DevicePolicyManager

ACTION_ADD_DEVICE_ADMIN

public static final String ACTION_ADD_DEVICE_ADMIN

Activity action: ask the user to add a new device administrator to the system. The desired policy is the ComponentName of the policy in the EXTRA_DEVICE_ADMIN extra field. This will invoke a UI to bring the user through adding the device administrator to the system (or allowing them to reject it).

You can optionally include the EXTRA_ADD_EXPLANATION field to provide the user with additional explanation (in addition to your component's description) about what is being added.

If your administrator is already active, this will ordinarily return immediately (without user intervention). However, if your administrator has been updated and is requesting additional uses-policy flags, the user will be presented with the new list. New policies will not be available to the updated administrator until the user has accepted the new list.

Constant Value: "android.app.action.ADD_DEVICE_ADMIN"

ACTION_APPLICATION_DELEGATION_SCOPES_CHANGED

public static final String ACTION_APPLICATION_DELEGATION_SCOPES_CHANGED

Broadcast Action: Sent after application delegation scopes are changed. The new delegation scopes will be sent in an ArrayList<String> extra identified by the EXTRA_DELEGATION_SCOPES key.

Note: This is a protected intent that can only be sent by the system.

Constant Value: "android.app.action.APPLICATION_DELEGATION_SCOPES_CHANGED"

ACTION_DEVICE_ADMIN_SERVICE

public static final String ACTION_DEVICE_ADMIN_SERVICE

Service action: Action for a service that device owner and profile owner can optionally own. If a device owner or a profile owner has such a service, the system tries to keep a bound connection to it, in order to keep their process always running. The service must be protected with the Manifest.permission.BIND_DEVICE_ADMIN permission.

Constant Value: "android.app.action.DEVICE_ADMIN_SERVICE"

ACTION_DEVICE_OWNER_CHANGED

public static final String ACTION_DEVICE_OWNER_CHANGED

Broadcast action: sent when the device owner is set, changed or cleared. This broadcast is sent only to the primary user.

Constant Value: "android.app.action.DEVICE_OWNER_CHANGED"

ACTION_MANAGED_PROFILE_PROVISIONED

public static final String ACTION_MANAGED_PROFILE_PROVISIONED

Broadcast Action: This broadcast is sent to indicate that provisioning of a managed profile has completed successfully.

The broadcast is limited to the primary profile, to the app specified in the provisioning intent with action ACTION_PROVISION_MANAGED_PROFILE.

This intent will contain the following extras

• Intent.EXTRA_USER, corresponds to the UserHandle of the managed profile.
• EXTRA_PROVISIONING_ACCOUNT_TO_MIGRATE, corresponds to the account requested to be migrated at provisioning time, if any.

Constant Value: "android.app.action.MANAGED_PROFILE_PROVISIONED"

ACTION_PROFILE_OWNER_CHANGED

public static final String ACTION_PROFILE_OWNER_CHANGED

Broadcast action: sent when the profile owner is set, changed or cleared. This broadcast is sent only to the user managed by the new profile owner.

Constant Value: "android.app.action.PROFILE_OWNER_CHANGED"

ACTION_PROVISIONING_SUCCESSFUL

public static final String ACTION_PROVISIONING_SUCCESSFUL

Activity action: This activity action is sent to indicate that provisioning of a managed profile or managed device has completed successfully. It'll be sent at the same time as DeviceAdminReceiver.ACTION_PROFILE_PROVISIONING_COMPLETE broadcast but this will be delivered faster as it's an activity intent.

The intent is only sent to the new device or profile owner.

Constant Value: "android.app.action.PROVISIONING_SUCCESSFUL"

ACTION_PROVISION_MANAGED_DEVICE

public static final String ACTION_PROVISION_MANAGED_DEVICE

Activity action: Starts the provisioning flow which sets up a managed device. Must be started with Activity.startActivityForResult(Intent, int).

During device owner provisioning a device admin app is set as the owner of the device. A device owner has full control over the device. The device owner can not be modified by the user.

A typical use case would be a device that is owned by a company, but used by either an employee or client.

An intent with this action can be sent only on an unprovisioned device. It is possible to check if provisioning is allowed or not by querying the method isProvisioningAllowed(String).

The intent contains the following extras:

• EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME
• EXTRA_PROVISIONING_SKIP_ENCRYPTION, optional
• EXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED, optional
• EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE, optional
• EXTRA_PROVISIONING_LOGO_URI, optional
• EXTRA_PROVISIONING_MAIN_COLOR, optional
• EXTRA_PROVISIONING_DISCLAIMERS, optional

When device owner provisioning has completed, an intent of the type DeviceAdminReceiver.ACTION_PROFILE_PROVISIONING_COMPLETE is broadcast to the device owner.

From version Build.VERSION_CODES.O, when device owner provisioning has completed, along with the above broadcast, activity intent ACTION_PROVISIONING_SUCCESSFUL will also be sent to the device owner.

If provisioning fails, the device is factory reset.

A result code of Activity.RESULT_OK implies that the synchronous part of the provisioning flow was successful, although this doesn't guarantee the full flow will succeed. Conversely a result code of Activity.RESULT_CANCELED implies that the user backed-out of provisioning, or some precondition for provisioning wasn't met.

Constant Value: "android.app.action.PROVISION_MANAGED_DEVICE"

ACTION_PROVISION_MANAGED_PROFILE

public static final String ACTION_PROVISION_MANAGED_PROFILE

Activity action: Starts the provisioning flow which sets up a managed profile.

A managed profile allows data separation for example for the usage of a device as a personal and corporate device. The user which provisioning is started from and the managed profile share a launcher.

This intent will typically be sent by a mobile device management application (MDM). Provisioning adds a managed profile and sets the MDM as the profile owner who has full control over the profile.

It is possible to check if provisioning is allowed or not by querying the method isProvisioningAllowed(String).

In version Build.VERSION_CODES.LOLLIPOP, this intent must contain the extra EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME. As of Build.VERSION_CODES.M, it should contain the extra EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME instead, although specifying only EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME is still supported.

The intent may also contain the following extras:

• EXTRA_PROVISIONING_ACCOUNT_TO_MIGRATE, optional
• EXTRA_PROVISIONING_SKIP_ENCRYPTION, optional, supported from Build.VERSION_CODES.N
• EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE, optional
• EXTRA_PROVISIONING_LOGO_URI, optional
• EXTRA_PROVISIONING_MAIN_COLOR, optional
• EXTRA_PROVISIONING_SKIP_USER_CONSENT, optional
• EXTRA_PROVISIONING_KEEP_ACCOUNT_ON_MIGRATION, optional
• EXTRA_PROVISIONING_DISCLAIMERS, optional

When managed provisioning has completed, broadcasts are sent to the application specified in the provisioning intent. The DeviceAdminReceiver.ACTION_PROFILE_PROVISIONING_COMPLETE broadcast is sent in the managed profile and the ACTION_MANAGED_PROFILE_PROVISIONED broadcast is sent in the primary profile.

From version Build.VERSION_CODES.O, when managed provisioning has completed, along with the above broadcast, activity intent ACTION_PROVISIONING_SUCCESSFUL will also be sent to the profile owner.

If provisioning fails, the managedProfile is removed so the device returns to its previous state.

If launched with Activity.startActivityForResult(Intent, int) a result code of Activity.RESULT_OK implies that the synchronous part of the provisioning flow was successful, although this doesn't guarantee the full flow will succeed. Conversely a result code of Activity.RESULT_CANCELED implies that the user backed-out of provisioning, or some precondition for provisioning wasn't met.

Constant Value: "android.app.action.PROVISION_MANAGED_PROFILE"

ACTION_SET_NEW_PARENT_PROFILE_PASSWORD

public static final String ACTION_SET_NEW_PARENT_PROFILE_PASSWORD

Activity action: have the user enter a new password for the parent profile. If the intent is launched from within a managed profile, this will trigger entering a new password for the parent of the profile. In all other cases the behaviour is identical to ACTION_SET_NEW_PASSWORD.

Constant Value: "android.app.action.SET_NEW_PARENT_PROFILE_PASSWORD"

ACTION_SET_NEW_PASSWORD

public static final String ACTION_SET_NEW_PASSWORD

Activity action: have the user enter a new password. This activity should be launched after using setPasswordQuality(ComponentName, int), or setPasswordMinimumLength(ComponentName, int) to have the user enter a new password that meets the current requirements. You can use isActivePasswordSufficient() to determine whether you need to have the user select a new password in order to meet the current constraints. Upon being resumed from this activity, you can check the new password characteristics to see if they are sufficient. If the intent is launched from within a managed profile with a profile owner built against Build.VERSION_CODES.M or before, this will trigger entering a new password for the parent of the profile. For all other cases it will trigger entering a new password for the user or profile it is launched from.

