Added in API level 8

DevicePolicyManager


open class DevicePolicyManager
kotlin.Any
   ↳ android.app.admin.DevicePolicyManager

Manages device policy and restrictions applied to the user of the device or apps running on the device.

This class contains three types of methods:

  1. Those aimed at managing apps
  2. Those aimed at the Device Policy Management Role Holder
  3. Those aimed at apps which wish to respect device policy

The intended caller for each API is indicated in its Javadoc.

Managing Apps

Apps can be made capable of setting device policy ("Managing Apps") either by being set as a Device Administrator, being set as a Device Policy Controller, or by holding the appropriate Permissions.

A Device Administrator is an app which is able to enforce device policies that it has declared in its device admin XML file. An app can prompt the user to give it device administator privileges using the ACTION_ADD_DEVICE_ADMIN action.

For more information about Device Administration, read the Device Administration developer guide.

Device Administrator apps can also be recognised as Device Policy Controllers. Device Policy Controllers can be one of two types:

  • A Device Owner, which only ever exists on the System User or Main User, is the most powerful type of Device Policy Controller and can affect policy across the device.
  • A Profile Owner, which can exist on any user, can affect policy on the user it is on, and when it is running on a profile has limited ability to affect policy on its parent.

Additional capabilities can be provided to Device Policy Controllers in the following circumstances:

For more information, see Building a Device Policy Controller.

Permissions are generally only given to apps fulfilling particular key roles on the device (such as managing device locks).

Device Policy Management Role Holder

One app on the device fulfills the Device Policy Management Role and is trusted with managing the overall state of Device Policy. This has access to much more powerful methods than managing apps.

Querying Device Policy

In most cases, regular apps do not need to concern themselves with device policy, and restrictions will be enforced automatically. There are some cases where an app may wish to query device policy to provide a better user experience. Only a small number of policies allow apps to query them directly. These APIs will typically have no special required permissions.

Managed Provisioning

Managed Provisioning is the process of recognising an app as a Device Owner or Profile Owner. It involves presenting education and consent screens to the user to ensure they are aware of the capabilities this grants the Device Policy Controller

For more information on provisioning, see Building a Device Policy Controller.

A Managed Profile enables data separation. For example to use a device both for personal and corporate usage. The managed profile and its parent share a launcher.

Affiliation

Using the setAffiliationIds method, a Device Owner can set a list of affiliation ids for the System User. Any Profile Owner on the same device can also call setAffiliationIds to set affiliation ids for the user it is on. When there is the same ID present in both lists, the user is said to be "affiliated" and we can refer to the Profile Owner as a "profile owner on an affiliated user" or an "affiliated profile owner". Becoming affiliated grants the Profile Owner capabilities similar to that of the Device Owner. It also allows use of the #bindDeviceAdminServiceAsUser APIs for direct communication between the Device Owner and affiliated Profile Owners.

Organization Owned

An organization owned device is one which is not owned by the person making use of the device and is instead owned by an organization such as their employer or education provider. These devices are recognised as being organization owned either by the presence of a device owner or of a profile which has a profile owner is marked.

Profile owners running on an organization owned device can exercise additional capabilities using the getParentProfileInstance(android.content.ComponentName) API which apply to the parent user. Each API will indicate if it is usable in this way.

Android Automotive

On "Android Automotive builds", some methods can throw "an exception" if an action is unsafe (for example, if the vehicle is moving). Callers running on "Android Automotive builds" should always check for this exception.
Requires the PackageManager#FEATURE_DEVICE_ADMIN feature which can be detected using PackageManager.hasSystemFeature(String).

Summary

Nested classes
abstract

Callback used in installSystemUpdate to indicate that there was an error while trying to install an update.

abstract

Callback used in clearApplicationUserData to indicate that the clearing of an application's user data is done.

