel1333ea12014-06-23 11:20:10 +01002284 * Sets the name of the Managed profile. In the device owner case it sets the name of the user
2285 * which it is called from. Only the profile owner or device owner can call this. If this is
2286 * never called by the profile or device owner, the name will be set to default values.
2287 *
2288 * @see #isProfileOwnerApp
2289 * @see #isDeviceOwnerApp
2290 *
2291 * @param profileName The name of the profile.
2292 */
2293 public void setProfileName(ComponentName who, String profileName) {
2294 if (mService != null) {
2295 try {
2296 mService.setProfileName(who, profileName);
2297 } catch (RemoteException e) {
2298 Log.w(TAG, "Failed talking with device policy service", e);
2299 }
2300 }
2301}
2302
2303 /**
Adam Connors776c5552014-01-09 10:42:56 +00002304 * Used to determine if a particular package is registered as the Profile Owner for the
Alexandra Gherghina512675b2014-04-02 11:23:54 +01002305 * current user. A profile owner is a special device admin that has additional privileges
Adam Connors776c5552014-01-09 10:42:56 +00002306 * within the managed profile.
2307 *
2308 * @param packageName The package name of the app to compare with the registered profile owner.
2309 * @return Whether or not the package is registered as the profile owner.
2310 */
2311 public boolean isProfileOwnerApp(String packageName) {
2312 if (mService != null) {
2313 try {
Nicolas Prevot90af6d72014-07-30 14:19:12 +01002314 ComponentName profileOwner = mService.getProfileOwner(
2315 Process.myUserHandle().getIdentifier());
2316 return profileOwner != null
2317 && profileOwner.getPackageName().equals(packageName);
Adam Connors776c5552014-01-09 10:42:56 +00002318 } catch (RemoteException re) {
2319 Log.w(TAG, "Failed to check profile owner");
2320 }
2321 }
2322 return false;
2323 }
2324
2325 /**
2326 * @hide
2327 * @return the packageName of the owner of the given user profile or null if no profile
2328 * owner has been set for that user.
2329 * @throws IllegalArgumentException if the userId is invalid.
2330 */
Amith Yamasanibf3a9462014-07-28 14:26:42 -07002331 public ComponentName getProfileOwner() throws IllegalArgumentException {
Zoltan Szatmary-Ban3f1ddf82014-07-02 16:42:05 +01002332 return getProfileOwnerAsUser(Process.myUserHandle().getIdentifier());
2333 }
2334
2335 /**
2336 * @see #getProfileOwner()
2337 * @hide
2338 */
2339 public ComponentName getProfileOwnerAsUser(final int userId) throws IllegalArgumentException {
Adam Connors776c5552014-01-09 10:42:56 +00002340 if (mService != null) {
2341 try {
Zoltan Szatmary-Ban3f1ddf82014-07-02 16:42:05 +01002342 return mService.getProfileOwner(userId);
Adam Connors776c5552014-01-09 10:42:56 +00002343 } catch (RemoteException re) {
2344 Log.w(TAG, "Failed to get profile owner");
2345 throw new IllegalArgumentException(
2346 "Requested profile owner for invalid userId", re);
2347 }
2348 }
2349 return null;
2350 }
2351
2352 /**
2353 * @hide
2354 * @return the human readable name of the organisation associated with this DPM or null if
2355 * one is not set.
2356 * @throws IllegalArgumentException if the userId is invalid.
2357 */
2358 public String getProfileOwnerName() throws IllegalArgumentException {
2359 if (mService != null) {
2360 try {
2361 return mService.getProfileOwnerName(Process.myUserHandle().getIdentifier());
2362 } catch (RemoteException re) {
2363 Log.w(TAG, "Failed to get profile owner");
2364 throw new IllegalArgumentException(
2365 "Requested profile owner for invalid userId", re);
2366 }
2367 }
2368 return null;
2369 }
Sander Alewijnsef475ca32014-02-17 15:13:58 +00002370
2371 /**
2372 * Called by a profile owner or device owner to add a default intent handler activity for
2373 * intents that match a certain intent filter. This activity will remain the default intent
2374 * handler even if the set of potential event handlers for the intent filter changes and if
2375 * the intent preferences are reset.
2376 *
2377 * <p>The default disambiguation mechanism takes over if the activity is not installed
2378 * (anymore). When the activity is (re)installed, it is automatically reset as default
2379 * intent handler for the filter.
2380 *
2381 * <p>The calling device admin must be a profile owner or device owner. If it is not, a
2382 * security exception will be thrown.
2383 *
2384 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
2385 * @param filter The IntentFilter for which a default handler is added.
2386 * @param activity The Activity that is added as default intent handler.
2387 */
2388 public void addPersistentPreferredActivity(ComponentName admin, IntentFilter filter,
2389 ComponentName activity) {
2390 if (mService != null) {
2391 try {
2392 mService.addPersistentPreferredActivity(admin, filter, activity);
2393 } catch (RemoteException e) {
2394 Log.w(TAG, "Failed talking with device policy service", e);
2395 }
2396 }
2397 }
2398
2399 /**
2400 * Called by a profile owner or device owner to remove all persistent intent handler preferences
Torne (Richard Coles)875e2102014-02-24 14:11:56 +00002401 * associated with the given package that were set by {@link #addPersistentPreferredActivity}.