Constant Value: "android.app.action.SET_NEW_PASSWORD"

ACTION_START_ENCRYPTION

public static final String ACTION_START_ENCRYPTION

Activity action: begin the process of encrypting data on the device. This activity should be launched after using setStorageEncryption(ComponentName, boolean) to request encryption be activated. After resuming from this activity, use getStorageEncryption(ComponentName) to check encryption status. However, on some devices this activity may never return, as it may trigger a reboot and in some cases a complete data wipe of the device.

Constant Value: "android.app.action.START_ENCRYPTION"

ACTION_SYSTEM_UPDATE_POLICY_CHANGED

public static final String ACTION_SYSTEM_UPDATE_POLICY_CHANGED

Broadcast action: notify that a new local system update policy has been set by the device owner. The new policy can be retrieved by getSystemUpdatePolicy().

Constant Value: "android.app.action.SYSTEM_UPDATE_POLICY_CHANGED"

DELEGATION_APP_RESTRICTIONS

public static final String DELEGATION_APP_RESTRICTIONS

Delegation of application restrictions management. This scope grants access to the setApplicationRestrictions(ComponentName, String, Bundle) and getApplicationRestrictions(ComponentName, String) APIs.

Constant Value: "delegation-app-restrictions"

DELEGATION_BLOCK_UNINSTALL

public static final String DELEGATION_BLOCK_UNINSTALL

Delegation of application uninstall block. This scope grants access to the setUninstallBlocked(ComponentName, String, boolean) API.

Constant Value: "delegation-block-uninstall"

DELEGATION_CERT_INSTALL

public static final String DELEGATION_CERT_INSTALL

Delegation of certificate installation and management. This scope grants access to the getInstalledCaCerts(ComponentName), hasCaCertInstalled(ComponentName, byte[]), installCaCert(ComponentName, byte[]), uninstallCaCert(ComponentName, byte[]), uninstallAllUserCaCerts(ComponentName) and installKeyPair(ComponentName, PrivateKey, Certificate, String) APIs.

Constant Value: "delegation-cert-install"

DELEGATION_ENABLE_SYSTEM_APP

public static final String DELEGATION_ENABLE_SYSTEM_APP

Delegation for enabling system apps. This scope grants access to the enableSystemApp(ComponentName, Intent) API.

Constant Value: "delegation-enable-system-app"

DELEGATION_INSTALL_EXISTING_PACKAGE

public static final String DELEGATION_INSTALL_EXISTING_PACKAGE

Delegation for installing existing packages. This scope grants access to the installExistingPackage(ComponentName, String) API.

Constant Value: "delegation-install-existing-package"

DELEGATION_KEEP_UNINSTALLED_PACKAGES

public static final String DELEGATION_KEEP_UNINSTALLED_PACKAGES

Delegation of management of uninstalled packages. This scope grants access to the #setKeepUninstalledPackages and #getKeepUninstalledPackages APIs.

Constant Value: "delegation-keep-uninstalled-packages"

DELEGATION_PACKAGE_ACCESS

public static final String DELEGATION_PACKAGE_ACCESS

Delegation of package access state. This scope grants access to the isApplicationHidden(ComponentName, String), setApplicationHidden(ComponentName, String, boolean), isPackageSuspended(ComponentName, String), and setPackagesSuspended(ComponentName, String[], boolean) APIs.

Constant Value: "delegation-package-access"

DELEGATION_PERMISSION_GRANT

public static final String DELEGATION_PERMISSION_GRANT

Delegation of permission policy and permission grant state. This scope grants access to the setPermissionPolicy(ComponentName, int), getPermissionGrantState(ComponentName, String, String), and setPermissionGrantState(ComponentName, String, String, int) APIs.

Constant Value: "delegation-permission-grant"

ENCRYPTION_STATUS_ACTIVATING

public static final int ENCRYPTION_STATUS_ACTIVATING

Result code for getStorageEncryptionStatus(): indicating that encryption is not currently active, but is currently being activated. This is only reported by devices that support encryption of data and only when the storage is currently undergoing a process of becoming encrypted. A device that must reboot and/or wipe data to become encrypted will never return this value.

Constant Value: 2 (0x00000002)

ENCRYPTION_STATUS_ACTIVE

public static final int ENCRYPTION_STATUS_ACTIVE

Result code for setStorageEncryption(ComponentName, boolean) and getStorageEncryptionStatus(): indicating that encryption is active.

Also see ENCRYPTION_STATUS_ACTIVE_PER_USER.

Constant Value: 3 (0x00000003)

ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY

public static final int ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY

Result code for getStorageEncryptionStatus(): indicating that encryption is active, but an encryption key has not been set by the user.

Constant Value: 4 (0x00000004)

ENCRYPTION_STATUS_ACTIVE_PER_USER

public static final int ENCRYPTION_STATUS_ACTIVE_PER_USER

Result code for getStorageEncryptionStatus(): indicating that encryption is active and the encryption key is tied to the user or profile.

This value is only returned to apps targeting API level 24 and above. For apps targeting earlier API levels, ENCRYPTION_STATUS_ACTIVE is returned, even if the encryption key is specific to the user or profile.

Constant Value: 5 (0x00000005)

ENCRYPTION_STATUS_INACTIVE

public static final int ENCRYPTION_STATUS_INACTIVE

Result code for setStorageEncryption(ComponentName, boolean) and getStorageEncryptionStatus(): indicating that encryption is supported, but is not currently active.

Constant Value: 1 (0x00000001)

ENCRYPTION_STATUS_UNSUPPORTED

public static final int ENCRYPTION_STATUS_UNSUPPORTED

Result code for setStorageEncryption(ComponentName, boolean) and getStorageEncryptionStatus(): indicating that encryption is not supported.

Constant Value: 0 (0x00000000)

EXTRA_ADD_EXPLANATION

public static final String EXTRA_ADD_EXPLANATION

An optional CharSequence providing additional explanation for why the admin is being added.

Constant Value: "android.app.extra.ADD_EXPLANATION"

EXTRA_DELEGATION_SCOPES

public static final String EXTRA_DELEGATION_SCOPES

An ArrayList<String> corresponding to the delegation scopes given to an app in the ACTION_APPLICATION_DELEGATION_SCOPES_CHANGED broadcast.

Constant Value: "android.app.extra.DELEGATION_SCOPES"

EXTRA_DEVICE_ADMIN

public static final String EXTRA_DEVICE_ADMIN

The ComponentName of the administrator component.

Constant Value: "android.app.extra.DEVICE_ADMIN"

EXTRA_PROVISIONING_ACCOUNT_TO_MIGRATE

public static final String EXTRA_PROVISIONING_ACCOUNT_TO_MIGRATE

An Account extra holding the account to migrate during managed profile provisioning. If the account supplied is present in the primary user, it will be copied, along with its credentials to the managed profile and removed from the primary user. Use with ACTION_PROVISION_MANAGED_PROFILE.

Constant Value: "android.app.extra.PROVISIONING_ACCOUNT_TO_MIGRATE"

EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE

public static final String EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE

A Parcelable extra of type PersistableBundle that allows a mobile device management application or NFC programmer application which starts managed provisioning to pass data to the management application instance after provisioning.

If used with ACTION_PROVISION_MANAGED_PROFILE it can be used by the application that sends the intent to pass data to itself on the newly created profile. If used with ACTION_PROVISION_MANAGED_DEVICE it allows passing data to the same instance of the app on the primary user. Starting from Build.VERSION_CODES.M, if used with MIME_TYPE_PROVISIONING_NFC as part of NFC managed device provisioning, the NFC message should contain a stringified Properties instance, whose string properties will be converted into a PersistableBundle and passed to the management application after provisioning.

In both cases the application receives the data in DeviceAdminReceiver.onProfileProvisioningComplete(Context, Intent) via an intent with the action DeviceAdminReceiver.ACTION_PROFILE_PROVISIONING_COMPLETE. The bundle is not changed during the managed provisioning.

Constant Value: "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE"

EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME

public static final String EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME

A ComponentName extra indicating the device admin receiver of the mobile device management application that will be set as the profile owner or device owner and active admin.

If an application starts provisioning directly via an intent with action ACTION_PROVISION_MANAGED_PROFILE or ACTION_PROVISION_MANAGED_DEVICE the package name of this component has to match the package name of the application that started provisioning.

This component is set as device owner and active admin when device owner provisioning is started by an intent with action ACTION_PROVISION_MANAGED_DEVICE or by an NFC message containing an NFC record with MIME type MIME_TYPE_PROVISIONING_NFC. For the NFC record, the component name must be flattened to a string, via ComponentName.flattenToShortString().