Constants
static String

Activity action: ask the user to add a new device administrator to the system.

static String

Activity action: Starts the administrator to show policy compliance for the provisioning.

static String

Broadcast Action: Sent after application delegation scopes are changed.

static String

Activity action: launch the DPC to check policy compliance.

static String

Service action: Action for a service that device owner and profile owner can optionally own.

static String

Broadcast Action: Broadcast sent to indicate that the device financing state has changed.

static String

Broadcast action: sent when the device owner is set, changed or cleared.

static String

Broadcast action: notify system apps (e.g. settings, SysUI, etc) that the device management resources with IDs

static String

Activity action: Starts the administrator to get the mode for the provisioning.

static String

Broadcast Action: This broadcast is sent to indicate that provisioning of a managed profile has completed successfully.

static String

Broadcast action: sent when the profile owner is set, changed or cleared.

static String

Activity action: This activity action is sent to indicate that provisioning of a managed profile or managed device has completed successfully.

static String

Activity action: Starts the provisioning flow which sets up a managed device.

static String

Activity action: Starts the provisioning flow which sets up a managed profile.

static String

Activity action: have the user enter a new password for the parent profile.

static String

Activity action: have the user enter a new password.

static String

Activity action: begin the process of encrypting data on the device.

static String

Broadcast action: notify that a new local system update policy has been set by the device owner.

static Int

Indicates that android.app.appfunctions.AppFunctionManager is controlled and disabled by policy, i.

static Int

Indicates that android.app.appfunctions.AppFunctionManager is controlled and disabled by a policy for cross profile interactions only, i.

static Int

Indicates that android.app.appfunctions.AppFunctionManager is not controlled by policy.

static Int

Specifies the "disabled" auto time state.

static Int

Specifies the "enabled" auto time state.

static Int

Specifies that the auto time state is not controlled by device policy.

static Int

Specifies the "disabled" auto time zone state.

static Int

Specifies the "enabled" auto time zone state.

static Int

Specifies that the auto time zone state is not controlled by device policy.

static Int

Indicates that content protection is controlled and disabled by a policy (default).

static Int

Indicates that content protection is controlled and enabled by a policy.

static Int

Indicates that content protection is not controlled by policy, allowing user to choose.

static String

Delegation of application restrictions management.

static String

Delegation of application uninstall block.

static String

Delegation of certificate installation and management.

static String

Grants access to selection of KeyChain certificates on behalf of requesting apps.

static String

Delegation for enabling system apps.

static String

Delegation for installing existing packages.

static String

Delegation of management of uninstalled packages.

static String

Grants access to setNetworkLoggingEnabled, isNetworkLoggingEnabled and retrieveNetworkLogs.

static String

Delegation of package access state.

static String

Delegation of permission policy and permission grant state.

static String

Grants access to setSecurityLoggingEnabled, isSecurityLoggingEnabled, retrieveSecurityLogs, and retrievePreRebootSecurityLogs.

static Int

Result code for getStorageEncryptionStatus: indicating that encryption is not currently active, but is currently being activated.

static Int

Result code for setStorageEncryption and getStorageEncryptionStatus: indicating that encryption is active.

static Int

Result code for getStorageEncryptionStatus: indicating that encryption is active, but the encryption key is not cryptographically protected by the user's credentials.

static Int

Result code for getStorageEncryptionStatus: indicating that encryption is active and the encryption key is tied to the user or profile.

static Int

Result code for setStorageEncryption and getStorageEncryptionStatus: indicating that encryption is supported, but is not currently active.

static Int

Result code for setStorageEncryption and getStorageEncryptionStatus: indicating that encryption is not supported.

static String

An optional CharSequence providing additional explanation for why the admin is being added.

static String

An ArrayList<String> corresponding to the delegation scopes given to an app in the ACTION_APPLICATION_DELEGATION_SCOPES_CHANGED broadcast.

static String

The ComponentName of the administrator component.

static String

A boolean extra for ACTION_SET_NEW_PARENT_PROFILE_PASSWORD requesting that only device password requirement is enforced during the parent profile password enrolment flow.

static String

An integer indicating the complexity level of the new password an app would like the user to set when launching the action ACTION_SET_NEW_PASSWORD.

static String

An android.accounts.Account extra holding the account to migrate during managed profile provisioning.

static String

A android.os.Parcelable extra of type android.os.PersistableBundle that is passed directly to the Device Policy Controller after provisioning.

static String

An ArrayList of Integer extra specifying the allowed provisioning modes.

static String

A boolean extra indicating whether offline provisioning should be used.

static String

A ComponentName extra indicating the device admin receiver of the application that will be set as the Device Policy Controller.

static String

An int extra holding a minimum required version code for the device admin package.

static String

A String extra holding the URL-safe base64 encoded SHA-256 hash of the file at download location specified in EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION.

static String

A String extra holding a http cookie header which should be used in the http request to the url specified in EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION.

