DevicePolicyManager

ACTION_ADD_DEVICE_ADMIN

String ACTION_ADD_DEVICE_ADMIN

Activity action: ask the user to add a new device administrator to the system. The desired policy is the ComponentName of the policy in the EXTRA_DEVICE_ADMIN extra field. This will invoke a UI to bring the user through adding the device administrator to the system (or allowing them to reject it).

You can optionally include the EXTRA_ADD_EXPLANATION field to provide the user with additional explanation (in addition to your component's description) about what is being added.

If your administrator is already active, this will ordinarily return immediately (without user intervention). However, if your administrator has been updated and is requesting additional uses-policy flags, the user will be presented with the new list. New policies will not be available to the updated administrator until the user has accepted the new list.

Constant Value: "android.app.action.ADD_DEVICE_ADMIN"

ACTION_DEVICE_OWNER_CHANGED

String ACTION_DEVICE_OWNER_CHANGED

Broadcast action: sent when the device owner is set or changed. This broadcast is sent only to the primary user.

Constant Value: "android.app.action.DEVICE_OWNER_CHANGED"

ACTION_MANAGED_PROFILE_PROVISIONED

String ACTION_MANAGED_PROFILE_PROVISIONED

Broadcast Action: This broadcast is sent to indicate that provisioning of a managed profile has completed successfully.

The broadcast is limited to the primary profile, to the app specified in the provisioning intent with action ACTION_PROVISION_MANAGED_PROFILE.

This intent will contain the extra EXTRA_PROVISIONING_ACCOUNT_TO_MIGRATE which corresponds to the account requested to be migrated at provisioning time, if any.

Constant Value: "android.app.action.MANAGED_PROFILE_PROVISIONED"

ACTION_PROVISION_MANAGED_DEVICE

String ACTION_PROVISION_MANAGED_DEVICE

Activity action: Starts the provisioning flow which sets up a managed device. Must be started with startActivityForResult(Intent, int).

During device owner provisioning a device admin app is set as the owner of the device. A device owner has full control over the device. The device owner can not be modified by the user.

A typical use case would be a device that is owned by a company, but used by either an employee or client.

An intent with this action can be sent only on an unprovisioned device. It is possible to check if provisioning is allowed or not by querying the method isProvisioningAllowed(String).

The intent contains the following extras:

• EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME
• EXTRA_PROVISIONING_SKIP_ENCRYPTION, optional
• EXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED, optional
• EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE, optional
• EXTRA_PROVISIONING_LOGO_URI, optional
• EXTRA_PROVISIONING_MAIN_COLOR, optional

When device owner provisioning has completed, an intent of the type ACTION_PROFILE_PROVISIONING_COMPLETE is broadcast to the device owner.

If provisioning fails, the device is factory reset.

A result code of RESULT_OK implies that the synchronous part of the provisioning flow was successful, although this doesn't guarantee the full flow will succeed. Conversely a result code of RESULT_CANCELED implies that the user backed-out of provisioning, or some precondition for provisioning wasn't met.

Constant Value: "android.app.action.PROVISION_MANAGED_DEVICE"

ACTION_PROVISION_MANAGED_PROFILE

String ACTION_PROVISION_MANAGED_PROFILE

Activity action: Starts the provisioning flow which sets up a managed profile.

A managed profile allows data separation for example for the usage of a device as a personal and corporate device. The user which provisioning is started from and the managed profile share a launcher.

This intent will typically be sent by a mobile device management application (MDM). Provisioning adds a managed profile and sets the MDM as the profile owner who has full control over the profile.

It is possible to check if provisioning is allowed or not by querying the method isProvisioningAllowed(String).

In version LOLLIPOP, this intent must contain the extra EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME. As of M, it should contain the extra EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME instead, although specifying only EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME is still supported.

The intent may also contain the following extras:

• EXTRA_PROVISIONING_ACCOUNT_TO_MIGRATE, optional
• EXTRA_PROVISIONING_SKIP_ENCRYPTION, optional, supported from N
• EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE, optional
• EXTRA_PROVISIONING_LOGO_URI, optional
• EXTRA_PROVISIONING_MAIN_COLOR, optional

When managed provisioning has completed, broadcasts are sent to the application specified in the provisioning intent. The ACTION_PROFILE_PROVISIONING_COMPLETE broadcast is sent in the managed profile and the ACTION_MANAGED_PROFILE_PROVISIONED broadcast is sent in the primary profile.

If provisioning fails, the managedProfile is removed so the device returns to its previous state.

If launched with startActivityForResult(Intent, int) a result code of RESULT_OK implies that the synchronous part of the provisioning flow was successful, although this doesn't guarantee the full flow will succeed. Conversely a result code of RESULT_CANCELED implies that the user backed-out of provisioning, or some precondition for provisioning wasn't met.

Constant Value: "android.app.action.PROVISION_MANAGED_PROFILE"

ACTION_SET_NEW_PARENT_PROFILE_PASSWORD

String ACTION_SET_NEW_PARENT_PROFILE_PASSWORD

Activity action: have the user enter a new password for the parent profile. If the intent is launched from within a managed profile, this will trigger entering a new password for the parent of the profile. In all other cases the behaviour is identical to ACTION_SET_NEW_PASSWORD.

Constant Value: "android.app.action.SET_NEW_PARENT_PROFILE_PASSWORD"

ACTION_SET_NEW_PASSWORD

String ACTION_SET_NEW_PASSWORD

Activity action: have the user enter a new password. This activity should be launched after using setPasswordQuality(ComponentName, int), or setPasswordMinimumLength(ComponentName, int) to have the user enter a new password that meets the current requirements. You can use isActivePasswordSufficient() to determine whether you need to have the user select a new password in order to meet the current constraints. Upon being resumed from this activity, you can check the new password characteristics to see if they are sufficient. If the intent is launched from within a managed profile with a profile owner built against M or before, this will trigger entering a new password for the parent of the profile. For all other cases it will trigger entering a new password for the user or profile it is launched from.

Constant Value: "android.app.action.SET_NEW_PASSWORD"

ACTION_START_ENCRYPTION

String ACTION_START_ENCRYPTION

Activity action: begin the process of encrypting data on the device. This activity should be launched after using setStorageEncryption(ComponentName, boolean) to request encryption be activated. After resuming from this activity, use getStorageEncryption(ComponentName) to check encryption status. However, on some devices this activity may never return, as it may trigger a reboot and in some cases a complete data wipe of the device.

Constant Value: "android.app.action.START_ENCRYPTION"

ACTION_SYSTEM_UPDATE_POLICY_CHANGED

String ACTION_SYSTEM_UPDATE_POLICY_CHANGED

Broadcast action: notify that a new local system update policy has been set by the device owner. The new policy can be retrieved by getSystemUpdatePolicy().

Constant Value: "android.app.action.SYSTEM_UPDATE_POLICY_CHANGED"

ENCRYPTION_STATUS_ACTIVATING

int ENCRYPTION_STATUS_ACTIVATING

Result code for getStorageEncryptionStatus(): indicating that encryption is not currently active, but is currently being activated. This is only reported by devices that support encryption of data and only when the storage is currently undergoing a process of becoming encrypted. A device that must reboot and/or wipe data to become encrypted will never return this value.

Constant Value: 2 (0x00000002)

ENCRYPTION_STATUS_ACTIVE

int ENCRYPTION_STATUS_ACTIVE

Result code for setStorageEncryption(ComponentName, boolean) and getStorageEncryptionStatus(): indicating that encryption is active.

Also see ENCRYPTION_STATUS_ACTIVE_PER_USER.

Constant Value: 3 (0x00000003)

ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY

int ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY

Result code for getStorageEncryptionStatus(): indicating that encryption is active, but an encryption key has not been set by the user.

Constant Value: 4 (0x00000004)

ENCRYPTION_STATUS_ACTIVE_PER_USER

int ENCRYPTION_STATUS_ACTIVE_PER_USER

Result code for getStorageEncryptionStatus(): indicating that encryption is active and the encryption key is tied to the user or profile.

This value is only returned to apps targeting API level 24 and above. For apps targeting earlier API levels, ENCRYPTION_STATUS_ACTIVE is returned, even if the encryption key is specific to the user or profile.

Constant Value: 5 (0x00000005)

ENCRYPTION_STATUS_INACTIVE

int ENCRYPTION_STATUS_INACTIVE

Result code for setStorageEncryption(ComponentName, boolean) and getStorageEncryptionStatus(): indicating that encryption is supported, but is not currently active.