Constant Value: "android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME"

EXTRA_PROVISIONING_DEVICE_ADMIN_MINIMUM_VERSION_CODE

public static final String EXTRA_PROVISIONING_DEVICE_ADMIN_MINIMUM_VERSION_CODE

An int extra holding a minimum required version code for the device admin package. If the device admin is already installed on the device, it will only be re-downloaded from EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION if the version of the installed package is less than this version code.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_DEVICE_ADMIN_MINIMUM_VERSION_CODE"

EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM

public static final String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM

A String extra holding the URL-safe base64 encoded SHA-256 or SHA-1 hash (see notes below) of the file at download location specified in EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION.

Either this extra or EXTRA_PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM must be present. The provided checksum must match the checksum of the file at the download location. If the checksum doesn't match an error will be shown to the user and the user will be asked to factory reset the device.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Note: for devices running Build.VERSION_CODES.LOLLIPOP and Build.VERSION_CODES.LOLLIPOP_MR1 only SHA-1 hash is supported. Starting from Build.VERSION_CODES.M, this parameter accepts SHA-256 in addition to SHA-1. Support for SHA-1 is likely to be removed in future OS releases.

Constant Value: "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM"

EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_COOKIE_HEADER

public static final String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_COOKIE_HEADER

A String extra holding a http cookie header which should be used in the http request to the url specified in EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_COOKIE_HEADER"

EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION

public static final String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION

A String extra holding a url that specifies the download location of the device admin package. When not provided it is assumed that the device admin package is already installed.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION"

EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME

public static final String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME

This constant was deprecated in API level 23.
Use EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME. This extra is still supported, but only if there is only one device admin receiver in the package that requires the permission Manifest.permission.BIND_DEVICE_ADMIN.

A String extra holding the package name of the mobile device management application that will be set as the profile owner or device owner.

If an application starts provisioning directly via an intent with action ACTION_PROVISION_MANAGED_PROFILE this package has to match the package name of the application that started provisioning. The package will be set as profile owner in that case.

This package is set as device owner when device owner provisioning is started by an NFC message containing an NFC record with MIME type MIME_TYPE_PROVISIONING_NFC.

When this extra is set, the application must have exactly one device admin receiver. This receiver will be set as the profile or device owner and active admin.

Constant Value: "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME"

EXTRA_PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM

public static final String EXTRA_PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM

A String extra holding the URL-safe base64 encoded SHA-256 checksum of any signature of the android package archive at the download location specified in EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION.

The signatures of an android package archive can be obtained using PackageManager.getPackageArchiveInfo(String, int) with flag PackageManager.GET_SIGNATURES.

Either this extra or EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM must be present. The provided checksum must match the checksum of any signature of the file at the download location. If the checksum does not match an error will be shown to the user and the user will be asked to factory reset the device.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM"

EXTRA_PROVISIONING_DISCLAIMERS

public static final String EXTRA_PROVISIONING_DISCLAIMERS

A Bundle[] extra consisting of list of disclaimer headers and disclaimer contents. Each Bundle must have both EXTRA_PROVISIONING_DISCLAIMER_HEADER as disclaimer header, and EXTRA_PROVISIONING_DISCLAIMER_CONTENT as disclaimer content.

The extra typically contains one disclaimer from the company of mobile device management application (MDM), and one disclaimer from the organization.

Call Bundle.putParcelableArray(String, Parcelable[]) to put the Bundle[]

Maximum 3 key-value pairs can be specified. The rest will be ignored.

Use in an intent with action ACTION_PROVISION_MANAGED_PROFILE or ACTION_PROVISION_MANAGED_DEVICE

Constant Value: "android.app.extra.PROVISIONING_DISCLAIMERS"

EXTRA_PROVISIONING_DISCLAIMER_CONTENT

public static final String EXTRA_PROVISIONING_DISCLAIMER_CONTENT

A Uri extra pointing to disclaimer content.

The following URI schemes are accepted:

• content (ContentResolver.SCHEME_CONTENT)
• android.resource (ContentResolver.SCHEME_ANDROID_RESOURCE)

Styled text is supported in the disclaimer content. The content is parsed by Html.fromHtml(String) and displayed in a TextView.

If a content: URI is passed, URI is passed, the intent should have the flag Intent.FLAG_GRANT_READ_URI_PERMISSION and the uri should be added to the ClipData of the intent too.

Use in Bundle EXTRA_PROVISIONING_DISCLAIMERS

System app, i.e. application with ApplicationInfo.FLAG_SYSTEM, can also insert a disclaimer by declaring an application-level meta-data in AndroidManifest.xml. Must use it with EXTRA_PROVISIONING_DISCLAIMER_HEADER. Here is the example:

  <meta-data
      android:name="android.app.extra.PROVISIONING_DISCLAIMER_CONTENT"
      android:resource="@string/disclaimer_content"
 />

Constant Value: "android.app.extra.PROVISIONING_DISCLAIMER_CONTENT"

EXTRA_PROVISIONING_DISCLAIMER_HEADER

public static final String EXTRA_PROVISIONING_DISCLAIMER_HEADER

A String extra of localized disclaimer header.

The extra is typically the company name of mobile device management application (MDM) or the organization name.

Use in Bundle EXTRA_PROVISIONING_DISCLAIMERS

System app, i.e. application with ApplicationInfo.FLAG_SYSTEM, can also insert a disclaimer by declaring an application-level meta-data in AndroidManifest.xml. Must use it with EXTRA_PROVISIONING_DISCLAIMER_CONTENT. Here is the example:

  <meta-data
      android:name="android.app.extra.PROVISIONING_DISCLAIMER_HEADER"
      android:resource="@string/disclaimer_header"
 />

Constant Value: "android.app.extra.PROVISIONING_DISCLAIMER_HEADER"

EXTRA_PROVISIONING_EMAIL_ADDRESS

public static final String EXTRA_PROVISIONING_EMAIL_ADDRESS

This constant was deprecated in API level 26.
From Build.VERSION_CODES.O, never used while provisioning the device.

Constant Value: "android.app.extra.PROVISIONING_EMAIL_ADDRESS"

EXTRA_PROVISIONING_KEEP_ACCOUNT_ON_MIGRATION

public static final String EXTRA_PROVISIONING_KEEP_ACCOUNT_ON_MIGRATION

Boolean extra to indicate that the migrated account should be kept. This is used in conjunction with EXTRA_PROVISIONING_ACCOUNT_TO_MIGRATE. If it's set to true, the account will not be removed from the primary user after it is migrated to the newly created user or profile.

Defaults to false

Use with ACTION_PROVISION_MANAGED_PROFILE and EXTRA_PROVISIONING_ACCOUNT_TO_MIGRATE

Constant Value: "android.app.extra.PROVISIONING_KEEP_ACCOUNT_ON_MIGRATION"

EXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED

public static final String EXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED

A Boolean extra that can be used by the mobile device management application to skip the disabling of system apps during provisioning when set to true.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC or an intent with action ACTION_PROVISION_MANAGED_DEVICE that starts device owner provisioning.

Constant Value: "android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED"

EXTRA_PROVISIONING_LOCALE

public static final String EXTRA_PROVISIONING_LOCALE

A String extra holding the Locale that the device will be set to. Format: xx_yy, where xx is the language code, and yy the country code.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_LOCALE"

EXTRA_PROVISIONING_LOCAL_TIME

public static final String EXTRA_PROVISIONING_LOCAL_TIME

A Long extra holding the wall clock time (in milliseconds) to be set on the device's AlarmManager.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_LOCAL_TIME"

EXTRA_PROVISIONING_LOGO_URI

public static final String EXTRA_PROVISIONING_LOGO_URI

A Uri extra pointing to a logo image. This image will be shown during the provisioning. If this extra is not passed, a default image will be shown.

The following URI schemes are accepted:

• content (ContentResolver.SCHEME_CONTENT)
• android.resource (ContentResolver.SCHEME_ANDROID_RESOURCE)

It is the responsibility of the caller to provide an image with a reasonable pixel density for the device.

If a content: URI is passed, the intent should have the flag Intent.FLAG_GRANT_READ_URI_PERMISSION and the uri should be added to the ClipData of the intent too.

Use in an intent with action ACTION_PROVISION_MANAGED_PROFILE or ACTION_PROVISION_MANAGED_DEVICE

Constant Value: "android.app.extra.PROVISIONING_LOGO_URI"

EXTRA_PROVISIONING_MAIN_COLOR

public static final String EXTRA_PROVISIONING_MAIN_COLOR

A integer extra indicating the predominant color to show during the provisioning. Refer to Color for how the color is represented.

Use with ACTION_PROVISION_MANAGED_PROFILE or ACTION_PROVISION_MANAGED_DEVICE.