static String

A String extra holding a url that specifies the download location of the device admin package.

static String

A String extra holding the package name of the application that will be set as Device Policy Controller.

static String

A String extra holding the URL-safe base64 encoded SHA-256 checksum of any signature of the android package archive at the download location specified in EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION.

static String

A Bundle[] extra consisting of list of disclaimer headers and disclaimer contents.

static String

A Uri extra pointing to disclaimer content.

static String

A String extra of localized disclaimer header.

static String

static String

A string extra holding the IMEI (International Mobile Equipment Identity) of the device.

static String

Boolean extra to indicate that the migrated account should be kept.

static String

A boolean flag that indicates whether the screen should be on throughout the provisioning flow.

static String

A Boolean extra that can be used by the mobile device management application to skip the disabling of system apps during provisioning when set to true.

static String

A String extra holding the java.util.Locale that the device will be set to.

static String

A Long extra holding the wall clock time (in milliseconds) to be set on the device's android.app.AlarmManager.

static String

A Uri extra pointing to a logo image.

static String

A integer extra indicating the predominant color to show during the provisioning.

static String

An intent extra holding the provisioning mode returned by the administrator.

static String

A boolean extra indicating the admin of a fully-managed device opts out of controlling permission grants for sensor-related permissions, see setPermissionGrantState(android.content.ComponentName,java.lang.String,java.lang.String,int).

static String

A string extra holding the serial number of the device.

static String

A boolean extra that determines whether the provisioning flow should launch the resulting launch intent, if one is supplied by the device policy management role holder via EXTRA_RESULT_LAUNCH_INTENT.

static String

A boolean extra indicating if the education screens from the provisioning flow should be skipped.

static String

A boolean extra indicating whether device encryption can be skipped as part of provisioning.

static String

A boolean extra indicating if the user consent steps from the provisioning flow should be skipped.

static String

A String extra holding the time zone android.app.AlarmManager that the device will be set to.

static String

A boolean extra indicating if mobile data should be used during the provisioning flow for downloading the admin app.

static String

The anonymous identity of the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

static String

The CA certificate of the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

static String

The domain of the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

static String

The EAP method of the wifi network in EXTRA_PROVISIONING_WIFI_SSID and could be one of PEAP, TLS, TTLS, PWD, SIM, AKA or AKA_PRIME.

static String

A boolean extra indicating whether the wifi network in EXTRA_PROVISIONING_WIFI_SSID is hidden or not.

static String

The identity of the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

static String

A String extra holding the proxy auto-config (PAC) URL for the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

static String

A String extra holding the password of the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

static String

The phase 2 authentication of the wifi network in EXTRA_PROVISIONING_WIFI_SSID and could be one of NONE, PAP, MSCHAP, MSCHAPV2, GTC, SIM, AKA or AKA_PRIME.

static String

A String extra holding the proxy bypass for the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

static String

A String extra holding the proxy host for the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

static String

An int extra holding the proxy port for the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

static String

A String extra indicating the security type of the wifi network in EXTRA_PROVISIONING_WIFI_SSID and could be one of NONE, WPA, WEP or EAP.

static String

A String extra holding the ssid of the wifi network that should be used during nfc device owner provisioning for downloading the mobile device management application.

static String

The user certificate of the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

static String

An integer array extra for ACTION_DEVICE_POLICY_RESOURCE_UPDATED to indicate which resource IDs (i.e. strings and drawables) have been updated.

static String

An int extra for ACTION_DEVICE_POLICY_RESOURCE_UPDATED to indicate the type of the resource being updated, the type can be EXTRA_RESOURCE_TYPE_DRAWABLE or EXTRA_RESOURCE_TYPE_STRING

static Int

A int value for EXTRA_RESOURCE_TYPE to indicate that a resource of type Drawable is being updated.

static Int

A int value for EXTRA_RESOURCE_TYPE to indicate that a resource of type String is being updated.

static String

An Intent result extra specifying the Intent to be launched after provisioning is finalized.

static Int

Flag for lockNow(int): also evict the user's credential encryption key from the keyring.

static Int

Flag used by addCrossProfileIntentFilter to allow activities in the managed profile to access intents sent from the parent profile.

static Int

Flag used by addCrossProfileIntentFilter to allow activities in the parent profile to access intents sent from the managed profile.