Sander Alewijnsef475ca32014-02-17 15:13:58 +00002402 *
2403 * <p>The calling device admin must be a profile owner. If it is not, a security
2404 * exception will be thrown.
2405 *
2406 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
2407 * @param packageName The name of the package for which preferences are removed.
2408 */
2409 public void clearPackagePersistentPreferredActivities(ComponentName admin,
2410 String packageName) {
2411 if (mService != null) {
2412 try {
2413 mService.clearPackagePersistentPreferredActivities(admin, packageName);
2414 } catch (RemoteException e) {
2415 Log.w(TAG, "Failed talking with device policy service", e);
2416 }
2417 }
2418 }
Robin Lee66e5d962014-04-09 16:44:21 +01002419
2420 /**
2421 * Called by a profile or device owner to set the application restrictions for a given target
2422 * application running in the managed profile.
2423 *
2424 * <p>The provided {@link Bundle} consists of key-value pairs, where the types of values may be
Amith Yamasanic8c84252014-07-13 17:12:12 -07002425 * boolean, int, String, or String[]. The recommended format for keys
Robin Lee66e5d962014-04-09 16:44:21 +01002426 * is "com.example.packagename/example-setting" to avoid naming conflicts with library
2427 * components such as {@link android.webkit.WebView}.
2428 *
2429 * <p>The application restrictions are only made visible to the target application and the
2430 * profile or device owner.
2431 *
2432 * <p>The calling device admin must be a profile or device owner; if it is not, a security
2433 * exception will be thrown.
2434 *
2435 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
2436 * @param packageName The name of the package to update restricted settings for.
2437 * @param settings A {@link Bundle} to be parsed by the receiving application, conveying a new
2438 * set of active restrictions.
2439 */
2440 public void setApplicationRestrictions(ComponentName admin, String packageName,
2441 Bundle settings) {
2442 if (mService != null) {
2443 try {
2444 mService.setApplicationRestrictions(admin, packageName, settings);
2445 } catch (RemoteException e) {
2446 Log.w(TAG, "Failed talking with device policy service", e);
2447 }
2448 }
2449 }
2450
2451 /**
Adrian Roos489d2df2014-07-29 21:01:39 +02002452 * Sets a list of features to enable for a TrustAgent component. This is meant to be
Jim Miller604e7552014-07-18 19:00:02 -07002453 * used in conjunction with {@link #KEYGUARD_DISABLE_TRUST_AGENTS}, which will disable all
2454 * trust agents but those with features enabled by this function call.
2455 *
2456 * <p>The calling device admin must have requested
2457 * {@link DeviceAdminInfo#USES_POLICY_DISABLE_KEYGUARD_FEATURES} to be able to call
2458 * this method; if it has not, a security exception will be thrown.
2459 *
2460 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
2461 * @param agent Which component to enable features for.
2462 * @param features List of features to enable. Consult specific TrustAgent documentation for
2463 * the feature list.
2464 */
2465 public void setTrustAgentFeaturesEnabled(ComponentName admin, ComponentName agent,
2466 List<String> features) {
2467 if (mService != null) {
2468 try {
2469 mService.setTrustAgentFeaturesEnabled(admin, agent, features, UserHandle.myUserId());
2470 } catch (RemoteException e) {
2471 Log.w(TAG, "Failed talking with device policy service", e);
2472 }
2473 }
2474 }
2475
2476 /**
Adrian Roos489d2df2014-07-29 21:01:39 +02002477 * Gets list of enabled features for the given TrustAgent component. If admin is
Jim Miller604e7552014-07-18 19:00:02 -07002478 * null, this will return the intersection of all features enabled for the given agent by all
2479 * admins.
2480 *
2481 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
2482 * @param agent Which component to get enabled features for.
2483 * @return List of enabled features.
2484 */
2485 public List<String> getTrustAgentFeaturesEnabled(ComponentName admin, ComponentName agent) {
2486 if (mService != null) {
2487 try {
2488 return mService.getTrustAgentFeaturesEnabled(admin, agent, UserHandle.myUserId());
2489 } catch (RemoteException e) {
2490 Log.w(TAG, "Failed talking with device policy service", e);
2491 }
2492 }
2493 return new ArrayList<String>(); // empty list
2494 }
2495
2496 /**
Adam Connors210fe212014-07-17 15:41:43 +01002497 * Called by a profile owner to set whether caller-Id information from the managed
2498 * profile will be shown for incoming calls.
2499 *
2500 * <p>The calling device admin must be a profile owner. If it is not, a
2501 * security exception will be thrown.
2502 *
2503 * @param who Which {@link DeviceAdminReceiver} this request is associated with.
2504 * @param disabled If true caller-Id information in the managed profile is not displayed.