Constant Value: "android.app.extra.PROVISIONING_MAIN_COLOR"

EXTRA_PROVISIONING_SKIP_ENCRYPTION

public static final String EXTRA_PROVISIONING_SKIP_ENCRYPTION

A boolean extra indicating whether device encryption can be skipped as part of device owner or managed profile provisioning.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC or an intent with action ACTION_PROVISION_MANAGED_DEVICE that starts device owner provisioning.

From Build.VERSION_CODES.N onwards, this is also supported for an intent with action ACTION_PROVISION_MANAGED_PROFILE.

Constant Value: "android.app.extra.PROVISIONING_SKIP_ENCRYPTION"

EXTRA_PROVISIONING_SKIP_USER_CONSENT

public static final String EXTRA_PROVISIONING_SKIP_USER_CONSENT

A boolean extra indicating if the user consent steps from the provisioning flow should be skipped. If unspecified, defaults to false. It can only be used by an existing device owner trying to create a managed profile via ACTION_PROVISION_MANAGED_PROFILE. Otherwise it is ignored.

Constant Value: "android.app.extra.PROVISIONING_SKIP_USER_CONSENT"

EXTRA_PROVISIONING_TIME_ZONE

public static final String EXTRA_PROVISIONING_TIME_ZONE

A String extra holding the time zone AlarmManager that the device will be set to.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_TIME_ZONE"

EXTRA_PROVISIONING_WIFI_HIDDEN

public static final String EXTRA_PROVISIONING_WIFI_HIDDEN

A boolean extra indicating whether the wifi network in EXTRA_PROVISIONING_WIFI_SSID is hidden or not.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_WIFI_HIDDEN"

EXTRA_PROVISIONING_WIFI_PAC_URL

public static final String EXTRA_PROVISIONING_WIFI_PAC_URL

A String extra holding the proxy auto-config (PAC) URL for the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_WIFI_PAC_URL"

EXTRA_PROVISIONING_WIFI_PASSWORD

public static final String EXTRA_PROVISIONING_WIFI_PASSWORD

A String extra holding the password of the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_WIFI_PASSWORD"

EXTRA_PROVISIONING_WIFI_PROXY_BYPASS

public static final String EXTRA_PROVISIONING_WIFI_PROXY_BYPASS

A String extra holding the proxy bypass for the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_WIFI_PROXY_BYPASS"

EXTRA_PROVISIONING_WIFI_PROXY_HOST

public static final String EXTRA_PROVISIONING_WIFI_PROXY_HOST

A String extra holding the proxy host for the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_WIFI_PROXY_HOST"

EXTRA_PROVISIONING_WIFI_PROXY_PORT

public static final String EXTRA_PROVISIONING_WIFI_PROXY_PORT

An int extra holding the proxy port for the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_WIFI_PROXY_PORT"

EXTRA_PROVISIONING_WIFI_SECURITY_TYPE

public static final String EXTRA_PROVISIONING_WIFI_SECURITY_TYPE

A String extra indicating the security type of the wifi network in EXTRA_PROVISIONING_WIFI_SSID and could be one of NONE, WPA or WEP.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_WIFI_SECURITY_TYPE"

EXTRA_PROVISIONING_WIFI_SSID

public static final String EXTRA_PROVISIONING_WIFI_SSID

A String extra holding the ssid of the wifi network that should be used during nfc device owner provisioning for downloading the mobile device management application.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_WIFI_SSID"

FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY

public static final int FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY

Flag for lockNow(int): also evict the user's credential encryption key from the keyring. The user's credential will need to be entered again in order to derive the credential encryption key that will be stored back in the keyring for future use.

This flag can only be used by a profile owner when locking a managed profile when getStorageEncryptionStatus() returns ENCRYPTION_STATUS_ACTIVE_PER_USER.

In order to secure user data, the user will be stopped and restarted so apps should wait until they are next run to perform further actions.

Constant Value: 1 (0x00000001)

FLAG_MANAGED_CAN_ACCESS_PARENT

public static final int FLAG_MANAGED_CAN_ACCESS_PARENT

Flag used by addCrossProfileIntentFilter(ComponentName, IntentFilter, int) to allow activities in the managed profile to access intents sent from the parent profile. That is, when an app in the parent profile calls Activity.startActivity(Intent), the intent can be resolved by a matching activity in the managed profile.

Constant Value: 2 (0x00000002)

FLAG_PARENT_CAN_ACCESS_MANAGED

public static final int FLAG_PARENT_CAN_ACCESS_MANAGED

Flag used by addCrossProfileIntentFilter(ComponentName, IntentFilter, int) to allow activities in the parent profile to access intents sent from the managed profile. That is, when an app in the managed profile calls Activity.startActivity(Intent), the intent can be resolved by a matching activity in the parent profile.

Constant Value: 1 (0x00000001)

ID_TYPE_BASE_INFO

public static final int ID_TYPE_BASE_INFO

Specifies that the device should attest its manufacturer details. For use with generateKeyPair(ComponentName, String, KeyGenParameterSpec, int).

Constant Value: 1 (0x00000001)

ID_TYPE_IMEI

public static final int ID_TYPE_IMEI

Specifies that the device should attest its IMEI. For use with generateKeyPair(ComponentName, String, KeyGenParameterSpec, int).

Constant Value: 4 (0x00000004)

ID_TYPE_MEID

public static final int ID_TYPE_MEID

Specifies that the device should attest its MEID. For use with generateKeyPair(ComponentName, String, KeyGenParameterSpec, int).

Constant Value: 8 (0x00000008)

ID_TYPE_SERIAL

public static final int ID_TYPE_SERIAL

Specifies that the device should attest its serial number. For use with generateKeyPair(ComponentName, String, KeyGenParameterSpec, int).

Constant Value: 2 (0x00000002)

INSTALLKEY_REQUEST_CREDENTIALS_ACCESS

public static final int INSTALLKEY_REQUEST_CREDENTIALS_ACCESS

Specifies that the calling app should be granted access to the installed credentials immediately. Otherwise, access to the credentials will be gated by user approval. For use with installKeyPair(ComponentName, PrivateKey, Certificate[], String, int)

Constant Value: 1 (0x00000001)

INSTALLKEY_SET_USER_SELECTABLE

public static final int INSTALLKEY_SET_USER_SELECTABLE

Specifies that a user can select the key via the Certificate Selection prompt. If this flag is not set when calling installKeyPair(ComponentName, PrivateKey, Certificate, String), the key can only be granted access by implementing DeviceAdminReceiver.onChoosePrivateKeyAlias(Context, Intent, int, Uri, String). For use with installKeyPair(ComponentName, PrivateKey, Certificate[], String, int)

Constant Value: 2 (0x00000002)

KEYGUARD_DISABLE_BIOMETRICS

public static final int KEYGUARD_DISABLE_BIOMETRICS

Disable all biometric authentication on keyguard secure screens (e.g. PIN/Pattern/Password).

Constant Value: 416 (0x000001a0)

KEYGUARD_DISABLE_FACE

public static final int KEYGUARD_DISABLE_FACE

Disable face authentication on keyguard secure screens (e.g. PIN/Pattern/Password).

Constant Value: 128 (0x00000080)

KEYGUARD_DISABLE_FEATURES_ALL

public static final int KEYGUARD_DISABLE_FEATURES_ALL

Disable all current and future keyguard customizations.

Constant Value: 2147483647 (0x7fffffff)

KEYGUARD_DISABLE_FEATURES_NONE

public static final int KEYGUARD_DISABLE_FEATURES_NONE

Widgets are enabled in keyguard

Constant Value: 0 (0x00000000)

KEYGUARD_DISABLE_FINGERPRINT

public static final int KEYGUARD_DISABLE_FINGERPRINT

Disable fingerprint authentication on keyguard secure screens (e.g. PIN/Pattern/Password).

Constant Value: 32 (0x00000020)

KEYGUARD_DISABLE_IRIS

public static final int KEYGUARD_DISABLE_IRIS

Disable iris authentication on keyguard secure screens (e.g. PIN/Pattern/Password).

Constant Value: 256 (0x00000100)

KEYGUARD_DISABLE_REMOTE_INPUT

public static final int KEYGUARD_DISABLE_REMOTE_INPUT

Disable text entry into notifications on secure keyguard screens (e.g. PIN/Pattern/Password).