static Int

Specifies that the device should attest its manufacturer details.

static Int

Specifies that the device should attest its IMEI.

static Int

Specifies that the device should attest using an individual attestation certificate.

static Int

Specifies that the device should attest its MEID.

static Int

Specifies that the device should attest its serial number.

static Int

Specifies that the calling app should be granted access to the installed credentials immediately.

static Int

Specifies that a user can select the key via the Certificate Selection prompt.

static Int

Disable all biometric authentication on keyguard secure screens (e.g. PIN/Pattern/Password).

static Int

Disable face authentication on keyguard secure screens (e.g. PIN/Pattern/Password).

static Int

Disable all current and future keyguard customizations.

static Int

Widgets are enabled in keyguard

static Int

Disable fingerprint authentication on keyguard secure screens (e.g. PIN/Pattern/Password).

static Int

Disable iris authentication on keyguard secure screens (e.g. PIN/Pattern/Password).

static Int

Disable text entry into notifications on secure keyguard screens (e.g. PIN/Pattern/Password).

static Int

Disable the camera on secure keyguard screens (e.g. PIN/Pattern/Password)

static Int

Disable showing all notifications on secure keyguard screens (e.g. PIN/Pattern/Password)

static Int

Disable all keyguard shortcuts.

static Int

Disable trust agents on secure keyguard screens (e.g. PIN/Pattern/Password).

static Int

Only allow redacted notifications on secure keyguard screens (e.g. PIN/Pattern/Password)

static Int

Disable all keyguard widgets.

static Int

Flag used by createAndManageUser to specify that the newly created user should skip the disabling of system apps during provisioning.

static Int

Enable blocking of non-allowlisted activities from being started into a locked task.

static Int

Enable the global actions dialog during LockTask mode.

static Int

Enable the Home button during LockTask mode.

static Int

Enable the keyguard during LockTask mode.

static Int

Disable all configurable SystemUI features during LockTask mode.

static Int

Enable notifications during LockTask mode.

static Int

Enable the Overview button and the Overview screen during LockTask mode.

static Int

Enable the system info area in the status bar during LockTask mode.

static Int

Flag used by createAndManageUser to specify that the user should be created ephemeral.

static String

This MIME type is used for starting the device owner provisioning.

static Int

Require that MTE be disabled on the device.

static Int

Require that MTE be enabled on the device, if supported.

static Int

Allow the user to choose whether to enable MTE on the device.

static Int

Indicates that nearby streaming is disabled.

static Int

Indicates that nearby streaming is enabled.

static Int

Indicates that nearby streaming is not controlled by policy, which means nearby streaming is allowed.

static Int

Indicates that nearby streaming is enabled only to devices offering a comparable level of security, with the same authenticated managed account.

static Int

Indicates that a UnsafeStateException was thrown because the operation would distract the driver of the vehicle.

static Int

Constant for getPasswordComplexity() and setRequiredPasswordComplexity(int).

static Int

Constant for getPasswordComplexity() and setRequiredPasswordComplexity(int).

static Int

Constant for getPasswordComplexity() and setRequiredPasswordComplexity(int).

static Int

Constant for getPasswordComplexity() and setRequiredPasswordComplexity(int): no password.

static Int

Constant for setPasswordQuality: the user must have entered a password containing at least alphabetic (or other symbol) characters.

static Int

Constant for setPasswordQuality: the user must have entered a password containing at least both> numeric and alphabetic (or other symbol) characters.

static Int

Constant for setPasswordQuality: the policy allows for low-security biometric recognition technology.

static Int

Constant for setPasswordQuality: allows the admin to set precisely how many characters of various types the password should contain to satisfy the policy.

static Int

Constant for setPasswordQuality: the user must have entered a password containing at least numeric characters.

static Int

Constant for setPasswordQuality: the user must have entered a password containing at least numeric characters with no repeating (4444) or ordered (1234, 4321, 2468) sequences.

static Int

Constant for setPasswordQuality: the policy requires some kind of password or pattern, but doesn't care what it is.

static Int

Constant for setPasswordQuality: the policy has no requirements for the password.

static Int

Runtime permission state: The user can manage the permission through the UI.

static Int

Runtime permission state: The permission is denied to the app and the user cannot manage the permission through the UI.

static Int

Runtime permission state: The permission is granted to the app and the user cannot manage the permission through the UI.