Constant Value: 1 (0x00000001)

ENCRYPTION_STATUS_UNSUPPORTED

int ENCRYPTION_STATUS_UNSUPPORTED

Result code for setStorageEncryption(ComponentName, boolean) and getStorageEncryptionStatus(): indicating that encryption is not supported.

Constant Value: 0 (0x00000000)

EXTRA_ADD_EXPLANATION

String EXTRA_ADD_EXPLANATION

An optional CharSequence providing additional explanation for why the admin is being added.

Constant Value: "android.app.extra.ADD_EXPLANATION"

EXTRA_DEVICE_ADMIN

String EXTRA_DEVICE_ADMIN

The ComponentName of the administrator component.

Constant Value: "android.app.extra.DEVICE_ADMIN"

EXTRA_PROVISIONING_ACCOUNT_TO_MIGRATE

String EXTRA_PROVISIONING_ACCOUNT_TO_MIGRATE

An Account extra holding the account to migrate during managed profile provisioning. If the account supplied is present in the primary user, it will be copied, along with its credentials to the managed profile and removed from the primary user. Use with ACTION_PROVISION_MANAGED_PROFILE.

Constant Value: "android.app.extra.PROVISIONING_ACCOUNT_TO_MIGRATE"

EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE

String EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE

A Parcelable extra of type PersistableBundle that allows a mobile device management application or NFC programmer application which starts managed provisioning to pass data to the management application instance after provisioning.

If used with ACTION_PROVISION_MANAGED_PROFILE it can be used by the application that sends the intent to pass data to itself on the newly created profile. If used with ACTION_PROVISION_MANAGED_DEVICE it allows passing data to the same instance of the app on the primary user. Starting from M, if used with MIME_TYPE_PROVISIONING_NFC as part of NFC managed device provisioning, the NFC message should contain a stringified Properties instance, whose string properties will be converted into a PersistableBundle and passed to the management application after provisioning.

In both cases the application receives the data in onProfileProvisioningComplete(Context, Intent) via an intent with the action ACTION_PROFILE_PROVISIONING_COMPLETE. The bundle is not changed during the managed provisioning.

Constant Value: "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE"

EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME

String EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME

A ComponentName extra indicating the device admin receiver of the mobile device management application that will be set as the profile owner or device owner and active admin.

If an application starts provisioning directly via an intent with action ACTION_PROVISION_MANAGED_PROFILE or ACTION_PROVISION_MANAGED_DEVICE the package name of this component has to match the package name of the application that started provisioning.

This component is set as device owner and active admin when device owner provisioning is started by an intent with action ACTION_PROVISION_MANAGED_DEVICE or by an NFC message containing an NFC record with MIME type MIME_TYPE_PROVISIONING_NFC. For the NFC record, the component name must be flattened to a string, via flattenToShortString().

Constant Value: "android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME"

EXTRA_PROVISIONING_DEVICE_ADMIN_MINIMUM_VERSION_CODE

String EXTRA_PROVISIONING_DEVICE_ADMIN_MINIMUM_VERSION_CODE

An int extra holding a minimum required version code for the device admin package. If the device admin is already installed on the device, it will only be re-downloaded from EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION if the version of the installed package is less than this version code.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_DEVICE_ADMIN_MINIMUM_VERSION_CODE"

EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM

String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM

A String extra holding the URL-safe base64 encoded SHA-256 or SHA-1 hash (see notes below) of the file at download location specified in EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION.

Either this extra or EXTRA_PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM must be present. The provided checksum must match the checksum of the file at the download location. If the checksum doesn't match an error will be shown to the user and the user will be asked to factory reset the device.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Note: for devices running LOLLIPOP and LOLLIPOP_MR1 only SHA-1 hash is supported. Starting from M, this parameter accepts SHA-256 in addition to SHA-1. Support for SHA-1 is likely to be removed in future OS releases.

Constant Value: "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM"

EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_COOKIE_HEADER

String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_COOKIE_HEADER

A String extra holding a http cookie header which should be used in the http request to the url specified in EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_COOKIE_HEADER"

EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION

String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION

A String extra holding a url that specifies the download location of the device admin package. When not provided it is assumed that the device admin package is already installed.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION"

EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME

String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME

This constant was deprecated in API level 23.
Use EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME. This extra is still supported, but only if there is only one device admin receiver in the package that requires the permission BIND_DEVICE_ADMIN.

A String extra holding the package name of the mobile device management application that will be set as the profile owner or device owner.

If an application starts provisioning directly via an intent with action ACTION_PROVISION_MANAGED_PROFILE this package has to match the package name of the application that started provisioning. The package will be set as profile owner in that case.

This package is set as device owner when device owner provisioning is started by an NFC message containing an NFC record with MIME type MIME_TYPE_PROVISIONING_NFC.

When this extra is set, the application must have exactly one device admin receiver. This receiver will be set as the profile or device owner and active admin.

Constant Value: "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME"

EXTRA_PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM

String EXTRA_PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM

A String extra holding the URL-safe base64 encoded SHA-256 checksum of any signature of the android package archive at the download location specified in EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION.

The signatures of an android package archive can be obtained using getPackageArchiveInfo(String, int) with flag GET_SIGNATURES.

Either this extra or EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM must be present. The provided checksum must match the checksum of any signature of the file at the download location. If the checksum does not match an error will be shown to the user and the user will be asked to factory reset the device.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM"

EXTRA_PROVISIONING_EMAIL_ADDRESS

String EXTRA_PROVISIONING_EMAIL_ADDRESS

A String extra that, holds the email address of the account which a managed profile is created for. Used with ACTION_PROVISION_MANAGED_PROFILE and ACTION_PROFILE_PROVISIONING_COMPLETE.

This extra is part of the EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE.

If the ACTION_PROVISION_MANAGED_PROFILE intent that starts managed provisioning contains this extra, it is forwarded in the ACTION_PROFILE_PROVISIONING_COMPLETE intent to the mobile device management application that was set as the profile owner during provisioning. It is usually used to avoid that the user has to enter their email address twice.

Constant Value: "android.app.extra.PROVISIONING_EMAIL_ADDRESS"

EXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED

String EXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED

A Boolean extra that can be used by the mobile device management application to skip the disabling of system apps during provisioning when set to true.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC or an intent with action ACTION_PROVISION_MANAGED_DEVICE that starts device owner provisioning.

Constant Value: "android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED"

EXTRA_PROVISIONING_LOCALE

String EXTRA_PROVISIONING_LOCALE

A String extra holding the Locale that the device will be set to. Format: xx_yy, where xx is the language code, and yy the country code.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_LOCALE"

EXTRA_PROVISIONING_LOCAL_TIME

String EXTRA_PROVISIONING_LOCAL_TIME

A Long extra holding the wall clock time (in milliseconds) to be set on the device's AlarmManager.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_LOCAL_TIME"

EXTRA_PROVISIONING_LOGO_URI

String EXTRA_PROVISIONING_LOGO_URI

A Uri extra pointing to a logo image. This image will be shown during the provisioning. If this extra is not passed, a default image will be shown.

The following URI schemes are accepted:

• content (SCHEME_CONTENT)
• android.resource (SCHEME_ANDROID_RESOURCE)

It is the responsability of the caller to provide an image with a reasonable pixed density for the device.

If a content: URI is passed, the intent should have the flag FLAG_GRANT_READ_URI_PERMISSION and the uri should be added to the ClipData of the intent too.

Use in an intent with action ACTION_PROVISION_MANAGED_PROFILE or ACTION_PROVISION_MANAGED_DEVICE

Constant Value: "android.app.extra.PROVISIONING_LOGO_URI"

EXTRA_PROVISIONING_MAIN_COLOR

String EXTRA_PROVISIONING_MAIN_COLOR

A integer extra indicating the predominant color to show during the provisioning. Refer to Color for how the color is represented.

Use with ACTION_PROVISION_MANAGED_PROFILE or ACTION_PROVISION_MANAGED_DEVICE.

Constant Value: "android.app.extra.PROVISIONING_MAIN_COLOR"

EXTRA_PROVISIONING_SKIP_ENCRYPTION

String EXTRA_PROVISIONING_SKIP_ENCRYPTION

A boolean extra indicating whether device encryption can be skipped as part of device owner or managed profile provisioning.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC or an intent with action ACTION_PROVISION_MANAGED_DEVICE that starts device owner provisioning.