Constant Value: 64 (0x00000040)

KEYGUARD_DISABLE_SECURE_CAMERA

public static final int KEYGUARD_DISABLE_SECURE_CAMERA

Disable the camera on secure keyguard screens (e.g. PIN/Pattern/Password)

Constant Value: 2 (0x00000002)

KEYGUARD_DISABLE_SECURE_NOTIFICATIONS

public static final int KEYGUARD_DISABLE_SECURE_NOTIFICATIONS

Disable showing all notifications on secure keyguard screens (e.g. PIN/Pattern/Password)

Constant Value: 4 (0x00000004)

KEYGUARD_DISABLE_TRUST_AGENTS

public static final int KEYGUARD_DISABLE_TRUST_AGENTS

Disable trust agents on secure keyguard screens (e.g. PIN/Pattern/Password). By setting this flag alone, all trust agents are disabled. If the admin then wants to whitelist specific features of some trust agent, setTrustAgentConfiguration(ComponentName, ComponentName, PersistableBundle) can be used in conjuction to set trust-agent-specific configurations.

Constant Value: 16 (0x00000010)

KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS

public static final int KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS

Only allow redacted notifications on secure keyguard screens (e.g. PIN/Pattern/Password)

Constant Value: 8 (0x00000008)

KEYGUARD_DISABLE_WIDGETS_ALL

public static final int KEYGUARD_DISABLE_WIDGETS_ALL

Disable all keyguard widgets. Has no effect starting from Build.VERSION_CODES.LOLLIPOP since keyguard widget is only supported on Android versions lower than 5.0.

Constant Value: 1 (0x00000001)

LEAVE_ALL_SYSTEM_APPS_ENABLED

public static final int LEAVE_ALL_SYSTEM_APPS_ENABLED

Flag used by createAndManageUser(ComponentName, String, ComponentName, PersistableBundle, int) to specify that the newly created user should skip the disabling of system apps during provisioning.

Constant Value: 16 (0x00000010)

LOCK_TASK_FEATURE_GLOBAL_ACTIONS

public static final int LOCK_TASK_FEATURE_GLOBAL_ACTIONS

Enable the global actions dialog during LockTask mode. This is the dialog that shows up when the user long-presses the power button, for example. Note that the user may not be able to power off the device if this flag is not set.

This flag is enabled by default until setLockTaskFeatures(ComponentName, int) is called for the first time.

Constant Value: 16 (0x00000010)

LOCK_TASK_FEATURE_HOME

public static final int LOCK_TASK_FEATURE_HOME

Enable the Home button during LockTask mode. Note that if a custom launcher is used, it has to be registered as the default launcher with addPersistentPreferredActivity(ComponentName, IntentFilter, ComponentName), and its package needs to be whitelisted for LockTask with setLockTaskPackages(ComponentName, String[]).

Constant Value: 4 (0x00000004)

LOCK_TASK_FEATURE_KEYGUARD

public static final int LOCK_TASK_FEATURE_KEYGUARD

Enable the keyguard during LockTask mode. Note that if the keyguard is already disabled with setKeyguardDisabled(ComponentName, boolean), setting this flag will have no effect. If this flag is not set, the keyguard will not be shown even if the user has a lock screen credential.

Constant Value: 32 (0x00000020)

LOCK_TASK_FEATURE_NONE

public static final int LOCK_TASK_FEATURE_NONE

Disable all configurable SystemUI features during LockTask mode. This includes,

• system info area in the status bar (connectivity icons, clock, etc.)
• notifications (including alerts, icons, and the notification shade)
• Home button
• Recents button and UI
• global actions menu (i.e. power button menu)
• keyguard

Constant Value: 0 (0x00000000)

LOCK_TASK_FEATURE_NOTIFICATIONS

public static final int LOCK_TASK_FEATURE_NOTIFICATIONS

Enable notifications during LockTask mode. This includes notification icons on the status bar, heads-up notifications, and the expandable notification shade. Note that the Quick Settings panel remains disabled. This feature flag can only be used in combination with LOCK_TASK_FEATURE_HOME. setLockTaskFeatures(ComponentName, int) throws an IllegalArgumentException if this feature flag is defined without LOCK_TASK_FEATURE_HOME.

Constant Value: 2 (0x00000002)

LOCK_TASK_FEATURE_OVERVIEW

public static final int LOCK_TASK_FEATURE_OVERVIEW

Enable the Overview button and the Overview screen during LockTask mode. This feature flag can only be used in combination with LOCK_TASK_FEATURE_HOME, and setLockTaskFeatures(ComponentName, int) will throw an IllegalArgumentException if this feature flag is defined without LOCK_TASK_FEATURE_HOME.

Constant Value: 8 (0x00000008)

LOCK_TASK_FEATURE_SYSTEM_INFO

public static final int LOCK_TASK_FEATURE_SYSTEM_INFO

Enable the system info area in the status bar during LockTask mode. The system info area usually occupies the right side of the status bar (although this can differ across OEMs). It includes all system information indicators, such as date and time, connectivity, battery, vibration mode, etc.

Constant Value: 1 (0x00000001)

MAKE_USER_EPHEMERAL

public static final int MAKE_USER_EPHEMERAL

Flag used by createAndManageUser(ComponentName, String, ComponentName, PersistableBundle, int) to specify that the user should be created ephemeral. Ephemeral users will be removed after switching to another user or rebooting the device.

Constant Value: 2 (0x00000002)

MIME_TYPE_PROVISIONING_NFC

public static final String MIME_TYPE_PROVISIONING_NFC

This MIME type is used for starting the device owner provisioning.

During device owner provisioning a device admin app is set as the owner of the device. A device owner has full control over the device. The device owner can not be modified by the user and the only way of resetting the device is if the device owner app calls a factory reset.

A typical use case would be a device that is owned by a company, but used by either an employee or client.

The NFC message must be sent to an unprovisioned device.

The NFC record must contain a serialized Properties object which contains the following properties:

• EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME
• EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION, optional
• EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_COOKIE_HEADER, optional
• EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM, optional
• EXTRA_PROVISIONING_LOCAL_TIME (convert to String), optional
• EXTRA_PROVISIONING_TIME_ZONE, optional
• EXTRA_PROVISIONING_LOCALE, optional
• EXTRA_PROVISIONING_WIFI_SSID, optional
• EXTRA_PROVISIONING_WIFI_HIDDEN (convert to String), optional
• EXTRA_PROVISIONING_WIFI_SECURITY_TYPE, optional
• EXTRA_PROVISIONING_WIFI_PASSWORD, optional
• EXTRA_PROVISIONING_WIFI_PROXY_HOST, optional
• EXTRA_PROVISIONING_WIFI_PROXY_PORT (convert to String), optional
• EXTRA_PROVISIONING_WIFI_PROXY_BYPASS, optional
• EXTRA_PROVISIONING_WIFI_PAC_URL, optional
• EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE, optional, supported from Build.VERSION_CODES.M

As of Build.VERSION_CODES.M, the properties should contain EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME instead of EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME, (although specifying only EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME is still supported).

Constant Value: "application/com.android.managedprovisioning"

PASSWORD_QUALITY_ALPHABETIC

public static final int PASSWORD_QUALITY_ALPHABETIC

Constant for setPasswordQuality(ComponentName, int): the user must have entered a password containing at least alphabetic (or other symbol) characters. Note that quality constants are ordered so that higher values are more restrictive.

Constant Value: 262144 (0x00040000)

PASSWORD_QUALITY_ALPHANUMERIC

public static final int PASSWORD_QUALITY_ALPHANUMERIC

Constant for setPasswordQuality(ComponentName, int): the user must have entered a password containing at least both> numeric and alphabetic (or other symbol) characters. Note that quality constants are ordered so that higher values are more restrictive.

Constant Value: 327680 (0x00050000)

PASSWORD_QUALITY_BIOMETRIC_WEAK

public static final int PASSWORD_QUALITY_BIOMETRIC_WEAK

Constant for setPasswordQuality(ComponentName, int): the policy allows for low-security biometric recognition technology. This implies technologies that can recognize the identity of an individual to about a 3 digit PIN (false detection is less than 1 in 1,000). Note that quality constants are ordered so that higher values are more restrictive.

Constant Value: 32768 (0x00008000)

PASSWORD_QUALITY_COMPLEX

public static final int PASSWORD_QUALITY_COMPLEX

Constant for setPasswordQuality(ComponentName, int): the user must have entered a password containing at least a letter, a numerical digit and a special symbol, by default. With this password quality, passwords can be restricted to contain various sets of characters, like at least an uppercase letter, etc. These are specified using various methods, like setPasswordMinimumLowerCase(ComponentName, int). Note that quality constants are ordered so that higher values are more restrictive.

Constant Value: 393216 (0x00060000)

PASSWORD_QUALITY_NUMERIC

public static final int PASSWORD_QUALITY_NUMERIC

Constant for setPasswordQuality(ComponentName, int): the user must have entered a password containing at least numeric characters. Note that quality constants are ordered so that higher values are more restrictive.