static Int

Permission policy to always deny new permission requests for runtime permissions.

static Int

Permission policy to always grant new permission requests for runtime permissions.

static Int

Permission policy to prompt user for new permission requests for runtime permissions.

static Int

Return value for getPersonalAppsSuspendedReasons when personal apps are not suspended.

static Int

Flag for getPersonalAppsSuspendedReasons return value.

static Int

Flag for getPersonalAppsSuspendedReasons return value.

static String

Constant to indicate the feature of disabling the camera.

static String

Constant to indicate the feature of disabling screen captures.

static Int

Specifies that Private DNS was turned off completely.

static Int

Specifies that the device owner requested opportunistic DNS over TLS

static Int

Specifies that the device owner configured a specific host to use for Private DNS.

static Int

Specifies that the Private DNS setting is in an unknown state.

static Int

General failure to set the Private DNS mode, not due to one of the reasons listed above.

static Int

If the privateDnsHost provided was of a valid hostname but that host was found to not support DNS-over-TLS.

static Int

The selected mode has been set successfully.

static Int

The provisioning mode for fully managed device.

static Int

The provisioning mode for managed profile.

static Int

The provisioning mode for a managed profile on a personal device.

static Int

Flag for resetPasswordWithToken and resetPassword: don't ask for user credentials on device boot.

static Int

Flag for resetPasswordWithToken and resetPassword: don't allow other admins to change the password again until the user has entered it.

static Int

Flag used by createAndManageUser to skip setup wizard after creating a new user.

static Int

Constant for getMinimumRequiredWifiSecurityLevel() and setMinimumRequiredWifiSecurityLevel(int): enterprise 192 bit network.

static Int

Constant for getMinimumRequiredWifiSecurityLevel() and setMinimumRequiredWifiSecurityLevel(int): enterprise EAP network.

static Int

Constant for getMinimumRequiredWifiSecurityLevel() and setMinimumRequiredWifiSecurityLevel(int): no minimum security level.

static Int

Constant for getMinimumRequiredWifiSecurityLevel() and setMinimumRequiredWifiSecurityLevel(int): personal network such as WEP, WPA2-PSK.

static Int

Flag for wipeData(int): also erase the device's eUICC data.

static Int

Flag for wipeData(int): also erase the device's adopted external storage (such as adopted SD cards).

static Int

Flag for wipeData(int): also erase the factory reset protection data.

static Int

Flag for wipeData(int): won't show reason for wiping to the user.

Public methods
open Unit

Called by a profile owner of an organization-owned managed profile to acknowledge that the device is compliant and the user can turn the profile off if needed according to the maximum time off policy.

open Unit

Called by the profile owner of a managed profile so that some intents sent in the managed profile can also be resolved in the parent, or vice versa.

open Boolean

Called by the profile owner of a managed profile or a holder of the permission android.Manifest.permission#MANAGE_DEVICE_POLICY_PROFILE_INTERACTION to enable widget providers from a given package to be available in the parent profile.

open Int
addOverrideApn(admin: ComponentName, apnSetting: ApnSetting)

Called by device owner or managed profile owner to add an override APN.

open Unit

Called by a profile owner or device owner or holder of the permission android.Manifest.permission#MANAGE_DEVICE_POLICY_LOCK_TASK.

open Unit

Called by a profile owner, device owner or a holder of any permission that is associated with a user restriction to set a user restriction specified by the key.

open Unit

Called by a profile owner, device owner or a holder of any permission that is associated with a user restriction to set a user restriction specified by the provided key globally on all users.

open Boolean

See bindDeviceAdminServiceAsUser(android.content.ComponentName,android.content.Intent,android.content.ServiceConnection,int,android.os.UserHandle).

open Boolean
bindDeviceAdminServiceAsUser(admin: ComponentName, serviceIntent: Intent, conn: ServiceConnection, flags: Int, targetUser: UserHandle)

Called by a device owner to bind to a service from a secondary managed user or vice versa.

open Boolean

Returns true if the caller is running on a device where an admin can grant permissions related to device sensors.

open Boolean

Returns whether enabling or disabling USB data signaling is supported on the device.

open Unit

Called by the device owner or profile owner to clear application user data of a given package.

open Unit

Called by a profile owner of a managed profile to remove the cross-profile intent filters that go from the managed profile to the parent, or from the parent to the managed profile.

open Unit
clearDeviceOwnerApp(packageName: String!)