2505 */
2506 public void setCrossProfileCallerIdDisabled(ComponentName who, boolean disabled) {
2507 if (mService != null) {
2508 try {
2509 mService.setCrossProfileCallerIdDisabled(who, disabled);
2510 } catch (RemoteException e) {
2511 Log.w(TAG, "Failed talking with device policy service", e);
2512 }
2513 }
2514 }
2515
2516 /**
2517 * Determine whether or not caller-Id information has been disabled.
2518 *
2519 * <p>The calling device admin must be a profile owner. If it is not, a
2520 * security exception will be thrown.
2521 *
2522 * @param who Which {@link DeviceAdminReceiver} this request is associated with.
2523 */
2524 public boolean getCrossProfileCallerIdDisabled(ComponentName who) {
2525 if (mService != null) {
2526 try {
2527 return mService.getCrossProfileCallerIdDisabled(who);
2528 } catch (RemoteException e) {
2529 Log.w(TAG, "Failed talking with device policy service", e);
2530 }
2531 }
2532 return false;
2533 }
2534
2535 /**
Amith Yamasani570002f2014-07-18 15:48:54 -07002536 * Determine whether or not caller-Id information has been disabled.
2537 *
2538 * @param userHandle The user for whom to check the caller-id permission
2539 * @hide
2540 */
2541 public boolean getCrossProfileCallerIdDisabled(UserHandle userHandle) {
2542 if (mService != null) {
2543 try {
2544 return mService.getCrossProfileCallerIdDisabledForUser(userHandle.getIdentifier());
2545 } catch (RemoteException e) {
2546 Log.w(TAG, "Failed talking with device policy service", e);
2547 }
2548 }
2549 return false;
2550 }
2551
2552 /**
Nicolas Prevot81948992014-05-16 18:25:26 +01002553 * Called by the profile owner so that some intents sent in the managed profile can also be
2554 * resolved in the parent, or vice versa.
Nicolas Prevot10fa67c2014-03-24 13:44:38 +00002555 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
Nicolas Prevot81948992014-05-16 18:25:26 +01002556 * @param filter The {@link IntentFilter} the intent has to match to be also resolved in the
2557 * other profile
Nicolas Prevot41d926e2014-06-09 11:48:56 +01002558 * @param flags {@link DevicePolicyManager#FLAG_MANAGED_CAN_ACCESS_PARENT} and
2559 * {@link DevicePolicyManager#FLAG_PARENT_CAN_ACCESS_MANAGED} are supported.
Nicolas Prevot10fa67c2014-03-24 13:44:38 +00002560 */
Nicolas Prevot81948992014-05-16 18:25:26 +01002561 public void addCrossProfileIntentFilter(ComponentName admin, IntentFilter filter, int flags) {
Nicolas Prevot10fa67c2014-03-24 13:44:38 +00002562 if (mService != null) {
2563 try {
Nicolas Prevot81948992014-05-16 18:25:26 +01002564 mService.addCrossProfileIntentFilter(admin, filter, flags);
Nicolas Prevot10fa67c2014-03-24 13:44:38 +00002565 } catch (RemoteException e) {
2566 Log.w(TAG, "Failed talking with device policy service", e);
2567 }
2568 }
2569 }
2570
2571 /**
Nicolas Prevot3f7777f2014-07-24 15:58:39 +01002572 * Called by a profile owner to remove the cross-profile intent filters that go from the
2573 * managed profile to the parent, or from the parent to the managed profile.
2574 * Only removes those that have been set by the profile owner.
Nicolas Prevot10fa67c2014-03-24 13:44:38 +00002575 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
2576 */
Nicolas Prevot81948992014-05-16 18:25:26 +01002577 public void clearCrossProfileIntentFilters(ComponentName admin) {
Nicolas Prevot10fa67c2014-03-24 13:44:38 +00002578 if (mService != null) {
2579 try {
Nicolas Prevot81948992014-05-16 18:25:26 +01002580 mService.clearCrossProfileIntentFilters(admin);
Nicolas Prevot10fa67c2014-03-24 13:44:38 +00002581 } catch (RemoteException e) {
2582 Log.w(TAG, "Failed talking with device policy service", e);
2583 }
2584 }
2585 }
2586
2587 /**
Julia Reynolds1e958392014-05-16 14:25:21 -04002588 * Called by a device owner to create a user with the specified name. The UserHandle returned
2589 * by this method should not be persisted as user handles are recycled as users are removed and
2590 * created. If you need to persist an identifier for this user, use
2591 * {@link UserManager#getSerialNumberForUser}.
2592 *
2593 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
2594 * @param name the user's name
2595 * @see UserHandle
2596 * @return the UserHandle object for the created user, or null if the user could not be created.
2597 */
2598 public UserHandle createUser(ComponentName admin, String name) {
2599 try {
2600 return mService.createUser(admin, name);
2601 } catch (RemoteException re) {
2602 Log.w(TAG, "Could not create a user", re);
2603 }
2604 return null;
2605 }
2606
2607 /**
Jason Monk03978a42014-06-10 15:05:30 -04002608 * Called by a device owner to create a user with the specified name. The UserHandle returned
2609 * by this method should not be persisted as user handles are recycled as users are removed and
2610 * created. If you need to persist an identifier for this user, use
2611 * {@link UserManager#getSerialNumberForUser}. The new user will be started in the background
2612 * immediately.