Constant Value: 131072 (0x00020000)

PASSWORD_QUALITY_NUMERIC_COMPLEX

public static final int PASSWORD_QUALITY_NUMERIC_COMPLEX

Constant for setPasswordQuality(ComponentName, int): the user must have entered a password containing at least numeric characters with no repeating (4444) or ordered (1234, 4321, 2468) sequences. Note that quality constants are ordered so that higher values are more restrictive.

Constant Value: 196608 (0x00030000)

PASSWORD_QUALITY_SOMETHING

public static final int PASSWORD_QUALITY_SOMETHING

Constant for setPasswordQuality(ComponentName, int): the policy requires some kind of password or pattern, but doesn't care what it is. Note that quality constants are ordered so that higher values are more restrictive.

Constant Value: 65536 (0x00010000)

PASSWORD_QUALITY_UNSPECIFIED

public static final int PASSWORD_QUALITY_UNSPECIFIED

Constant for setPasswordQuality(ComponentName, int): the policy has no requirements for the password. Note that quality constants are ordered so that higher values are more restrictive.

Constant Value: 0 (0x00000000)

PERMISSION_GRANT_STATE_DEFAULT

public static final int PERMISSION_GRANT_STATE_DEFAULT

Runtime permission state: The user can manage the permission through the UI.

Constant Value: 0 (0x00000000)

PERMISSION_GRANT_STATE_DENIED

public static final int PERMISSION_GRANT_STATE_DENIED

Runtime permission state: The permission is denied to the app and the user cannot manage the permission through the UI.

Constant Value: 2 (0x00000002)

PERMISSION_GRANT_STATE_GRANTED

public static final int PERMISSION_GRANT_STATE_GRANTED

Runtime permission state: The permission is granted to the app and the user cannot manage the permission through the UI.

Constant Value: 1 (0x00000001)

PERMISSION_POLICY_AUTO_DENY

public static final int PERMISSION_POLICY_AUTO_DENY

Permission policy to always deny new permission requests for runtime permissions. Already granted or denied permissions are not affected by this.

Constant Value: 2 (0x00000002)

PERMISSION_POLICY_AUTO_GRANT

public static final int PERMISSION_POLICY_AUTO_GRANT

Permission policy to always grant new permission requests for runtime permissions. Already granted or denied permissions are not affected by this.

Constant Value: 1 (0x00000001)

PERMISSION_POLICY_PROMPT

public static final int PERMISSION_POLICY_PROMPT

Permission policy to prompt user for new permission requests for runtime permissions. Already granted or denied permissions are not affected by this.

Constant Value: 0 (0x00000000)

POLICY_DISABLE_CAMERA

public static final String POLICY_DISABLE_CAMERA

Constant to indicate the feature of disabling the camera. Used as argument to createAdminSupportIntent(String).

Constant Value: "policy_disable_camera"

POLICY_DISABLE_SCREEN_CAPTURE

public static final String POLICY_DISABLE_SCREEN_CAPTURE

Constant to indicate the feature of disabling screen captures. Used as argument to createAdminSupportIntent(String).

Constant Value: "policy_disable_screen_capture"

RESET_PASSWORD_DO_NOT_ASK_CREDENTIALS_ON_BOOT

public static final int RESET_PASSWORD_DO_NOT_ASK_CREDENTIALS_ON_BOOT

Flag for resetPasswordWithToken(ComponentName, String, byte[], int) and resetPassword(String, int): don't ask for user credentials on device boot. If the flag is set, the device can be booted without asking for user password. The absence of this flag does not change the current boot requirements. This flag can be set by the device owner only. If the app is not the device owner, the flag is ignored. Once the flag is set, it cannot be reverted back without resetting the device to factory defaults.

Constant Value: 2 (0x00000002)

RESET_PASSWORD_REQUIRE_ENTRY

public static final int RESET_PASSWORD_REQUIRE_ENTRY

Flag for resetPasswordWithToken(ComponentName, String, byte[], int) and resetPassword(String, int): don't allow other admins to change the password again until the user has entered it.

Constant Value: 1 (0x00000001)

SKIP_SETUP_WIZARD

public static final int SKIP_SETUP_WIZARD

Flag used by createAndManageUser(ComponentName, String, ComponentName, PersistableBundle, int) to skip setup wizard after creating a new user.

Constant Value: 1 (0x00000001)

WIPE_EUICC

public static final int WIPE_EUICC

Flag for wipeData(int): also erase the device's eUICC data.

Constant Value: 4 (0x00000004)

WIPE_EXTERNAL_STORAGE

public static final int WIPE_EXTERNAL_STORAGE

Flag for wipeData(int): also erase the device's external storage (such as SD cards).

Constant Value: 1 (0x00000001)

WIPE_RESET_PROTECTION_DATA

public static final int WIPE_RESET_PROTECTION_DATA

Flag for wipeData(int): also erase the factory reset protection data.

This flag may only be set by device owner admins; if it is set by other admins a SecurityException will be thrown.

Constant Value: 2 (0x00000002)

addCrossProfileIntentFilter

public void addCrossProfileIntentFilter (ComponentName admin,
                IntentFilter filter,
                int flags)

Called by the profile owner of a managed profile so that some intents sent in the managed profile can also be resolved in the parent, or vice versa. Only activity intents are supported.

addCrossProfileWidgetProvider

public boolean addCrossProfileWidgetProvider (ComponentName admin,
                String packageName)

Called by the profile owner of a managed profile to enable widget providers from a given package to be available in the parent profile. As a result the user will be able to add widgets from the white-listed package running under the profile to a widget host which runs under the parent profile, for example the home screen. Note that a package may have zero or more provider components, where each component provides a different widget type.

Note: By default no widget provider package is white-listed.

addOverrideApn

public int addOverrideApn (ComponentName admin,
                ApnSetting apnSetting)

Called by device owner to add an override APN.

This method may returns -1 if apnSetting conflicts with an existing override APN. Update the existing conflicted APN with updateOverrideApn(ComponentName, int, ApnSetting) instead of adding a new entry.

Two override APNs are considered to conflict when all the following APIs return the same values on both override APNs:

• ApnSetting.getOperatorNumeric()
• ApnSetting.getApnName()
• ApnSetting.getProxyAddress()
• ApnSetting.getProxyPort()
• ApnSetting.getMmsProxyAddress()
• ApnSetting.getMmsProxyPort()
• ApnSetting.getMmsc()
• ApnSetting.isEnabled()
• ApnSetting.getMvnoType()
• ApnSetting.getProtocol()
• ApnSetting.getRoamingProtocol()

addPersistentPreferredActivity

public void addPersistentPreferredActivity (ComponentName admin,
                IntentFilter filter,
                ComponentName activity)

Called by a profile owner or device owner to set a default activity that the system selects to handle intents that match the given IntentFilter. This activity will remain the default intent handler even if the set of potential event handlers for the intent filter changes and if the intent preferences are reset.

Note that the caller should still declare the activity in the manifest, the API just sets the activity to be the default one to handle the given intent filter.

The default disambiguation mechanism takes over if the activity is not installed (anymore). When the activity is (re)installed, it is automatically reset as default intent handler for the filter.

The calling device admin must be a profile owner or device owner. If it is not, a security exception will be thrown.

addUserRestriction

public void addUserRestriction (ComponentName admin,
                String key)

Called by a profile or device owner to set a user restriction specified by the key.

The calling device admin must be a profile or device owner; if it is not, a security exception will be thrown.

bindDeviceAdminServiceAsUser

public boolean bindDeviceAdminServiceAsUser (ComponentName admin,
                Intent serviceIntent,
                ServiceConnection conn,
                int flags,
                UserHandle targetUser)

Called by a device owner to bind to a service from a profile owner or vice versa. See getBindDeviceAdminTargetUsers(ComponentName) for a definition of which device/profile owners are allowed to bind to services of another profile/device owner.

The service must be protected by Manifest.permission.BIND_DEVICE_ADMIN. Note that the Context used to obtain this DevicePolicyManager instance via Context.getSystemService(Class) will be used to bind to the Service.

clearApplicationUserData

public void clearApplicationUserData (ComponentName admin,
                String packageName,
                Executor executor,
                DevicePolicyManager.OnClearApplicationUserDataListener listener)

Called by the device owner or profile owner to clear application user data of a given package. The behaviour of this is equivalent to the target application calling ActivityManager.clearApplicationUserData().

Note: an application can store data outside of its application data, e.g. external storage or user dictionary. This data will not be wiped by calling this API.

clearCrossProfileIntentFilters

public void clearCrossProfileIntentFilters (ComponentName admin)

Called by a profile owner of a managed profile to remove the cross-profile intent filters that go from the managed profile to the parent, or from the parent to the managed profile. Only removes those that have been set by the profile owner.