Clears the current device owner.

open Unit

Called by a profile owner or device owner or holder of the permission android.Manifest.permission#MANAGE_DEVICE_POLICY_LOCK_TASK to remove all persistent intent handler preferences associated with the given package that were set by addPersistentPreferredActivity.

open Unit

Clears the active profile owner.

open Boolean

Called by a profile, device owner or holder of the permission android.Manifest.permission#MANAGE_DEVICE_POLICY_RESET_PASSWORD to revoke the current password reset token.

open Unit

Called by a profile owner, device owner or a holder of any permission that is associated with a user restriction to clear a user restriction specified by the key.

open Intent!

Called by any app to display a support dialog when a feature was disabled by an admin.

open UserHandle?
createAndManageUser(admin: ComponentName, name: String, profileOwner: ComponentName, adminExtras: PersistableBundle?, flags: Int)

Called by a device owner to create a user with the specified name and a given component of the calling package as profile owner.

open Int

Re-enable system apps by intent that were disabled by default when the user was initialized.

open Unit
enableSystemApp(admin: ComponentName, packageName: String!)

Re-enable a system app that was disabled by default when the user was initialized.

open AttestedKeyPair!
generateKeyPair(admin: ComponentName?, algorithm: String, keySpec: KeyGenParameterSpec, idAttestationFlags: Int)

This API can be called by the following to generate a new private/public key pair:

If the device supports key generation via secure hardware, this method is useful for creating a key in KeyChain that never left the secure hardware.

open Array<String!>?

Gets the array of accounts for which account management is disabled by the profile owner or device owner.

open MutableList<ComponentName!>?

Return a list of all currently active device administrators' component names.

open MutableSet<String!>

Returns the set of affiliation ids previously set via setAffiliationIds, or an empty set if none have been set.

open MutableSet<String!>?

Called by device or profile owner to query the set of packages that are allowed to access the network directly when always-on VPN is in lockdown mode but not connected.

open String?

Called by a device or profile owner to read the name of the package administering an always-on VPN connection for the current user.

open Int

Returns the current android.app.appfunctions.AppFunctionManager policy.

open Bundle

Retrieves the application restrictions for a given target application running in the calling user.

open String?

Called by a profile owner or device owner to retrieve the application restrictions managing package for the current user, or null if none is set.

open Boolean

Returns true if auto time is enabled on the device.

open Int

Returns current auto time policy's state.

open Boolean

open Boolean

Returns true if auto time zone is enabled on the device.

open Int

Returns auto time zone policy's current state.

open MutableList<UserHandle!>

Returns the list of target users that the calling device owner or owner of secondary user can use when calling #bindDeviceAdminServiceAsUser.

open Boolean

Called by a profile owner of a managed profile to determine whether or not Bluetooth devices cannot access enterprise contacts.

open Boolean

Determine whether or not the device's cameras have been disabled for this user, either by the calling admin, if specified, or all admins.

open String?

Called by a profile owner or device owner to retrieve the certificate installer for the user, or null if none is set.

open Int

Returns the current content protection policy.

open PackagePolicy?

Called by a device owner or profile owner of a managed profile to retrieve the credential manager policy.

open MutableSet<String!>?

Gets a set of package names that are allowed to access cross-profile calendar APIs.

open Boolean

Called by a profile owner of a managed profile to determine whether or not caller-Id information has been disabled.

open Boolean

Called by a profile owner of a managed profile to determine whether or not contacts search has been disabled.

open MutableSet<String!>

Returns the set of package names that the admin has previously set as allowed to request user consent for cross-profile communication, via setCrossProfilePackages(android.content.ComponentName,java.util.Set).

open MutableList<String!>

Called by the profile owner of a managed profile or a holder of the permission android.Manifest.permission#MANAGE_DEVICE_POLICY_PROFILE_INTERACTION to query providers from which packages are available in the parent profile.

open Int

Retrieve the number of times the user has failed at entering a password since that last successful password entry.

open MutableList<String!>?
getDelegatePackages(admin: ComponentName, delegationScope: String)

Called by a profile owner or device owner to retrieve a list of delegate packages that were granted a delegation scope.

open MutableList<String!>
getDelegatedScopes(admin: ComponentName?, delegatedPackage: String)

Called by a profile owner or device owner to retrieve a list of the scopes given to a delegate package.

open CharSequence!

open String?