From N onwards, this is also supported for an intent with action ACTION_PROVISION_MANAGED_PROFILE.

Constant Value: "android.app.extra.PROVISIONING_SKIP_ENCRYPTION"

EXTRA_PROVISIONING_TIME_ZONE

String EXTRA_PROVISIONING_TIME_ZONE

A String extra holding the time zone AlarmManager that the device will be set to.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_TIME_ZONE"

EXTRA_PROVISIONING_WIFI_HIDDEN

String EXTRA_PROVISIONING_WIFI_HIDDEN

A boolean extra indicating whether the wifi network in EXTRA_PROVISIONING_WIFI_SSID is hidden or not.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_WIFI_HIDDEN"

EXTRA_PROVISIONING_WIFI_PAC_URL

String EXTRA_PROVISIONING_WIFI_PAC_URL

A String extra holding the proxy auto-config (PAC) URL for the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_WIFI_PAC_URL"

EXTRA_PROVISIONING_WIFI_PASSWORD

String EXTRA_PROVISIONING_WIFI_PASSWORD

A String extra holding the password of the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_WIFI_PASSWORD"

EXTRA_PROVISIONING_WIFI_PROXY_BYPASS

String EXTRA_PROVISIONING_WIFI_PROXY_BYPASS

A String extra holding the proxy bypass for the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_WIFI_PROXY_BYPASS"

EXTRA_PROVISIONING_WIFI_PROXY_HOST

String EXTRA_PROVISIONING_WIFI_PROXY_HOST

A String extra holding the proxy host for the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_WIFI_PROXY_HOST"

EXTRA_PROVISIONING_WIFI_PROXY_PORT

String EXTRA_PROVISIONING_WIFI_PROXY_PORT

An int extra holding the proxy port for the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_WIFI_PROXY_PORT"

EXTRA_PROVISIONING_WIFI_SECURITY_TYPE

String EXTRA_PROVISIONING_WIFI_SECURITY_TYPE

A String extra indicating the security type of the wifi network in EXTRA_PROVISIONING_WIFI_SSID and could be one of NONE, WPA or WEP.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_WIFI_SECURITY_TYPE"

EXTRA_PROVISIONING_WIFI_SSID

String EXTRA_PROVISIONING_WIFI_SSID

A String extra holding the ssid of the wifi network that should be used during nfc device owner provisioning for downloading the mobile device management application.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_WIFI_SSID"

FLAG_MANAGED_CAN_ACCESS_PARENT

int FLAG_MANAGED_CAN_ACCESS_PARENT

Flag used by addCrossProfileIntentFilter(ComponentName, IntentFilter, int) to allow activities in the managed profile to access intents sent from the parent profile. That is, when an app in the parent profile calls startActivity(Intent), the intent can be resolved by a matching activity in the managed profile.

Constant Value: 2 (0x00000002)

FLAG_PARENT_CAN_ACCESS_MANAGED

int FLAG_PARENT_CAN_ACCESS_MANAGED

Flag used by addCrossProfileIntentFilter(ComponentName, IntentFilter, int) to allow activities in the parent profile to access intents sent from the managed profile. That is, when an app in the managed profile calls startActivity(Intent), the intent can be resolved by a matching activity in the parent profile.

Constant Value: 1 (0x00000001)

KEYGUARD_DISABLE_FEATURES_ALL

int KEYGUARD_DISABLE_FEATURES_ALL

Disable all current and future keyguard customizations.

Constant Value: 2147483647 (0x7fffffff)

KEYGUARD_DISABLE_FEATURES_NONE

int KEYGUARD_DISABLE_FEATURES_NONE

Widgets are enabled in keyguard

Constant Value: 0 (0x00000000)

KEYGUARD_DISABLE_FINGERPRINT

int KEYGUARD_DISABLE_FINGERPRINT

Disable fingerprint sensor on keyguard secure screens (e.g. PIN/Pattern/Password).

Constant Value: 32 (0x00000020)

KEYGUARD_DISABLE_REMOTE_INPUT

int KEYGUARD_DISABLE_REMOTE_INPUT

Disable text entry into notifications on secure keyguard screens (e.g. PIN/Pattern/Password).

Constant Value: 64 (0x00000040)

KEYGUARD_DISABLE_SECURE_CAMERA

int KEYGUARD_DISABLE_SECURE_CAMERA

Disable the camera on secure keyguard screens (e.g. PIN/Pattern/Password)

Constant Value: 2 (0x00000002)

KEYGUARD_DISABLE_SECURE_NOTIFICATIONS

int KEYGUARD_DISABLE_SECURE_NOTIFICATIONS

Disable showing all notifications on secure keyguard screens (e.g. PIN/Pattern/Password)

Constant Value: 4 (0x00000004)

KEYGUARD_DISABLE_TRUST_AGENTS

int KEYGUARD_DISABLE_TRUST_AGENTS

Ignore trust agent state on secure keyguard screens (e.g. PIN/Pattern/Password).

Constant Value: 16 (0x00000010)

KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS

int KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS

Only allow redacted notifications on secure keyguard screens (e.g. PIN/Pattern/Password)

Constant Value: 8 (0x00000008)

KEYGUARD_DISABLE_WIDGETS_ALL

int KEYGUARD_DISABLE_WIDGETS_ALL

Disable all keyguard widgets. Has no effect.

Constant Value: 1 (0x00000001)

MIME_TYPE_PROVISIONING_NFC

String MIME_TYPE_PROVISIONING_NFC

This MIME type is used for starting the device owner provisioning.

During device owner provisioning a device admin app is set as the owner of the device. A device owner has full control over the device. The device owner can not be modified by the user and the only way of resetting the device is if the device owner app calls a factory reset.

A typical use case would be a device that is owned by a company, but used by either an employee or client.

The NFC message must be sent to an unprovisioned device.

The NFC record must contain a serialized Properties object which contains the following properties:

• EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME
• EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION, optional
• EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_COOKIE_HEADER, optional
• EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM, optional
• EXTRA_PROVISIONING_LOCAL_TIME (convert to String), optional
• EXTRA_PROVISIONING_TIME_ZONE, optional
• EXTRA_PROVISIONING_LOCALE, optional
• EXTRA_PROVISIONING_WIFI_SSID, optional
• EXTRA_PROVISIONING_WIFI_HIDDEN (convert to String), optional
• EXTRA_PROVISIONING_WIFI_SECURITY_TYPE, optional
• EXTRA_PROVISIONING_WIFI_PASSWORD, optional
• EXTRA_PROVISIONING_WIFI_PROXY_HOST, optional
• EXTRA_PROVISIONING_WIFI_PROXY_PORT (convert to String), optional
• EXTRA_PROVISIONING_WIFI_PROXY_BYPASS, optional
• EXTRA_PROVISIONING_WIFI_PAC_URL, optional
• EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE, optional, supported from M

As of M, the properties should contain EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME instead of EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME, (although specifying only EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME is still supported).

Constant Value: "application/com.android.managedprovisioning"

PASSWORD_QUALITY_ALPHABETIC

int PASSWORD_QUALITY_ALPHABETIC

Constant for setPasswordQuality(ComponentName, int): the user must have entered a password containing at least alphabetic (or other symbol) characters. Note that quality constants are ordered so that higher values are more restrictive.

Constant Value: 262144 (0x00040000)

PASSWORD_QUALITY_ALPHANUMERIC

int PASSWORD_QUALITY_ALPHANUMERIC

Constant for setPasswordQuality(ComponentName, int): the user must have entered a password containing at least both> numeric and alphabetic (or other symbol) characters. Note that quality constants are ordered so that higher values are more restrictive.

Constant Value: 327680 (0x00050000)

PASSWORD_QUALITY_BIOMETRIC_WEAK

int PASSWORD_QUALITY_BIOMETRIC_WEAK

Constant for setPasswordQuality(ComponentName, int): the policy allows for low-security biometric recognition technology. This implies technologies that can recognize the identity of an individual to about a 3 digit PIN (false detection is less than 1 in 1,000). Note that quality constants are ordered so that higher values are more restrictive.

Constant Value: 32768 (0x00008000)

PASSWORD_QUALITY_COMPLEX

int PASSWORD_QUALITY_COMPLEX

Constant for setPasswordQuality(ComponentName, int): the user must have entered a password containing at least a letter, a numerical digit and a special symbol, by default. With this password quality, passwords can be restricted to contain various sets of characters, like at least an uppercase letter, etc. These are specified using various methods, like setPasswordMinimumLowerCase(ComponentName, int). Note that quality constants are ordered so that higher values are more restrictive.