Note: A list of default cross profile intent filters are set up by the system when the profile is created, some of them ensure the proper functioning of the profile, while others enable sharing of data from the parent to the managed profile for user convenience. These default intent filters are not cleared when this API is called. If the default cross profile data sharing is not desired, they can be disabled with UserManager.DISALLOW_SHARE_INTO_MANAGED_PROFILE.

clearDeviceOwnerApp

public void clearDeviceOwnerApp (String packageName)

This method was deprecated in API level 26.
This method is expected to be used for testing purposes only. The device owner will lose control of the device and its data after calling it. In order to protect any sensitive data that remains on the device, it is advised that the device owner factory resets the device instead of calling this method. See wipeData(int).

Clears the current device owner. The caller must be the device owner. This function should be used cautiously as once it is called it cannot be undone. The device owner can only be set as a part of device setup, before it completes.

While some policies previously set by the device owner will be cleared by this method, it is a best-effort process and some other policies will still remain in place after the device owner is cleared.

clearPackagePersistentPreferredActivities

public void clearPackagePersistentPreferredActivities (ComponentName admin,
                String packageName)

Called by a profile owner or device owner to remove all persistent intent handler preferences associated with the given package that were set by addPersistentPreferredActivity(ComponentName, IntentFilter, ComponentName).

The calling device admin must be a profile owner. If it is not, a security exception will be thrown.

clearProfileOwner

public void clearProfileOwner (ComponentName admin)

This method was deprecated in API level 26.
This method is expected to be used for testing purposes only. The profile owner will lose control of the user and its data after calling it. In order to protect any sensitive data that remains on this user, it is advised that the profile owner deletes it instead of calling this method. See wipeData(int).

Clears the active profile owner. The caller must be the profile owner of this user, otherwise a SecurityException will be thrown. This method is not available to managed profile owners.

While some policies previously set by the profile owner will be cleared by this method, it is a best-effort process and some other policies will still remain in place after the profile owner is cleared.

clearResetPasswordToken

public boolean clearResetPasswordToken (ComponentName admin)

Called by a profile or device owner to revoke the current password reset token.

clearUserRestriction

public void clearUserRestriction (ComponentName admin,
                String key)

Called by a profile or device owner to clear a user restriction specified by the key.

The calling device admin must be a profile or device owner; if it is not, a security exception will be thrown.

createAdminSupportIntent

public Intent createAdminSupportIntent (String restriction)

Called by any app to display a support dialog when a feature was disabled by an admin. This returns an intent that can be used with Context.startActivity(Intent) to display the dialog. It will tell the user that the feature indicated by restriction was disabled by an admin, and include a link for more information. The default content of the dialog can be changed by the restricting admin via setShortSupportMessage(ComponentName, CharSequence). If the restriction is not set (i.e. the feature is available), then the return value will be null.

createAndManageUser

public UserHandle createAndManageUser (ComponentName admin,
                String name,
                ComponentName profileOwner,
                PersistableBundle adminExtras,
                int flags)

Called by a device owner to create a user with the specified name and a given component of the calling package as profile owner. The UserHandle returned by this method should not be persisted as user handles are recycled as users are removed and created. If you need to persist an identifier for this user, use UserManager.getSerialNumberForUser(UserHandle). The new user will not be started in the background.

admin is the DeviceAdminReceiver which is the device owner. profileOwner is also a DeviceAdminReceiver in the same package as admin, and will become the profile owner and will be registered as an active admin on the new user. The profile owner package will be installed on the new user.

If the adminExtras are not null, they will be stored on the device until the user is started for the first time. Then the extras will be passed to the admin when onEnable is called.

From Build.VERSION_CODES.P onwards, if targeting Build.VERSION_CODES.P, throws UserManager.UserOperationException instead of returning null on failure.

enableSystemApp

public int enableSystemApp (ComponentName admin,
                Intent intent)

Re-enable system apps by intent that were disabled by default when the user was initialized. This function can be called by a device owner, profile owner, or by a delegate given the DELEGATION_ENABLE_SYSTEM_APP scope via setDelegatedScopes(ComponentName, String, List).

enableSystemApp

public void enableSystemApp (ComponentName admin,
                String packageName)

Re-enable a system app that was disabled by default when the user was initialized. This function can be called by a device owner, profile owner, or by a delegate given the DELEGATION_ENABLE_SYSTEM_APP scope via setDelegatedScopes(ComponentName, String, List).

generateKeyPair

public AttestedKeyPair generateKeyPair (ComponentName admin,
                String algorithm,
                KeyGenParameterSpec keySpec,
                int idAttestationFlags)

Called by a device or profile owner, or delegated certificate installer, to generate a new private/public key pair. If the device supports key generation via secure hardware, this method is useful for creating a key in KeyChain that never left the secure hardware. Access to the key is controlled the same way as in installKeyPair(ComponentName, PrivateKey, Certificate, String).

getAccountTypesWithManagementDisabled

public String[] getAccountTypesWithManagementDisabled ()

Gets the array of accounts for which account management is disabled by the profile owner.

Account management can be disabled/enabled by calling setAccountManagementDisabled(ComponentName, String, boolean).

getActiveAdmins

public List<ComponentName> getActiveAdmins ()

Return a list of all currently active device administrators' component names. If there are no administrators null may be returned.

getAffiliationIds

public Set<String> getAffiliationIds (ComponentName admin)

Returns the set of affiliation ids previously set via setAffiliationIds(ComponentName, Set), or an empty set if none have been set.

getAlwaysOnVpnPackage

public String getAlwaysOnVpnPackage (ComponentName admin)

Called by a device or profile owner to read the name of the package administering an always-on VPN connection for the current user. If there is no such package, or the always-on VPN is provided by the system instead of by an application, null will be returned.

getApplicationRestrictions

public Bundle getApplicationRestrictions (ComponentName admin,
                String packageName)

Retrieves the application restrictions for a given target application running in the calling user.

The caller must be a profile or device owner on that user, or the package allowed to manage application restrictions via setDelegatedScopes(ComponentName, String, List) with the DELEGATION_APP_RESTRICTIONS scope; otherwise a security exception will be thrown.

NOTE: The method performs disk I/O and shouldn't be called on the main thread

This method may take several seconds to complete, so it should only be called from a worker thread.

getApplicationRestrictionsManagingPackage

public String getApplicationRestrictionsManagingPackage (ComponentName admin)

This method was deprecated in API level 26.
From Build.VERSION_CODES.O. Use getDelegatePackages(ComponentName, String) with the DELEGATION_APP_RESTRICTIONS scope instead.

Called by a profile owner or device owner to retrieve the application restrictions managing package for the current user, or null if none is set. If there are multiple delegates this function will return one of them.

getAutoTimeRequired

public boolean getAutoTimeRequired ()

getBindDeviceAdminTargetUsers

public List<UserHandle> getBindDeviceAdminTargetUsers (ComponentName admin)

Returns the list of target users that the calling device or profile owner can use when calling bindDeviceAdminServiceAsUser(ComponentName, Intent, ServiceConnection, int, UserHandle).

A device owner can bind to a service from a profile owner and vice versa, provided that:

• Both belong to the same package name.
• Both users are affiliated. See setAffiliationIds(ComponentName, Set).

getBluetoothContactSharingDisabled

public boolean getBluetoothContactSharingDisabled (ComponentName admin)

Called by a profile owner of a managed profile to determine whether or not Bluetooth devices cannot access enterprise contacts.

The calling device admin must be a profile owner. If it is not, a security exception will be thrown.

This API works on managed profile only.

getCameraDisabled

public boolean getCameraDisabled (ComponentName admin)

Determine whether or not the device's cameras have been disabled for this user, either by the calling admin, if specified, or all admins.

getCertInstallerPackage

public String getCertInstallerPackage (ComponentName admin)

This method was deprecated in API level 26.
From Build.VERSION_CODES.O. Use getDelegatePackages(ComponentName, String) with the DELEGATION_CERT_INSTALL scope instead.

Called by a profile owner or device owner to retrieve the certificate installer for the user, or null if none is set. If there are multiple delegates this function will return one of them.

getCrossProfileCallerIdDisabled

public boolean getCrossProfileCallerIdDisabled (ComponentName admin)

Called by a profile owner of a managed profile to determine whether or not caller-Id information has been disabled.

The calling device admin must be a profile owner. If it is not, a security exception will be thrown.

getCrossProfileContactsSearchDisabled

public boolean getCrossProfileContactsSearchDisabled (ComponentName admin)

Called by a profile owner of a managed profile to determine whether or not contacts search has been disabled.