Returns the package name of the device policy management role holder.

open CharSequence!

Returns the user session end message.

open String

Returns an enrollment-specific identifier of this device, which is guaranteed to be the same value for the same device, enrolled into the same organization by the same managing app.

open FactoryResetProtectionPolicy?

Callable by device owner or profile owner of an organization-owned device, to retrieve the current factory reset protection (FRP) policy set previously by setFactoryResetProtectionPolicy.

open String?

Returns the system-wide Private DNS host.

open Int

Returns the system-wide Private DNS mode.

open MutableList<ByteArray!>

Returns all CA certificates that are currently trusted, excluding system CA certificates.

open MutableList<String!>?

Get the list of apps to keep around as APKs even if no user has currently installed it.

open MutableMap<Int!, MutableSet<String!>!>

Called by a device or profile owner, or delegated certificate chooser (an app that has been delegated the DELEGATION_CERT_SELECTION privilege), to query which apps have access to a given KeyChain key.

open Int

Determine whether or not features have been disabled in keyguard either by the calling admin, if specified, or all admins that set restrictions on this user and its participating profiles.

open Int

Gets which system features are enabled for LockTask mode.

open Array<String!>

Returns the list of packages allowed to start the lock task mode.

open CharSequence?

Called by a device admin to get the long support message.

open PackagePolicy?

Called by a profile owner of a managed profile to retrieve the caller id policy.

open PackagePolicy?

Called by a profile owner of a managed profile to determine the current policy applied to managed profile contacts.

open Long

Called by a profile owner of an organization-owned managed profile to get maximum time the profile is allowed to be turned off.

open ManagedSubscriptionsPolicy

Returns the current ManagedSubscriptionsPolicy.

open Int

Retrieve the current maximum number of login attempts that are allowed before the device or profile is wiped, for a particular admin or all admins that set restrictions on this user and its participating profiles.

open Long

Retrieve the current maximum time to unlock for a particular admin or all admins that set restrictions on this user and its participating profiles.

open MutableList<String!>

Called by a device or profile owner to retrieve the list of packages which are restricted by the admin from using metered data.

open Int

Returns the current Wi-Fi minimum security level.

open Int

Called by a device owner, profile owner of an organization-owned device to get the Memory Tagging Extension (MTE) policy Learn more about MTE

open Int

Returns the current runtime nearby app streaming policy set by the device or profile owner.

open Int

Returns the current runtime nearby notification streaming policy set by the device or profile owner.

open Int

Called by a profile owner of a managed profile to retrieve the color used for customization.

open CharSequence?

Called by the device owner (since API 26) or profile owner (since API 24) or holders of the permission to retrieve the name of the organization under management.

open MutableList<ApnSetting!>!

Called by device owner or managed profile owner to get all override APNs inserted by device owner or managed profile owner previously using addOverrideApn.

open DevicePolicyManager

Called by the profile owner of a managed profile or other apps in a managed profile to obtain a DevicePolicyManager whose calls act on the parent profile.

open Int

Returns how complex the current user's screen lock is.

open Long

Get the current password expiration time for a particular admin or all admins that set restrictions on this user and its participating profiles.

open Long

Get the password expiration timeout for the given admin.

open Int

Retrieve the current password history length for a particular admin or all admins that set restrictions on this user and its participating profiles.

open Int

Return the maximum password length that the device supports for a particular password quality.

open Int

Retrieve the current minimum password length for a particular admin or all admins that set restrictions on this user and its participating profiles.

open Int

Retrieve the current number of letters required in the password for a particular admin or all admins that set restrictions on this user and its participating profiles.

open Int

Retrieve the current number of lower case letters required in the password for a particular admin or all admins that set restrictions on this user and its participating profiles.

open Int

Retrieve the current number of non-letter characters required in the password for a particular admin or all admins that set restrictions on this user and its participating profiles.

open Int

Retrieve the current number of numerical digits required in the password for a particular admin or all admins that set restrictions on this user and its participating profiles.

open Int

Retrieve the current number of symbols required in the password for a particular admin or all admins that set restrictions on this user and its participating profiles.

open Int

Retrieve the current number of upper case letters required in the password for a particular admin or all admins that set restrictions on this user and its participating profiles.

open Int

Retrieve the current minimum password quality for a particular admin or all admins that set restrictions on this user and its participating profiles.

open SystemUpdateInfo?