2613 *
2614 * <p> profileOwnerComponent is the {@link DeviceAdminReceiver} to be the profile owner as well
2615 * as registered as an active admin on the new user. The profile owner package will be
2616 * installed on the new user if it already is installed on the device.
2617 *
2618 * <p>If the optionalInitializeData is not null, then the extras will be passed to the
2619 * profileOwnerComponent when onEnable is called.
2620 *
2621 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
2622 * @param name the user's name
2623 * @param ownerName the human readable name of the organisation associated with this DPM.
2624 * @param profileOwnerComponent The {@link DeviceAdminReceiver} that will be an active admin on
2625 * the user.
2626 * @param adminExtras Extras that will be passed to onEnable of the admin receiver
2627 * on the new user.
2628 * @see UserHandle
2629 * @return the UserHandle object for the created user, or null if the user could not be created.
2630 */
2631 public UserHandle createAndInitializeUser(ComponentName admin, String name, String ownerName,
2632 ComponentName profileOwnerComponent, Bundle adminExtras) {
2633 try {
2634 return mService.createAndInitializeUser(admin, name, ownerName, profileOwnerComponent,
2635 adminExtras);
2636 } catch (RemoteException re) {
2637 Log.w(TAG, "Could not create a user", re);
2638 }
2639 return null;
2640 }
2641
2642 /**
Julia Reynolds1e958392014-05-16 14:25:21 -04002643 * Called by a device owner to remove a user and all associated data. The primary user can
2644 * not be removed.
2645 *
2646 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
2647 * @param userHandle the user to remove.
2648 * @return {@code true} if the user was removed, {@code false} otherwise.
2649 */
2650 public boolean removeUser(ComponentName admin, UserHandle userHandle) {
2651 try {
2652 return mService.removeUser(admin, userHandle);
2653 } catch (RemoteException re) {
2654 Log.w(TAG, "Could not remove user ", re);
2655 return false;
2656 }
2657 }
2658
2659 /**
Jason Monk582d9112014-07-09 19:57:08 -04002660 * Called by a device owner to switch the specified user to the foreground.
2661 *
2662 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
2663 * @param userHandle the user to switch to; null will switch to primary.
2664 * @return {@code true} if the switch was successful, {@code false} otherwise.
2665 *
2666 * @see Intent#ACTION_USER_FOREGROUND
2667 */
2668 public boolean switchUser(ComponentName admin, UserHandle userHandle) {
2669 try {
2670 return mService.switchUser(admin, userHandle);
2671 } catch (RemoteException re) {
2672 Log.w(TAG, "Could not switch user ", re);
2673 return false;
2674 }
2675 }
2676
2677 /**
Robin Lee66e5d962014-04-09 16:44:21 +01002678 * Called by a profile or device owner to get the application restrictions for a given target
2679 * application running in the managed profile.
2680 *
2681 * <p>The calling device admin must be a profile or device owner; if it is not, a security
2682 * exception will be thrown.
2683 *
2684 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
2685 * @param packageName The name of the package to fetch restricted settings of.
2686 * @return {@link Bundle} of settings corresponding to what was set last time
2687 * {@link DevicePolicyManager#setApplicationRestrictions} was called, or an empty {@link Bundle}
2688 * if no restrictions have been set.
2689 */
2690 public Bundle getApplicationRestrictions(ComponentName admin, String packageName) {
2691 if (mService != null) {
2692 try {
2693 return mService.getApplicationRestrictions(admin, packageName);
2694 } catch (RemoteException e) {
2695 Log.w(TAG, "Failed talking with device policy service", e);
2696 }
2697 }
2698 return null;
2699 }
Amith Yamasanibe465322014-04-24 13:45:17 -07002700
2701 /**
2702 * Called by a profile or device owner to set a user restriction specified
2703 * by the key.
2704 * <p>
2705 * The calling device admin must be a profile or device owner; if it is not,
2706 * a security exception will be thrown.
Jim Millerdf2258b2014-04-27 20:10:26 -07002707 *
Amith Yamasanibe465322014-04-24 13:45:17 -07002708 * @param admin Which {@link DeviceAdminReceiver} this request is associated
2709 * with.
2710 * @param key The key of the restriction. See the constants in
2711 * {@link android.os.UserManager} for the list of keys.
2712 */
2713 public void addUserRestriction(ComponentName admin, String key) {
2714 if (mService != null) {
2715 try {
2716 mService.setUserRestriction(admin, key, true);
2717 } catch (RemoteException e) {
2718 Log.w(TAG, "Failed talking with device policy service", e);
2719 }
2720 }
2721 }
2722
2723 /**
2724 * Called by a profile or device owner to clear a user restriction specified
2725 * by the key.
2726 * <p>
2727 * The calling device admin must be a profile or device owner; if it is not,
2728 * a security exception will be thrown.
Jim Millerdf2258b2014-04-27 20:10:26 -07002729 *
Amith Yamasanibe465322014-04-24 13:45:17 -07002730 * @param admin Which {@link DeviceAdminReceiver} this request is associated
2731 * with.