Constant Value: 393216 (0x00060000)

PASSWORD_QUALITY_NUMERIC

int PASSWORD_QUALITY_NUMERIC

Constant for setPasswordQuality(ComponentName, int): the user must have entered a password containing at least numeric characters. Note that quality constants are ordered so that higher values are more restrictive.

Constant Value: 131072 (0x00020000)

PASSWORD_QUALITY_NUMERIC_COMPLEX

int PASSWORD_QUALITY_NUMERIC_COMPLEX

Constant for setPasswordQuality(ComponentName, int): the user must have entered a password containing at least numeric characters with no repeating (4444) or ordered (1234, 4321, 2468) sequences. Note that quality constants are ordered so that higher values are more restrictive.

Constant Value: 196608 (0x00030000)

PASSWORD_QUALITY_SOMETHING

int PASSWORD_QUALITY_SOMETHING

Constant for setPasswordQuality(ComponentName, int): the policy requires some kind of password or pattern, but doesn't care what it is. Note that quality constants are ordered so that higher values are more restrictive.

Constant Value: 65536 (0x00010000)

PASSWORD_QUALITY_UNSPECIFIED

int PASSWORD_QUALITY_UNSPECIFIED

Constant for setPasswordQuality(ComponentName, int): the policy has no requirements for the password. Note that quality constants are ordered so that higher values are more restrictive.

Constant Value: 0 (0x00000000)

PERMISSION_GRANT_STATE_DEFAULT

int PERMISSION_GRANT_STATE_DEFAULT

Runtime permission state: The user can manage the permission through the UI.

Constant Value: 0 (0x00000000)

PERMISSION_GRANT_STATE_DENIED

int PERMISSION_GRANT_STATE_DENIED

Runtime permission state: The permission is denied to the app and the user cannot manage the permission through the UI.

Constant Value: 2 (0x00000002)

PERMISSION_GRANT_STATE_GRANTED

int PERMISSION_GRANT_STATE_GRANTED

Runtime permission state: The permission is granted to the app and the user cannot manage the permission through the UI.

Constant Value: 1 (0x00000001)

PERMISSION_POLICY_AUTO_DENY

int PERMISSION_POLICY_AUTO_DENY

Permission policy to always deny new permission requests for runtime permissions. Already granted or denied permissions are not affected by this.

Constant Value: 2 (0x00000002)

PERMISSION_POLICY_AUTO_GRANT

int PERMISSION_POLICY_AUTO_GRANT

Permission policy to always grant new permission requests for runtime permissions. Already granted or denied permissions are not affected by this.

Constant Value: 1 (0x00000001)

PERMISSION_POLICY_PROMPT

int PERMISSION_POLICY_PROMPT

Permission policy to prompt user for new permission requests for runtime permissions. Already granted or denied permissions are not affected by this.

Constant Value: 0 (0x00000000)

RESET_PASSWORD_DO_NOT_ASK_CREDENTIALS_ON_BOOT

int RESET_PASSWORD_DO_NOT_ASK_CREDENTIALS_ON_BOOT

Flag for resetPassword(String, int): don't ask for user credentials on device boot. If the flag is set, the device can be booted without asking for user password. The absence of this flag does not change the current boot requirements. This flag can be set by the device owner only. If the app is not the device owner, the flag is ignored. Once the flag is set, it cannot be reverted back without resetting the device to factory defaults.

Constant Value: 2 (0x00000002)

RESET_PASSWORD_REQUIRE_ENTRY

int RESET_PASSWORD_REQUIRE_ENTRY

Flag for resetPassword(String, int): don't allow other admins to change the password again until the user has entered it.

Constant Value: 1 (0x00000001)

SKIP_SETUP_WIZARD

int SKIP_SETUP_WIZARD

Flag used by createAndManageUser(ComponentName, String, ComponentName, PersistableBundle, int) to skip setup wizard after creating a new user.

Constant Value: 1 (0x00000001)

WIPE_EXTERNAL_STORAGE

int WIPE_EXTERNAL_STORAGE

Flag for wipeData(int): also erase the device's external storage (such as SD cards).

Constant Value: 1 (0x00000001)

WIPE_RESET_PROTECTION_DATA

int WIPE_RESET_PROTECTION_DATA

Flag for wipeData(int): also erase the factory reset protection data.

This flag may only be set by device owner admins; if it is set by other admins a SecurityException will be thrown.

Constant Value: 2 (0x00000002)

addCrossProfileIntentFilter

void addCrossProfileIntentFilter (ComponentName admin, 
                IntentFilter filter, 
                int flags)

Called by the profile owner of a managed profile so that some intents sent in the managed profile can also be resolved in the parent, or vice versa. Only activity intents are supported.

addCrossProfileWidgetProvider

boolean addCrossProfileWidgetProvider (ComponentName admin, 
                String packageName)

Called by the profile owner of a managed profile to enable widget providers from a given package to be available in the parent profile. As a result the user will be able to add widgets from the white-listed package running under the profile to a widget host which runs under the parent profile, for example the home screen. Note that a package may have zero or more provider components, where each component provides a different widget type.

Note: By default no widget provider package is white-listed.

addPersistentPreferredActivity

void addPersistentPreferredActivity (ComponentName admin, 
                IntentFilter filter, 
                ComponentName activity)

Called by a profile owner or device owner to add a default intent handler activity for intents that match a certain intent filter. This activity will remain the default intent handler even if the set of potential event handlers for the intent filter changes and if the intent preferences are reset.

The default disambiguation mechanism takes over if the activity is not installed (anymore). When the activity is (re)installed, it is automatically reset as default intent handler for the filter.

The calling device admin must be a profile owner or device owner. If it is not, a security exception will be thrown.

addUserRestriction

void addUserRestriction (ComponentName admin, 
                String key)

Called by a profile or device owner to set a user restriction specified by the key.

The calling device admin must be a profile or device owner; if it is not, a security exception will be thrown.

clearCrossProfileIntentFilters

void clearCrossProfileIntentFilters (ComponentName admin)

Called by a profile owner of a managed profile to remove the cross-profile intent filters that go from the managed profile to the parent, or from the parent to the managed profile. Only removes those that have been set by the profile owner.

clearDeviceOwnerApp

void clearDeviceOwnerApp (String packageName)

Clears the current device owner. The caller must be the device owner. This function should be used cautiously as once it is called it cannot be undone. The device owner can only be set as a part of device setup before setup completes.

clearPackagePersistentPreferredActivities

void clearPackagePersistentPreferredActivities (ComponentName admin, 
                String packageName)

Called by a profile owner or device owner to remove all persistent intent handler preferences associated with the given package that were set by addPersistentPreferredActivity(ComponentName, IntentFilter, ComponentName).

The calling device admin must be a profile owner. If it is not, a security exception will be thrown.

clearProfileOwner

void clearProfileOwner (ComponentName admin)

Clears the active profile owner and removes all user restrictions. The caller must be from the same package as the active profile owner for this user, otherwise a SecurityException will be thrown.

This doesn't work for managed profile owners.

clearUserRestriction

void clearUserRestriction (ComponentName admin, 
                String key)

Called by a profile or device owner to clear a user restriction specified by the key.

The calling device admin must be a profile or device owner; if it is not, a security exception will be thrown.

createAndManageUser

UserHandle createAndManageUser (ComponentName admin, 
                String name, 
                ComponentName profileOwner, 
                PersistableBundle adminExtras, 
                int flags)

Called by a device owner to create a user with the specified name and a given component of the calling package as profile owner. The UserHandle returned by this method should not be persisted as user handles are recycled as users are removed and created. If you need to persist an identifier for this user, use getSerialNumberForUser(UserHandle). The new user will not be started in the background.

admin is the DeviceAdminReceiver which is the device owner. profileOwner is also a DeviceAdminReceiver in the same package as admin, and will become the profile owner and will be registered as an active admin on the new user. The profile owner package will be installed on the new user.

If the adminExtras are not null, they will be stored on the device until the user is started for the first time. Then the extras will be passed to the admin when onEnable is called.

enableSystemApp

int enableSystemApp (ComponentName admin, 
                Intent intent)

Called by profile or device owners to re-enable system apps by intent that were disabled by default when the user was initialized.

enableSystemApp

void enableSystemApp (ComponentName admin, 
                String packageName)

Called by profile or device owners to re-enable a system app that was disabled by default when the user was initialized.

getAccountTypesWithManagementDisabled

String[] getAccountTypesWithManagementDisabled ()

Gets the array of accounts for which account management is disabled by the profile owner.