The calling device admin must be a profile owner. If it is not, a security exception will be thrown.

getCrossProfileWidgetProviders

public List<String> getCrossProfileWidgetProviders (ComponentName admin)

Called by the profile owner of a managed profile to query providers from which packages are available in the parent profile.

getCurrentFailedPasswordAttempts

public int getCurrentFailedPasswordAttempts ()

Retrieve the number of times the user has failed at entering a password since that last successful password entry.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve the number of failed password attemts for the parent user.

The calling device admin must have requested DeviceAdminInfo.USES_POLICY_WATCH_LOGIN to be able to call this method; if it has not, a security exception will be thrown.

getDelegatePackages

public List<String> getDelegatePackages (ComponentName admin,
                String delegationScope)

Called by a profile owner or device owner to retrieve a list of delegate packages that were granted a delegation scope.

getDelegatedScopes

public List<String> getDelegatedScopes (ComponentName admin,
                String delegatedPackage)

Called by a profile owner or device owner to retrieve a list of the scopes given to a delegate package. Other apps can use this method to retrieve their own delegated scopes by passing null for admin and their own package name as delegatedPackage.

getDeviceOwnerLockScreenInfo

public CharSequence getDeviceOwnerLockScreenInfo ()

getEndUserSessionMessage

public CharSequence getEndUserSessionMessage (ComponentName admin)

Returns the user session end message.

getInstalledCaCerts

public List<byte[]> getInstalledCaCerts (ComponentName admin)

Returns all CA certificates that are currently trusted, excluding system CA certificates. If a user has installed any certificates by other means than device policy these will be included too.

getKeepUninstalledPackages

public List<String> getKeepUninstalledPackages (ComponentName admin)

Get the list of apps to keep around as APKs even if no user has currently installed it. This function can be called by a device owner or by a delegate given the DELEGATION_KEEP_UNINSTALLED_PACKAGES scope via setDelegatedScopes(ComponentName, String, List).

Please note that packages returned in this method are not automatically pre-cached.

getKeyguardDisabledFeatures

public int getKeyguardDisabledFeatures (ComponentName admin)

Determine whether or not features have been disabled in keyguard either by the calling admin, if specified, or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile.

getLockTaskFeatures

public int getLockTaskFeatures (ComponentName admin)

Gets which system features are enabled for LockTask mode.

getLockTaskPackages

public String[] getLockTaskPackages (ComponentName admin)

Returns the list of packages allowed to start the lock task mode.

getLongSupportMessage

public CharSequence getLongSupportMessage (ComponentName admin)

Called by a device admin to get the long support message.

getMaximumFailedPasswordsForWipe

public int getMaximumFailedPasswordsForWipe (ComponentName admin)

Retrieve the current maximum number of login attempts that are allowed before the device or profile is wiped, for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve the value for the parent profile.

getMaximumTimeToLock

public long getMaximumTimeToLock (ComponentName admin)

Retrieve the current maximum time to unlock for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile.

getMeteredDataDisabledPackages

public List<String> getMeteredDataDisabledPackages (ComponentName admin)

Called by a device or profile owner to retrieve the list of packages which are restricted by the admin from using metered data.

getOrganizationColor

public int getOrganizationColor (ComponentName admin)

Called by a profile owner of a managed profile to retrieve the color used for customization. This color is used as background color of the confirm credentials screen for that user.

getOrganizationName

public CharSequence getOrganizationName (ComponentName admin)

Called by a profile owner of a managed profile to retrieve the name of the organization under management.

getOverrideApns

public List<ApnSetting> getOverrideApns (ComponentName admin)

Called by device owner to get all override APNs inserted by device owner.

getParentProfileInstance

public DevicePolicyManager getParentProfileInstance (ComponentName admin)

Called by the profile owner of a managed profile to obtain a DevicePolicyManager whose calls act on the parent profile.

The following methods are supported for the parent instance, all other methods will throw a SecurityException when called on the parent instance:

• getPasswordQuality(ComponentName)
• setPasswordQuality(ComponentName, int)
• getPasswordMinimumLength(ComponentName)
• setPasswordMinimumLength(ComponentName, int)
• getPasswordMinimumUpperCase(ComponentName)
• setPasswordMinimumUpperCase(ComponentName, int)
• getPasswordMinimumLowerCase(ComponentName)
• setPasswordMinimumLowerCase(ComponentName, int)
• getPasswordMinimumLetters(ComponentName)
• setPasswordMinimumLetters(ComponentName, int)
• getPasswordMinimumNumeric(ComponentName)
• setPasswordMinimumNumeric(ComponentName, int)
• getPasswordMinimumSymbols(ComponentName)
• setPasswordMinimumSymbols(ComponentName, int)
• getPasswordMinimumNonLetter(ComponentName)
• setPasswordMinimumNonLetter(ComponentName, int)
• getPasswordHistoryLength(ComponentName)
• setPasswordHistoryLength(ComponentName, int)
• getPasswordExpirationTimeout(ComponentName)
• setPasswordExpirationTimeout(ComponentName, long)
• getPasswordExpiration(ComponentName)
• getPasswordMaximumLength(int)
• isActivePasswordSufficient()
• getCurrentFailedPasswordAttempts()
• getMaximumFailedPasswordsForWipe(ComponentName)
• setMaximumFailedPasswordsForWipe(ComponentName, int)
• getMaximumTimeToLock(ComponentName)
• setMaximumTimeToLock(ComponentName, long)
• lockNow()
• getKeyguardDisabledFeatures(ComponentName)
• setKeyguardDisabledFeatures(ComponentName, int)
• getTrustAgentConfiguration(ComponentName, ComponentName)
• setTrustAgentConfiguration(ComponentName, ComponentName, PersistableBundle)
• getRequiredStrongAuthTimeout(ComponentName)
• setRequiredStrongAuthTimeout(ComponentName, long)

getPasswordExpiration

public long getPasswordExpiration (ComponentName admin)

Get the current password expiration time for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. If admin is null, then a composite of all expiration times is returned - which will be the minimum of all of them.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve the password expiration for the parent profile.

getPasswordExpirationTimeout

public long getPasswordExpirationTimeout (ComponentName admin)

Get the password expiration timeout for the given admin. The expiration timeout is the recurring expiration timeout provided in the call to setPasswordExpirationTimeout(ComponentName, long) for the given admin or the aggregate of all participating policy administrators if admin is null. Admins that have set restrictions on profiles that have a separate challenge are not taken into account.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile.

getPasswordHistoryLength

public int getPasswordHistoryLength (ComponentName admin)

Retrieve the current password history length for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile.

getPasswordMaximumLength

public int getPasswordMaximumLength (int quality)

Return the maximum password length that the device supports for a particular password quality.

getPasswordMinimumLength

public int getPasswordMinimumLength (ComponentName admin)

Retrieve the current minimum password length for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile. user and its profiles or a particular one.

getPasswordMinimumLetters

public int getPasswordMinimumLetters (ComponentName admin)

Retrieve the current number of letters required in the password for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. This is the same value as set by setPasswordMinimumLetters(ComponentName, int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile.

getPasswordMinimumLowerCase

public int getPasswordMinimumLowerCase (ComponentName admin)

Retrieve the current number of lower case letters required in the password for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. This is the same value as set by setPasswordMinimumLowerCase(ComponentName, int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile.

getPasswordMinimumNonLetter

public int getPasswordMinimumNonLetter (ComponentName admin)

Retrieve the current number of non-letter characters required in the password for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. This is the same value as set by setPasswordMinimumNonLetter(ComponentName, int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile.

getPasswordMinimumNumeric

public int getPasswordMinimumNumeric (ComponentName admin)

Retrieve the current number of numerical digits required in the password for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. This is the same value as set by setPasswordMinimumNumeric(ComponentName, int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile.

getPasswordMinimumSymbols

public int getPasswordMinimumSymbols (ComponentName admin)

Retrieve the current number of symbols required in the password for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. This is the same value as set by setPasswordMinimumSymbols(ComponentName, int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile.

getPasswordMinimumUpperCase

public int getPasswordMinimumUpperCase (ComponentName admin)

Retrieve the current number of upper case letters required in the password for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. This is the same value as set by setPasswordMinimumUpperCase(ComponentName, int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile.

getPasswordQuality

public int getPasswordQuality (ComponentName admin)

Retrieve the current minimum password quality for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile.

getPendingSystemUpdate

public SystemUpdateInfo getPendingSystemUpdate (ComponentName admin)

Called by device or profile owners to get information about a pending system update.

getPermissionGrantState

public int getPermissionGrantState (ComponentName admin,
                String packageName,
                String permission)

Returns the current grant state of a runtime permission for a specific application. This function can be called by a device owner, profile owner, or by a delegate given the DELEGATION_PERMISSION_GRANT scope via setDelegatedScopes(ComponentName, String, List).