2732 * @param key The key of the restriction. See the constants in
2733 * {@link android.os.UserManager} for the list of keys.
2734 */
2735 public void clearUserRestriction(ComponentName admin, String key) {
2736 if (mService != null) {
2737 try {
2738 mService.setUserRestriction(admin, key, false);
2739 } catch (RemoteException e) {
2740 Log.w(TAG, "Failed talking with device policy service", e);
2741 }
2742 }
2743 }
Adam Connors010cfd42014-04-16 12:48:13 +01002744
2745 /**
Amith Yamasanie5bcff62014-07-19 15:44:09 -07002746 * Called by device or profile owner to hide or unhide packages. When a package is hidden it
Julia Reynolds966881e2014-05-14 12:23:08 -04002747 * is unavailable for use, but the data and actual package file remain.
2748 *
2749 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
Amith Yamasanie5bcff62014-07-19 15:44:09 -07002750 * @param packageName The name of the package to hide or unhide.
2751 * @param hidden {@code true} if the package should be hidden, {@code false} if it should be
2752 * unhidden.
2753 * @return boolean Whether the hidden setting of the package was successfully updated.
Julia Reynolds966881e2014-05-14 12:23:08 -04002754 */
Amith Yamasanie5bcff62014-07-19 15:44:09 -07002755 public boolean setApplicationHidden(ComponentName admin, String packageName,
2756 boolean hidden) {
Julia Reynolds966881e2014-05-14 12:23:08 -04002757 if (mService != null) {
2758 try {
Amith Yamasanie5bcff62014-07-19 15:44:09 -07002759 return mService.setApplicationHidden(admin, packageName, hidden);
Julia Reynolds966881e2014-05-14 12:23:08 -04002760 } catch (RemoteException e) {
2761 Log.w(TAG, "Failed talking with device policy service", e);
2762 }
2763 }
2764 return false;
2765 }
2766
2767 /**
Amith Yamasanie5bcff62014-07-19 15:44:09 -07002768 * Called by profile or device owner to hide or unhide currently installed packages. This
Julia Reynolds966881e2014-05-14 12:23:08 -04002769 * should only be called by a profile or device owner running within a managed profile.
2770 *
2771 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
2772 * @param intent An intent matching the app(s) to be updated. All apps that resolve for this
2773 * intent will be updated in the current profile.
Amith Yamasanie5bcff62014-07-19 15:44:09 -07002774 * @param hidden {@code true} if the packages should be hidden, {@code false} if they should
2775 * be unhidden.
Julia Reynolds966881e2014-05-14 12:23:08 -04002776 * @return int The number of activities that matched the intent and were updated.
2777 */
Amith Yamasanie5bcff62014-07-19 15:44:09 -07002778 public int setApplicationsHidden(ComponentName admin, Intent intent, boolean hidden) {
Julia Reynolds966881e2014-05-14 12:23:08 -04002779 if (mService != null) {
2780 try {
Amith Yamasanie5bcff62014-07-19 15:44:09 -07002781 return mService.setApplicationsHidden(admin, intent, hidden);
Julia Reynolds966881e2014-05-14 12:23:08 -04002782 } catch (RemoteException e) {
2783 Log.w(TAG, "Failed talking with device policy service", e);
2784 }
2785 }
2786 return 0;
2787 }
2788
2789 /**
Amith Yamasanie5bcff62014-07-19 15:44:09 -07002790 * Called by device or profile owner to determine if a package is hidden.
Julia Reynolds966881e2014-05-14 12:23:08 -04002791 *
2792 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
Amith Yamasanie5bcff62014-07-19 15:44:09 -07002793 * @param packageName The name of the package to retrieve the hidden status of.
2794 * @return boolean {@code true} if the package is hidden, {@code false} otherwise.
Julia Reynolds966881e2014-05-14 12:23:08 -04002795 */
Amith Yamasanie5bcff62014-07-19 15:44:09 -07002796 public boolean isApplicationHidden(ComponentName admin, String packageName) {
Julia Reynolds966881e2014-05-14 12:23:08 -04002797 if (mService != null) {
2798 try {
Amith Yamasanie5bcff62014-07-19 15:44:09 -07002799 return mService.isApplicationHidden(admin, packageName);
Julia Reynolds966881e2014-05-14 12:23:08 -04002800 } catch (RemoteException e) {
2801 Log.w(TAG, "Failed talking with device policy service", e);
2802 }
2803 }
2804 return false;
2805 }
2806
2807 /**
Adam Connors655be2a2014-07-14 09:01:25 +00002808 * Called by profile or device owner to re-enable a system app that was disabled by default
2809 * when the managed profile was created. This can only be called from a profile or device
2810 * owner running within a managed profile.
2811 *
2812 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
2813 * @param packageName The package to be re-enabled in the current profile.