Account management can be disabled/enabled by calling setAccountManagementDisabled(ComponentName, String, boolean).

getActiveAdmins

List<ComponentName> getActiveAdmins ()

Return a list of all currently active device administrators' component names. If there are no administrators null may be returned.

getAlwaysOnVpnPackage

String getAlwaysOnVpnPackage (ComponentName admin)

Called by a device or profile owner to read the name of the package administering an always-on VPN connection for the current user. If there is no such package, or the always-on VPN is provided by the system instead of by an application, null will be returned.

getApplicationRestrictions

Bundle getApplicationRestrictions (ComponentName admin, 
                String packageName)

Retrieves the application restrictions for a given target application running in the calling user.

The caller must be a profile or device owner on that user, or the package allowed to manage application restrictions via setApplicationRestrictionsManagingPackage(ComponentName, String); otherwise a security exception will be thrown.

getApplicationRestrictionsManagingPackage

String getApplicationRestrictionsManagingPackage (ComponentName admin)

Called by a profile owner or device owner to retrieve the application restrictions managing package for the current user, or null if none is set.

getAutoTimeRequired

boolean getAutoTimeRequired ()

getBluetoothContactSharingDisabled

boolean getBluetoothContactSharingDisabled (ComponentName admin)

Called by a profile owner of a managed profile to determine whether or not Bluetooth devices cannot access enterprise contacts.

The calling device admin must be a profile owner. If it is not, a security exception will be thrown.

This API works on managed profile only.

getCameraDisabled

boolean getCameraDisabled (ComponentName admin)

Determine whether or not the device's cameras have been disabled for this user, either by the calling admin, if specified, or all admins.

getCertInstallerPackage

String getCertInstallerPackage (ComponentName admin)

Called by a profile owner or device owner to retrieve the certificate installer for the user. null if none is set.

getCrossProfileCallerIdDisabled

boolean getCrossProfileCallerIdDisabled (ComponentName admin)

Called by a profile owner of a managed profile to determine whether or not caller-Id information has been disabled.

The calling device admin must be a profile owner. If it is not, a security exception will be thrown.

getCrossProfileContactsSearchDisabled

boolean getCrossProfileContactsSearchDisabled (ComponentName admin)

Called by a profile owner of a managed profile to determine whether or not contacts search has been disabled.

The calling device admin must be a profile owner. If it is not, a security exception will be thrown.

getCrossProfileWidgetProviders

List<String> getCrossProfileWidgetProviders (ComponentName admin)

Called by the profile owner of a managed profile to query providers from which packages are available in the parent profile.

getCurrentFailedPasswordAttempts

int getCurrentFailedPasswordAttempts ()

Retrieve the number of times the user has failed at entering a password since that last successful password entry.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve the number of failed password attemts for the parent user.

The calling device admin must have requested USES_POLICY_WATCH_LOGIN to be able to call this method; if it has not, a security exception will be thrown.

getDeviceOwnerLockScreenInfo

CharSequence getDeviceOwnerLockScreenInfo ()

getInstalledCaCerts

List<byte[]> getInstalledCaCerts (ComponentName admin)

Returns all CA certificates that are currently trusted, excluding system CA certificates. If a user has installed any certificates by other means than device policy these will be included too.

getKeyguardDisabledFeatures

int getKeyguardDisabledFeatures (ComponentName admin)

Determine whether or not features have been disabled in keyguard either by the calling admin, if specified, or all admins that set retrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile.

getLongSupportMessage

CharSequence getLongSupportMessage (ComponentName admin)

Called by a device admin to get the long support message.

getMaximumFailedPasswordsForWipe

int getMaximumFailedPasswordsForWipe (ComponentName admin)

Retrieve the current maximum number of login attempts that are allowed before the device or profile is wiped, for a particular admin or all admins that set retrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve the value for the parent profile.

getMaximumTimeToLock

long getMaximumTimeToLock (ComponentName admin)

Retrieve the current maximum time to unlock for a particular admin or all admins that set retrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile.

getOrganizationColor

int getOrganizationColor (ComponentName admin)

Called by a profile owner of a managed profile to retrieve the color used for customization. This color is used as background color of the confirm credentials screen for that user.

getOrganizationName

CharSequence getOrganizationName (ComponentName admin)

Called by a profile owner of a managed profile to retrieve the name of the organization under management.

getParentProfileInstance

DevicePolicyManager getParentProfileInstance (ComponentName admin)

Called by the profile owner of a managed profile to obtain a DevicePolicyManager whose calls act on the parent profile.

The following methods are supported for the parent instance, all other methods will throw a SecurityException when called on the parent instance:

• getPasswordQuality(ComponentName)
• setPasswordQuality(ComponentName, int)
• getPasswordMinimumLength(ComponentName)
• setPasswordMinimumLength(ComponentName, int)
• getPasswordMinimumUpperCase(ComponentName)
• setPasswordMinimumUpperCase(ComponentName, int)
• getPasswordMinimumLowerCase(ComponentName)
• setPasswordMinimumLowerCase(ComponentName, int)
• getPasswordMinimumLetters(ComponentName)
• setPasswordMinimumLetters(ComponentName, int)
• getPasswordMinimumNumeric(ComponentName)
• setPasswordMinimumNumeric(ComponentName, int)
• getPasswordMinimumSymbols(ComponentName)
• setPasswordMinimumSymbols(ComponentName, int)
• getPasswordMinimumNonLetter(ComponentName)
• setPasswordMinimumNonLetter(ComponentName, int)
• getPasswordHistoryLength(ComponentName)
• setPasswordHistoryLength(ComponentName, int)
• getPasswordExpirationTimeout(ComponentName)
• setPasswordExpirationTimeout(ComponentName, long)
• getPasswordExpiration(ComponentName)
• isActivePasswordSufficient()
• getCurrentFailedPasswordAttempts()
• getMaximumFailedPasswordsForWipe(ComponentName)
• setMaximumFailedPasswordsForWipe(ComponentName, int)
• getMaximumTimeToLock(ComponentName)
• setMaximumTimeToLock(ComponentName, long)
• lockNow()
• getKeyguardDisabledFeatures(ComponentName)
• setKeyguardDisabledFeatures(ComponentName, int)
• getTrustAgentConfiguration(ComponentName, ComponentName)
• setTrustAgentConfiguration(ComponentName, ComponentName, PersistableBundle)

getPasswordExpiration

long getPasswordExpiration (ComponentName admin)

Get the current password expiration time for a particular admin or all admins that set retrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. If admin is null, then a composite of all expiration times is returned - which will be the minimum of all of them.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve the password expiration for the parent profile.

getPasswordExpirationTimeout

long getPasswordExpirationTimeout (ComponentName admin)

Get the password expiration timeout for the given admin. The expiration timeout is the recurring expiration timeout provided in the call to setPasswordExpirationTimeout(ComponentName, long) for the given admin or the aggregate of all participating policy administrators if admin is null. Admins that have set restrictions on profiles that have a separate challenge are not taken into account.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile.

getPasswordHistoryLength

int getPasswordHistoryLength (ComponentName admin)

Retrieve the current password history length for a particular admin or all admins that set retrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile.

getPasswordMaximumLength

int getPasswordMaximumLength (int quality)

Return the maximum password length that the device supports for a particular password quality.

getPasswordMinimumLength

int getPasswordMinimumLength (ComponentName admin)

Retrieve the current minimum password length for a particular admin or all admins that set retrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile. user and its profiles or a particular one.

getPasswordMinimumLetters

int getPasswordMinimumLetters (ComponentName admin)

Retrieve the current number of letters required in the password for a particular admin or all admins that set retrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. This is the same value as set by setPasswordMinimumLetters(ComponentName, int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile.

getPasswordMinimumLowerCase

int getPasswordMinimumLowerCase (ComponentName admin)

Retrieve the current number of lower case letters required in the password for a particular admin or all admins that set retrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. This is the same value as set by setPasswordMinimumLowerCase(ComponentName, int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile.

getPasswordMinimumNonLetter

int getPasswordMinimumNonLetter (ComponentName admin)

Retrieve the current number of non-letter characters required in the password for a particular admin or all admins that set retrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. This is the same value as set by setPasswordMinimumNonLetter(ComponentName, int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile.