2814 */
2815 public void enableSystemApp(ComponentName admin, String packageName) {
2816 if (mService != null) {
2817 try {
2818 mService.enableSystemApp(admin, packageName);
2819 } catch (RemoteException e) {
2820 Log.w(TAG, "Failed to install package: " + packageName);
2821 }
2822 }
2823 }
2824
2825 /**
2826 * Called by profile or device owner to re-enable system apps by intent that were disabled
2827 * by default when the managed profile was created. This can only be called from a profile
2828 * or device owner running within a managed profile.
2829 *
2830 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
2831 * @param intent An intent matching the app(s) to be installed. All apps that resolve for this
2832 * intent will be re-enabled in the current profile.
2833 * @return int The number of activities that matched the intent and were installed.
2834 */
2835 public int enableSystemApp(ComponentName admin, Intent intent) {
2836 if (mService != null) {
2837 try {
2838 return mService.enableSystemAppWithIntent(admin, intent);
2839 } catch (RemoteException e) {
2840 Log.w(TAG, "Failed to install packages matching filter: " + intent);
2841 }
2842 }
2843 return 0;
2844 }
2845
2846 /**
Sander Alewijnse650c3342014-05-08 18:00:50 +01002847 * Called by a profile owner to disable account management for a specific type of account.
2848 *
2849 * <p>The calling device admin must be a profile owner. If it is not, a
2850 * security exception will be thrown.
2851 *
2852 * <p>When account management is disabled for an account type, adding or removing an account
2853 * of that type will not be possible.
2854 *
2855 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
2856 * @param accountType For which account management is disabled or enabled.
2857 * @param disabled The boolean indicating that account management will be disabled (true) or
2858 * enabled (false).
2859 */
2860 public void setAccountManagementDisabled(ComponentName admin, String accountType,
2861 boolean disabled) {
2862 if (mService != null) {
2863 try {
2864 mService.setAccountManagementDisabled(admin, accountType, disabled);
2865 } catch (RemoteException e) {
2866 Log.w(TAG, "Failed talking with device policy service", e);
2867 }
2868 }
2869 }
2870
2871 /**
Sander Alewijnse5c02db62014-05-07 10:46:57 +01002872 * Gets the array of accounts for which account management is disabled by the profile owner.
2873 *
2874 * <p> Account management can be disabled/enabled by calling
2875 * {@link #setAccountManagementDisabled}.
2876 *
2877 * @return a list of account types for which account management has been disabled.
2878 *
2879 * @see #setAccountManagementDisabled
2880 */
2881 public String[] getAccountTypesWithManagementDisabled() {
Zoltan Szatmary-Ban3f1ddf82014-07-02 16:42:05 +01002882 return getAccountTypesWithManagementDisabledAsUser(UserHandle.myUserId());
Alexandra Gherghina999d3942014-07-03 11:40:08 +01002883 }
2884
2885 /**
2886 * @see #getAccountTypesWithManagementDisabled()
2887 * @hide
2888 */
2889 public String[] getAccountTypesWithManagementDisabledAsUser(int userId) {
Sander Alewijnse5c02db62014-05-07 10:46:57 +01002890 if (mService != null) {
2891 try {
Alexandra Gherghina999d3942014-07-03 11:40:08 +01002892 return mService.getAccountTypesWithManagementDisabledAsUser(userId);
Sander Alewijnse5c02db62014-05-07 10:46:57 +01002893 } catch (RemoteException e) {
2894 Log.w(TAG, "Failed talking with device policy service", e);
2895 }
2896 }
2897
2898 return null;
2899 }
justinzhang511e0d82014-03-24 16:09:24 -04002900
2901 /**
Jason Monkd7b86212014-06-16 13:15:38 -04002902 * Sets which packages may enter lock task mode.
2903 *
2904 * <p>Any packages that shares uid with an allowed package will also be allowed
2905 * to activate lock task.
justinzhang511e0d82014-03-24 16:09:24 -04002906 *
Jason Monkc5185f22014-06-24 11:12:42 -04002907 * This function can only be called by the device owner.
Jason Monkd7b86212014-06-16 13:15:38 -04002908 * @param packages The list of packages allowed to enter lock task mode
Jason Monk48aacba2014-08-13 16:29:08 -04002909 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
Jason Monkd7b86212014-06-16 13:15:38 -04002910 *
2911 * @see Activity#startLockTask()
Jason Monk1c7c3192014-06-26 12:52:18 -04002912 * @see DeviceAdminReceiver#onLockTaskModeChanged(Context, Intent, boolean, String)
2913 * @see UserManager#DISALLOW_CREATE_WINDOWS
justinzhang511e0d82014-03-24 16:09:24 -04002914 */
Jason Monk48aacba2014-08-13 16:29:08 -04002915 public void setLockTaskPackages(ComponentName admin, String[] packages)
2916 throws SecurityException {
justinzhang511e0d82014-03-24 16:09:24 -04002917 if (mService != null) {
2918 try {
Jason Monk48aacba2014-08-13 16:29:08 -04002919 mService.setLockTaskPackages(admin, packages);
justinzhang511e0d82014-03-24 16:09:24 -04002920 } catch (RemoteException e) {
2921 Log.w(TAG, "Failed talking with device policy service", e);
2922 }
2923 }
2924 }
2925
2926 /**
Jason Monkd7b86212014-06-16 13:15:38 -04002927 * This function returns the list of packages allowed to start the lock task mode.