getPasswordMinimumNumeric

int getPasswordMinimumNumeric (ComponentName admin)

Retrieve the current number of numerical digits required in the password for a particular admin or all admins that set retrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. This is the same value as set by setPasswordMinimumNumeric(ComponentName, int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile.

getPasswordMinimumSymbols

int getPasswordMinimumSymbols (ComponentName admin)

Retrieve the current number of symbols required in the password for a particular admin or all admins that set retrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. This is the same value as set by setPasswordMinimumSymbols(ComponentName, int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile.

getPasswordMinimumUpperCase

int getPasswordMinimumUpperCase (ComponentName admin)

Retrieve the current number of upper case letters required in the password for a particular admin or all admins that set retrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. This is the same value as set by setPasswordMinimumUpperCase(ComponentName, int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile.

getPasswordQuality

int getPasswordQuality (ComponentName admin)

Retrieve the current minimum password quality for a particular admin or all admins that set retrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile.

getPermissionGrantState

int getPermissionGrantState (ComponentName admin, 
                String packageName, 
                String permission)

Returns the current grant state of a runtime permission for a specific application.

getPermissionPolicy

int getPermissionPolicy (ComponentName admin)

Returns the current runtime permission policy set by the device or profile owner. The default is PERMISSION_POLICY_PROMPT.

getPermittedAccessibilityServices

List<String> getPermittedAccessibilityServices (ComponentName admin)

Returns the list of permitted accessibility services set by this device or profile owner.

An empty list means no accessibility services except system services are allowed. Null means all accessibility services are allowed.

getPermittedInputMethods

List<String> getPermittedInputMethods (ComponentName admin)

Returns the list of permitted input methods set by this device or profile owner.

An empty list means no input methods except system input methods are allowed. Null means all input methods are allowed.

getScreenCaptureDisabled

boolean getScreenCaptureDisabled (ComponentName admin)

Determine whether or not screen capture has been disabled by the calling admin, if specified, or all admins.

getShortSupportMessage

CharSequence getShortSupportMessage (ComponentName admin)

Called by a device admin to get the short support message.

getStorageEncryption

boolean getStorageEncryption (ComponentName admin)

Called by an application that is administering the device to determine the requested setting for secure storage.

getStorageEncryptionStatus

int getStorageEncryptionStatus ()

Called by an application that is administering the device to determine the current encryption status of the device.

Depending on the returned status code, the caller may proceed in different ways. If the result is ENCRYPTION_STATUS_UNSUPPORTED, the storage system does not support encryption. If the result is ENCRYPTION_STATUS_INACTIVE, use ACTION_START_ENCRYPTION to begin the process of encrypting or decrypting the storage. If the result is ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY, the storage system has enabled encryption but no password is set so further action may be required. If the result is ENCRYPTION_STATUS_ACTIVATING, ENCRYPTION_STATUS_ACTIVE or ENCRYPTION_STATUS_ACTIVE_PER_USER, no further action is required.

getSystemUpdatePolicy

SystemUpdatePolicy getSystemUpdatePolicy ()

Retrieve a local system update policy set previously by setSystemUpdatePolicy(ComponentName, SystemUpdatePolicy).

getTrustAgentConfiguration

List<PersistableBundle> getTrustAgentConfiguration (ComponentName admin, 
                ComponentName agent)

Gets configuration for the given trust agent based on aggregating all calls to setTrustAgentConfiguration(ComponentName, ComponentName, PersistableBundle) for all device admins.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve the configuration set on the parent profile.

getUserRestrictions

Bundle getUserRestrictions (ComponentName admin)

Called by a profile or device owner to get user restrictions set with addUserRestriction(ComponentName, String).

The target user may have more restrictions set by the system or other device owner / profile owner. To get all the user restrictions currently set, use getUserRestrictions().

getWifiMacAddress

String getWifiMacAddress (ComponentName admin)

Called by device owner to get the MAC address of the Wi-Fi device.

hasCaCertInstalled

boolean hasCaCertInstalled (ComponentName admin, 
                byte[] certBuffer)

Returns whether this certificate is installed as a trusted CA.

hasGrantedPolicy

boolean hasGrantedPolicy (ComponentName admin, 
                int usesPolicy)

Returns true if an administrator has been granted a particular device policy. This can be used to check whether the administrator was activated under an earlier set of policies, but requires additional policies after an upgrade.

installCaCert

boolean installCaCert (ComponentName admin, 
                byte[] certBuffer)

Installs the given certificate as a user CA.

installKeyPair

boolean installKeyPair (ComponentName admin, 
                PrivateKey privKey, 
                Certificate[] certs, 
                String alias, 
                boolean requestAccess)

Called by a device or profile owner, or delegated certificate installer, to install a certificate chain and corresponding private key for the leaf certificate. All apps within the profile will be able to access the certificate chain and use the private key, given direct user approval.

The caller of this API may grant itself access to the certificate and private key immediately, without user approval. It is a best practice not to request this unless strictly necessary since it opens up additional security vulnerabilities.

installKeyPair

boolean installKeyPair (ComponentName admin, 
                PrivateKey privKey, 
                Certificate cert, 
                String alias)

Called by a device or profile owner, or delegated certificate installer, to install a certificate and corresponding private key. All apps within the profile will be able to access the certificate and use the private key, given direct user approval.

Access to the installed credentials will not be granted to the caller of this API without direct user approval. This is for security - should a certificate installer become compromised, certificates it had already installed will be protected.

If the installer must have access to the credentials, call installKeyPair(ComponentName, PrivateKey, Certificate[], String, boolean) instead.

isActivePasswordSufficient

boolean isActivePasswordSufficient ()

Determine whether the current password the user has set is sufficient to meet the policy requirements (e.g. quality, minimum length) that have been requested by the admins of this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account.

The calling device admin must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to determine if the password set on the parent profile is sufficient.

isAdminActive

boolean isAdminActive (ComponentName admin)

Return true if the given administrator component is currently active (enabled) in the system.

isApplicationHidden

boolean isApplicationHidden (ComponentName admin, 
                String packageName)

Called by profile or device owners to determine if a package is hidden.

isCallerApplicationRestrictionsManagingPackage

boolean isCallerApplicationRestrictionsManagingPackage ()

Called by any application to find out whether it has been granted permission via setApplicationRestrictionsManagingPackage(ComponentName, String) to manage application restrictions for the calling user.

This is done by comparing the calling Linux uid with the uid of the package specified by that method.

isDeviceOwnerApp

boolean isDeviceOwnerApp (String packageName)

Used to determine if a particular package has been registered as a Device Owner app. A device owner app is a special device admin that cannot be deactivated by the user, once activated as a device admin. It also cannot be uninstalled. To check whether a particular package is currently registered as the device owner app, pass in the package name from getPackageName() to this method.

This is useful for device admin apps that want to check whether they are also registered as the device owner app. The exact mechanism by which a device admin app is registered as a device owner app is defined by the setup process.

isLockTaskPermitted

boolean isLockTaskPermitted (String pkg)

This function lets the caller know whether the given component is allowed to start the lock task mode.

isManagedProfile

boolean isManagedProfile (ComponentName admin)

Return if this user is a managed profile of another user. An admin can become the profile owner of a managed profile with ACTION_PROVISION_MANAGED_PROFILE and of a managed user with createAndManageUser(ComponentName, String, ComponentName, PersistableBundle, int)

isMasterVolumeMuted

boolean isMasterVolumeMuted (ComponentName admin)

Called by profile or device owners to check whether the master volume mute is on or off.

isPackageSuspended

boolean isPackageSuspended (ComponentName admin, 
                String packageName)

Called by device or profile owners to determine if a package is suspended.

isProfileOwnerApp

boolean isProfileOwnerApp (String packageName)

Used to determine if a particular package is registered as the profile owner for the user. A profile owner is a special device admin that has additional privileges within the profile.

isProvisioningAllowed

boolean isProvisioningAllowed (String action)

Returns if provisioning a managed profile or device is possible or not.

isSecurityLoggingEnabled

boolean isSecurityLoggingEnabled (ComponentName admin)

Return whether security logging is enabled or not by the device owner.

Can only be called by the device owner, otherwise a SecurityException will be thrown.

isUninstallBlocked

boolean isUninstallBlocked (ComponentName admin, 
                String packageName)

Check whether the user has been blocked by device policy from uninstalling a package. Requires the caller to be the profile owner if checking a specific admin's policy.

Note: Starting from LOLLIPOP_MR1, the behavior of this API is changed such that passing null as the admin parameter will return if any admin has blocked the uninstallation. Before L MR1, passing null will cause a NullPointerException to be raised.

lockNow

void lockNow ()

Make the device lock immediately, as if the lock screen timeout has expired at the point of this call.

The calling device admin must have requested USES_POLICY_FORCE_LOCK to be able to call this method; if it has not, a security exception will be thrown.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to lock the parent profile.

reboot

void reboot (ComponentName admin)

Called by device owner to reboot the device. If there is an ongoing call on the device, throws an IllegalStateException.

removeActiveAdmin

void removeActiveAdmin (ComponentName admin)

Remove a current administration component. This can only be called by the application that owns the administration component; if you try to remove someone else's component, a security exception will be thrown.

Note that the operation is not synchronous and the admin might still be active (as indicated by getActiveAdmins()) by the time this method returns.

removeCrossProfileWidgetProvider

boolean removeCrossProfileWidgetProvider (ComponentName admin, 
                String packageName)

Called by the profile owner of a managed profile to disable widget providers from a given package to be available in the parent profile. For this method to take effect the package should have been added via addCrossProfileWidgetProvider(android.content.ComponentName, String).

Note: By default no widget provider package is white-listed.

removeKeyPair

boolean removeKeyPair (ComponentName admin, 
                String alias)

Called by a device or profile owner, or delegated certificate installer, to remove a certificate and private key pair installed under a given alias.

removeUser

boolean removeUser (ComponentName admin, 
                UserHandle userHandle)

Called by a device owner to remove a user and all associated data. The primary user can not be removed.

requestBugreport

boolean requestBugreport (ComponentName admin)

Called by a device owner to request a bugreport.

There must be only one user on the device, managed by the device owner. Otherwise a SecurityException will be thrown.

resetPassword

boolean resetPassword (String password, 
                int flags)

Force a new device unlock password (the password needed to access the entire device, not for individual accounts) on the user. This takes effect immediately.

Note: This API has been limited as of N for device admins that are not device owner and not profile owner. The password can now only be changed if there is currently no password set. Device owner and profile owner can still do this when user is unlocked and does not have a managed profile.

The given password must be sufficient for the current password quality and length constraints as returned by getPasswordQuality(ComponentName) and getPasswordMinimumLength(ComponentName); if it does not meet these constraints, then it will be rejected and false returned. Note that the password may be a stronger quality (containing alphanumeric characters when the requested quality is only numeric), in which case the currently active quality will be increased to match.

Calling with a null or empty password will clear any existing PIN, pattern or password if the current password constraints allow it. Note: This will not work in N and later for managed profiles, or for device admins that are not device owner or profile owner. Once set, the password cannot be changed to null or empty except by these admins.

The calling device admin must have requested USES_POLICY_RESET_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

retrievePreRebootSecurityLogs

List<SecurityLog.SecurityEvent> retrievePreRebootSecurityLogs (ComponentName admin)

Called by device owners to retrieve device logs from before the device's last reboot.

This API is not supported on all devices. Calling this API on unsupported devices will result in null being returned. The device logs are retrieved from a RAM region which is not guaranteed to be corruption-free during power cycles, as a result be cautious about data corruption when parsing.

There must be only one user on the device, managed by the device owner. Otherwise a SecurityException will be thrown.

retrieveSecurityLogs

List<SecurityLog.SecurityEvent> retrieveSecurityLogs (ComponentName admin)

Called by device owner to retrieve all new security logging entries since the last call to this API after device boots.

Access to the logs is rate limited and it will only return new logs after the device owner has been notified via onSecurityLogsAvailable(Context, Intent).

There must be only one user on the device, managed by the device owner. Otherwise a SecurityException will be thrown.

setAccountManagementDisabled

void setAccountManagementDisabled (ComponentName admin, 
                String accountType, 
                boolean disabled)

Called by a device owner or profile owner to disable account management for a specific type of account.

The calling device admin must be a device owner or profile owner. If it is not, a security exception will be thrown.

When account management is disabled for an account type, adding or removing an account of that type will not be possible.

From N the profile or device owner can still use AccountManager APIs to add or remove accounts when account management for a specific type is disabled.

setAlwaysOnVpnPackage

void setAlwaysOnVpnPackage (ComponentName admin, 
                String vpnPackage, 
                boolean lockdownEnabled)

Called by a device or profile owner to configure an always-on VPN connection through a specific application for the current user. This connection is automatically granted and persisted after a reboot.

The designated package should declare a VpnService in its manifest guarded by BIND_VPN_SERVICE, otherwise the call will fail.

setApplicationHidden

boolean setApplicationHidden (ComponentName admin, 
                String packageName, 
                boolean hidden)

Called by profile or device owners to hide or unhide packages. When a package is hidden it is unavailable for use, but the data and actual package file remain.

setApplicationRestrictions

void setApplicationRestrictions (ComponentName admin, 
                String packageName, 
                Bundle settings)

Sets the application restrictions for a given target application running in the calling user.

The caller must be a profile or device owner on that user, or the package allowed to manage application restrictions via setApplicationRestrictionsManagingPackage(ComponentName, String); otherwise a security exception will be thrown.

The provided Bundle consists of key-value pairs, where the types of values may be:

• boolean
• int
• String or String[]
• From M, Bundle or Bundle[]

If the restrictions are not available yet, but may be applied in the near future, the caller can notify the target application of that by adding KEY_RESTRICTIONS_PENDING to the settings parameter.

The application restrictions are only made visible to the target application via getApplicationRestrictions(String), in addition to the profile or device owner, and the application restrictions managing package via getApplicationRestrictions(ComponentName, String).

setApplicationRestrictionsManagingPackage

void setApplicationRestrictionsManagingPackage (ComponentName admin, 
                String packageName)

Called by a profile owner or device owner to grant permission to a package to manage application restrictions for the calling user via setApplicationRestrictions(ComponentName, String, Bundle) and getApplicationRestrictions(ComponentName, String).

This permission is persistent until it is later cleared by calling this method with a null value or uninstalling the managing package.

The supplied application restriction managing package must be installed when calling this API, otherwise an PackageManager.NameNotFoundException will be thrown.

setAutoTimeRequired

void setAutoTimeRequired (ComponentName admin, 
                boolean required)

Called by a device owner to set whether auto time is required. If auto time is required the user cannot set the date and time, but has to use network date and time.

Note: if auto time is required the user can still manually set the time zone.

The calling device admin must be a device owner. If it is not, a security exception will be thrown.

setBluetoothContactSharingDisabled

void setBluetoothContactSharingDisabled (ComponentName admin, 
                boolean disabled)

Called by a profile owner of a managed profile to set whether bluetooth devices can access enterprise contacts.

The calling device admin must be a profile owner. If it is not, a security exception will be thrown.

This API works on managed profile only.

setCameraDisabled

void setCameraDisabled (ComponentName admin, 
                boolean disabled)

Called by an application that is administering the device to disable all cameras on the device, for this user. After setting this, no applications running as this user will be able to access any cameras on the device.

If the caller is device owner, then the restriction will be applied to all users.

The calling device admin must have requested USES_POLICY_DISABLE_CAMERA to be able to call this method; if it has not, a security exception will be thrown.

setCertInstallerPackage

void setCertInstallerPackage (ComponentName admin, 
                String installerPackage)

Called by a profile owner or device owner to grant access to privileged certificate manipulation APIs to a third-party certificate installer app. Granted APIs include getInstalledCaCerts(ComponentName), hasCaCertInstalled(ComponentName, byte[]), installCaCert(ComponentName, byte[]), uninstallCaCert(ComponentName, byte[]), uninstallAllUserCaCerts(ComponentName) and installKeyPair(ComponentName, PrivateKey, Certificate, String).

Delegated certificate installer is a per-user state. The delegated access is persistent until it is later cleared by calling this method with a null value or uninstallling the certificate installer.

Note:Starting from N, if the caller application's target SDK version is N or newer, the supplied certificate installer package must be installed when calling this API, otherwise an IllegalArgumentException will be thrown.

setCrossProfileCallerIdDisabled

void setCrossProfileCallerIdDisabled (ComponentName admin, 
                boolean disabled)

Called by a profile owner of a managed profile to set whether caller-Id information from the managed profile will be shown in the parent profile, for incoming calls.