Jason Monk48aacba2014-08-13 16:29:08 -04002928 *
2929 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
justinzhang511e0d82014-03-24 16:09:24 -04002930 * @hide
2931 */
Jason Monk48aacba2014-08-13 16:29:08 -04002932 public String[] getLockTaskPackages(ComponentName admin) {
justinzhang511e0d82014-03-24 16:09:24 -04002933 if (mService != null) {
2934 try {
Jason Monk48aacba2014-08-13 16:29:08 -04002935 return mService.getLockTaskPackages(admin);
justinzhang511e0d82014-03-24 16:09:24 -04002936 } catch (RemoteException e) {
2937 Log.w(TAG, "Failed talking with device policy service", e);
2938 }
2939 }
2940 return null;
2941 }
2942
2943 /**
2944 * This function lets the caller know whether the given component is allowed to start the
2945 * lock task mode.
Jason Monkd7b86212014-06-16 13:15:38 -04002946 * @param pkg The package to check
justinzhang511e0d82014-03-24 16:09:24 -04002947 */
Jason Monkd7b86212014-06-16 13:15:38 -04002948 public boolean isLockTaskPermitted(String pkg) {
justinzhang511e0d82014-03-24 16:09:24 -04002949 if (mService != null) {
2950 try {
Jason Monkd7b86212014-06-16 13:15:38 -04002951 return mService.isLockTaskPermitted(pkg);
justinzhang511e0d82014-03-24 16:09:24 -04002952 } catch (RemoteException e) {
2953 Log.w(TAG, "Failed talking with device policy service", e);
2954 }
2955 }
2956 return false;
2957 }
Julia Reynoldsda551652014-05-14 17:15:16 -04002958
2959 /**
2960 * Called by device owners to update {@link Settings.Global} settings. Validation that the value
2961 * of the setting is in the correct form for the setting type should be performed by the caller.
2962 *
2963 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
2964 * @param setting The name of the setting to update.
2965 * @param value The value to update the setting to.
2966 */
2967 public void setGlobalSetting(ComponentName admin, String setting, String value) {
2968 if (mService != null) {
2969 try {
2970 mService.setGlobalSetting(admin, setting, value);
2971 } catch (RemoteException e) {
2972 Log.w(TAG, "Failed talking with device policy service", e);
2973 }
2974 }
2975 }
2976
2977 /**
2978 * Called by profile or device owners to update {@link Settings.Secure} settings. Validation
2979 * that the value of the setting is in the correct form for the setting type should be performed
2980 * by the caller.
2981 *
2982 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
2983 * @param setting The name of the setting to update.
2984 * @param value The value to update the setting to.
2985 */
2986 public void setSecureSetting(ComponentName admin, String setting, String value) {
2987 if (mService != null) {
2988 try {
2989 mService.setSecureSetting(admin, setting, value);
2990 } catch (RemoteException e) {
2991 Log.w(TAG, "Failed talking with device policy service", e);
2992 }
2993 }
2994 }
2995
Amith Yamasanif20d6402014-05-24 15:34:37 -07002996 /**
Amith Yamasanif6e2fcc2014-07-10 13:41:55 -07002997 * Designates a specific service component as the provider for
Amith Yamasanif20d6402014-05-24 15:34:37 -07002998 * making permission requests of a local or remote administrator of the user.
2999 * <p/>
3000 * Only a profile owner can designate the restrictions provider.
3001 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
Amith Yamasanif6e2fcc2014-07-10 13:41:55 -07003002 * @param provider The component name of the service that implements
3003 * {@link AbstractRestrictionsProvider}. If this param is null,
Amith Yamasanif20d6402014-05-24 15:34:37 -07003004 * it removes the restrictions provider previously assigned.
3005 */
Amith Yamasanif6e2fcc2014-07-10 13:41:55 -07003006 public void setRestrictionsProvider(ComponentName admin, ComponentName provider) {
Amith Yamasanif20d6402014-05-24 15:34:37 -07003007 if (mService != null) {
3008 try {
Amith Yamasanif6e2fcc2014-07-10 13:41:55 -07003009 mService.setRestrictionsProvider(admin, provider);
Amith Yamasanif20d6402014-05-24 15:34:37 -07003010 } catch (RemoteException re) {
3011 Log.w(TAG, "Failed to set permission provider on device policy service");
3012 }
3013 }
3014 }
Julia Reynolds4a21b252014-06-04 11:11:43 -04003015
3016 /**
3017 * Called by profile or device owners to set the master volume mute on or off.
3018 *
3019 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
3020 * @param on {@code true} to mute master volume, {@code false} to turn mute off.
3021 */
3022 public void setMasterVolumeMuted(ComponentName admin, boolean on) {
3023 if (mService != null) {
3024 try {
3025 mService.setMasterVolumeMuted(admin, on);
3026 } catch (RemoteException re) {
3027 Log.w(TAG, "Failed to setMasterMute on device policy service");
3028 }
3029 }
3030 }
3031
3032 /**
3033 * Called by profile or device owners to check whether the master volume mute is on or off.