The calling device admin must be a profile owner. If it is not, a security exception will be thrown.

setCrossProfileContactsSearchDisabled

void setCrossProfileContactsSearchDisabled (ComponentName admin, 
                boolean disabled)

Called by a profile owner of a managed profile to set whether contacts search from the managed profile will be shown in the parent profile, for incoming calls.

The calling device admin must be a profile owner. If it is not, a security exception will be thrown.

setDeviceOwnerLockScreenInfo

void setDeviceOwnerLockScreenInfo (ComponentName admin, 
                CharSequence info)

Sets the device owner information to be shown on the lock screen.

If the device owner information is null or empty then the device owner info is cleared and the user owner info is shown on the lock screen if it is set.

If the device owner information contains only whitespaces then the message on the lock screen will be blank and the user will not be allowed to change it.

If the device owner information needs to be localized, it is the responsibility of the DeviceAdminReceiver to listen to the ACTION_LOCALE_CHANGED broadcast and set a new version of this string accordingly.

setGlobalSetting

void setGlobalSetting (ComponentName admin, 
                String setting, 
                String value)

Called by device owners to update Settings.Global settings. Validation that the value of the setting is in the correct form for the setting type should be performed by the caller.

The settings that can be updated with this method are:

• ADB_ENABLED
• AUTO_TIME
• AUTO_TIME_ZONE
• DATA_ROAMING
• USB_MASS_STORAGE_ENABLED
• WIFI_SLEEP_POLICY
• STAY_ON_WHILE_PLUGGED_IN This setting is only available from M onwards and can only be set if setMaximumTimeToLock(ComponentName, long) is not used to set a timeout.
• WIFI_DEVICE_OWNER_CONFIGS_LOCKDOWN
This setting is only available from M onwards.

Changing the following settings has no effect as of M:

• BLUETOOTH_ON. Use enable() and disable() instead.
• DEVELOPMENT_SETTINGS_ENABLED
• MODE_RINGER. Use setRingerMode(int) instead.
• NETWORK_PREFERENCE
• WIFI_ON. Use setWifiEnabled(boolean) instead.

setKeyguardDisabled

boolean setKeyguardDisabled (ComponentName admin, 
                boolean disabled)

Called by a device owner to disable the keyguard altogether.

Setting the keyguard to disabled has the same effect as choosing "None" as the screen lock type. However, this call has no effect if a password, pin or pattern is currently set. If a password, pin or pattern is set after the keyguard was disabled, the keyguard stops being disabled.

setKeyguardDisabledFeatures

void setKeyguardDisabledFeatures (ComponentName admin, 
                int which)

Called by an application that is administering the device to disable keyguard customizations, such as widgets. After setting this, keyguard features will be disabled according to the provided feature list.

The calling device admin must have requested USES_POLICY_DISABLE_KEYGUARD_FEATURES to be able to call this method; if it has not, a security exception will be thrown.

Calling this from a managed profile before version M will throw a security exception. From version M the profile owner of a managed profile can set:

• KEYGUARD_DISABLE_TRUST_AGENTS, which affects the parent user, but only if there is no separate challenge set on the managed profile.
• KEYGUARD_DISABLE_FINGERPRINT which affects the managed profile challenge if there is one, or the parent user otherwise.
• KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS which affects notifications generated by applications in the managed profile.

Requests to disable other features on a managed profile will be ignored.

The admin can check which features have been disabled by calling getKeyguardDisabledFeatures(ComponentName)

setLockTaskPackages

void setLockTaskPackages (ComponentName admin, 
                String[] packages)

Sets which packages may enter lock task mode.

Any packages that shares uid with an allowed package will also be allowed to activate lock task. From M removing packages from the lock task package list results in locked tasks belonging to those packages to be finished. This function can only be called by the device owner.

setLongSupportMessage

void setLongSupportMessage (ComponentName admin, 
                CharSequence message)

Called by a device admin to set the long support message. This will be displayed to the user in the device administators settings screen.

If the long support message needs to be localized, it is the responsibility of the DeviceAdminReceiver to listen to the ACTION_LOCALE_CHANGED broadcast and set a new version of this string accordingly.

setMasterVolumeMuted

void setMasterVolumeMuted (ComponentName admin, 
                boolean on)

Called by profile or device owners to set the master volume mute on or off.

setMaximumFailedPasswordsForWipe

void setMaximumFailedPasswordsForWipe (ComponentName admin, 
                int num)

Setting this to a value greater than zero enables a built-in policy that will perform a device or profile wipe after too many incorrect device-unlock passwords have been entered. This built-in policy combines watching for failed passwords and wiping the device, and requires that you request both USES_POLICY_WATCH_LOGIN and USES_POLICY_WIPE_DATA}.

To implement any other policy (e.g. wiping data for a particular application only, erasing or revoking credentials, or reporting the failure to a server), you should implement onPasswordFailed(Context, android.content.Intent) instead. Do not use this API, because if the maximum count is reached, the device or profile will be wiped immediately, and your callback will not be invoked.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to set a value on the parent profile.

setMaximumTimeToLock

void setMaximumTimeToLock (ComponentName admin, 
                long timeMs)

Called by an application that is administering the device to set the maximum time for user activity until the device will lock. This limits the length that the user can set. It takes effect immediately.

The calling device admin must have requested USES_POLICY_FORCE_LOCK to be able to call this method; if it has not, a security exception will be thrown.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to set restrictions on the parent profile.

setOrganizationColor

void setOrganizationColor (ComponentName admin, 
                int color)

Called by a profile owner of a managed profile to set the color used for customization. This color is used as background color of the confirm credentials screen for that user. The default color is teal (#00796B).

The confirm credentials screen can be created using createConfirmDeviceCredentialIntent(CharSequence, CharSequence).

setOrganizationName

void setOrganizationName (ComponentName admin, 
                CharSequence title)

Called by a profile owner of a managed profile to set the name of the organization under management.

If the organization name needs to be localized, it is the responsibility of the DeviceAdminReceiver to listen to the ACTION_LOCALE_CHANGED broadcast and set a new version of this string accordingly.

setPackagesSuspended

String[] setPackagesSuspended (ComponentName admin, 
                String[] packageNames, 
                boolean suspended)

Called by device or profile owners to suspend packages for this user.

A suspended package will not be able to start activities. Its notifications will be hidden, it will not show up in recents, will not be able to show toasts or dialogs or ring the device.

The package must already be installed. If the package is uninstalled while suspended the package will no longer be suspended. The admin can block this by using setUninstallBlocked(ComponentName, String, boolean).

setPasswordExpirationTimeout

void setPasswordExpirationTimeout (ComponentName admin, 
                long timeout)

Called by a device admin to set the password expiration timeout. Calling this method will restart the countdown for password expiration for the given admin, as will changing the device password (for all admins).

The provided timeout is the time delta in ms and will be added to the current time. For example, to have the password expire 5 days from now, timeout would be 5 * 86400 * 1000 = 432000000 ms for timeout.

To disable password expiration, a value of 0 may be used for timeout.

The calling device admin must have requested USES_POLICY_EXPIRE_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

Note that setting the password will automatically reset the expiration time for all active admins. Active admins do not need to explicitly call this method in that case.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to set restrictions on the parent profile.

setPasswordHistoryLength

void setPasswordHistoryLength (ComponentName admin, 
                int length)

Called by an application that is administering the device to set the length of the password history. After setting this, the user will not be able to enter a new password that is the same as any password in the history. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD or ACTION_SET_NEW_PARENT_PROFILE_PASSWORD after setting this value. This constraint is only imposed if the administrator has also requested either PASSWORD_QUALITY_NUMERIC , PASSWORD_QUALITY_NUMERIC_COMPLEX PASSWORD_QUALITY_ALPHABETIC, or PASSWORD_QUALITY_ALPHANUMERIC with setPasswordQuality(ComponentName, int).

The calling device admin must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to set restrictions on the parent profile.

setPasswordMinimumLength

void setPasswordMinimumLength (ComponentName admin, 
                int length)

Called by an application that is administering the device to set the minimum allowed password length. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD or ACTION_SET_NEW_PARENT_PROFILE_PASSWORD after setting this value. This constraint is only imposed if the administrator has also requested either PASSWORD_QUALITY_NUMERIC , PASSWORD_QUALITY_NUMERIC_COMPLEX, PASSWORD_QUALITY_ALPHABETIC, PASSWORD_QUALITY_ALPHANUMERIC, or PASSWORD_QUALITY_COMPLEX with setPasswordQuality(ComponentName, int).