3034 *
3035 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
3036 * @return {@code true} if master volume is muted, {@code false} if it's not.
3037 */
3038 public boolean isMasterVolumeMuted(ComponentName admin) {
3039 if (mService != null) {
3040 try {
3041 return mService.isMasterVolumeMuted(admin);
3042 } catch (RemoteException re) {
3043 Log.w(TAG, "Failed to get isMasterMute on device policy service");
3044 }
3045 }
3046 return false;
3047 }
Kenny Guyc13053b2014-05-29 14:17:17 +01003048
3049 /**
3050 * Called by profile or device owners to change whether a user can uninstall
3051 * a package.
3052 *
3053 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
3054 * @param packageName package to change.
3055 * @param blockUninstall true if the user shouldn't be able to uninstall the package.
3056 */
3057 public void setBlockUninstall(ComponentName admin, String packageName, boolean blockUninstall) {
3058 if (mService != null) {
3059 try {
3060 mService.setBlockUninstall(admin, packageName, blockUninstall);
3061 } catch (RemoteException re) {
3062 Log.w(TAG, "Failed to call block uninstall on device policy service");
3063 }
3064 }
3065 }
3066
3067 /**
3068 * Called by profile or device owners to check whether a user has been blocked from
3069 * uninstalling a package.
3070 *
3071 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
3072 * @param packageName package to check.
3073 * @return true if the user shouldn't be able to uninstall the package.
3074 */
3075 public boolean getBlockUninstall(ComponentName admin, String packageName) {
3076 if (mService != null) {
3077 try {
3078 return mService.getBlockUninstall(admin, packageName);
3079 } catch (RemoteException re) {
3080 Log.w(TAG, "Failed to call block uninstall on device policy service");
3081 }
3082 }
3083 return false;
3084 }
Svetoslav976e8bd2014-07-16 15:12:03 -07003085
3086 /**
3087 * Called by the profile owner to enable widget providers from a given package
3088 * to be available in the parent profile. As a result the user will be able to
3089 * add widgets from the white-listed package running under the profile to a widget
3090 * host which runs under the device owner, for example the home screen. Note that
3091 * a package may have zero or more provider components, where each component
3092 * provides a different widget type.
3093 * <p>
3094 * <strong>Note:</strong> By default no widget provider package is white-listed.
3095 * </p>
3096 *
3097 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
3098 * @param packageName The package from which widget providers are white-listed.
3099 * @return Whether the package was added.
3100 *
3101 * @see #removeCrossProfileWidgetProvider(android.content.ComponentName, String)
3102 * @see #getCrossProfileWidgetProviders(android.content.ComponentName)
3103 */
3104 public boolean addCrossProfileWidgetProvider(ComponentName admin, String packageName) {
3105 if (mService != null) {
3106 try {
3107 return mService.addCrossProfileWidgetProvider(admin, packageName);
3108 } catch (RemoteException re) {
3109 Log.w(TAG, "Error calling addCrossProfileWidgetProvider", re);
3110 }
3111 }
3112 return false;
3113 }
3114
3115 /**
3116 * Called by the profile owner to disable widget providers from a given package
3117 * to be available in the parent profile. For this method to take effect the
3118 * package should have been added via {@link #addCrossProfileWidgetProvider(
3119 * android.content.ComponentName, String)}.
3120 * <p>
3121 * <strong>Note:</strong> By default no widget provider package is white-listed.
3122 * </p>
3123 *
3124 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
3125 * @param packageName The package from which widget providers are no longer
3126 * white-listed.
3127 * @return Whether the package was removed.
3128 *
3129 * @see #addCrossProfileWidgetProvider(android.content.ComponentName, String)
3130 * @see #getCrossProfileWidgetProviders(android.content.ComponentName)
3131 */
3132 public boolean removeCrossProfileWidgetProvider(ComponentName admin, String packageName) {
3133 if (mService != null) {
3134 try {
3135 return mService.removeCrossProfileWidgetProvider(admin, packageName);
3136 } catch (RemoteException re) {
3137 Log.w(TAG, "Error calling removeCrossProfileWidgetProvider", re);
3138 }
3139 }
3140 return false;
3141 }
3142
3143 /**
3144 * Called by the profile owner to query providers from which packages are
3145 * available in the parent profile.
3146 *
3147 * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
3148 * @return The white-listed package list.
3149 *
3150 * @see #addCrossProfileWidgetProvider(android.content.ComponentName, String)
3151 * @see #removeCrossProfileWidgetProvider(android.content.ComponentName, String)
3152 */
3153 public List<String> getCrossProfileWidgetProviders(ComponentName admin) {
3154 if (mService != null) {
3155 try {
3156 List<String> providers = mService.getCrossProfileWidgetProviders(admin);
3157 if (providers != null) {
3158 return providers;
3159 }
3160 } catch (RemoteException re) {
3161 Log.w(TAG, "Error calling getCrossProfileWidgetProviders", re);
3162 }
3163 }
3164 return Collections.emptyList();
3165 }
Dianne Hackbornd6847842010-01-12 18:14:19 -08003166}