Get information about a pending system update.

open Int
getPermissionGrantState(admin: ComponentName?, packageName: String, permission: String)

Returns the current grant state of a runtime permission for a specific application.

open Int

Returns the current runtime permission policy set by the device or profile owner.

open MutableList<String!>?

Returns the list of permitted accessibility services set by this device or profile owner.

open MutableList<String!>?

Returns the list of packages installed on the primary user that allowed to use a android.service.notification.NotificationListenerService to receive notifications from this managed profile, as set by the profile owner.

open MutableList<String!>?

Returns the list of permitted input methods set by this device or profile owner.

open Int

Called by profile owner of an organization-owned managed profile to check whether personal apps are suspended.

open MutableList<PreferentialNetworkServiceConfig!>

Get preferential network configuration {@see PreferentialNetworkServiceConfig}

open Int

Gets the password complexity requirement set by setRequiredPasswordComplexity(int), for the current user.

open Long

Determine for how long the user will be able to use secondary, non strong auth for authentication, since last strong method authentication (password, pin or pattern) was used.

open DevicePolicyResourcesManager

Returns a DevicePolicyResourcesManager containing the required APIs to set, reset, and get device policy related resources.

open Boolean

Determine whether or not screen capture has been disabled by the calling admin, if specified, or all admins.

open MutableList<UserHandle!>!

Called by a device owner to list all secondary users on the device.

open CharSequence!

Called by a device admin or holder of the permission android.Manifest.permission#MANAGE_DEVICE_POLICY_SUPPORT_MESSAGE to get the short support message.

open CharSequence!

Returns the user session start message.

open Boolean

open Int

Called by an application that is administering the device to determine the current encryption status of the device.

open MutableSet<Int!>

Returns the subscription ids of all subscriptions which were downloaded by the calling admin.

open SystemUpdatePolicy?

Retrieve a local system update policy set previously by setSystemUpdatePolicy.

open PersistableBundle?

Returns the data passed from the current administrator to the new administrator during an ownership transfer.

open MutableList<PersistableBundle!>?

Gets configuration for the given trust agent based on aggregating all calls to setTrustAgentConfiguration(android.content.ComponentName,android.content.ComponentName,android.os.PersistableBundle) for all device admins.

open MutableList<String!>

Returns the list of packages over which user control is disabled by a device or profile owner or holders of the permission android.Manifest.permission#MANAGE_DEVICE_POLICY_APPS_CONTROL.

open Bundle

Called by an admin to get user restrictions set by themselves with addUserRestriction(android.content.ComponentName,java.lang.String).

open Bundle

Called by a profile or device owner to get global user restrictions set with addUserRestrictionGlobally(java.lang.String).

open String?

Called by a device owner or profile owner on organization-owned device to get the MAC address of the Wi-Fi device.

open WifiSsidPolicy?

Returns the current Wi-Fi SSID policy.

open Boolean
grantKeyPairToApp(admin: ComponentName?, alias: String, packageName: String)

Called by a device or profile owner, or delegated certificate chooser (an app that has been delegated the DELEGATION_CERT_SELECTION privilege), to grant an application access to an already-installed (or generated) KeyChain key.

open Boolean

Called by a device or profile owner, or delegated certificate chooser (an app that has been delegated the DELEGATION_CERT_SELECTION privilege), to allow using a KeyChain key pair for authentication to Wifi networks.

open Boolean
hasCaCertInstalled(admin: ComponentName?, certBuffer: ByteArray!)

Returns whether this certificate is installed as a trusted CA.

open Boolean
hasGrantedPolicy(admin: ComponentName, usesPolicy: Int)

Returns true if an administrator has been granted a particular device policy.

open Boolean

This API can be called by the following to query whether a certificate and private key are installed under a given alias:

If called by the credential management app, the alias must exist in the credential management app's android.security.AppUriAuthenticationPolicy.

open Boolean

Called by a device owner or a profile owner of an organization-owned managed profile to determine whether the user is prevented from modifying networks configured by the admin.

open Boolean
installCaCert(admin: ComponentName?, certBuffer: ByteArray!)

Installs the given certificate as a user CA.

open Boolean

Install an existing package that has been installed in another user, or has been kept after removal via setKeepUninstalledPackages.

open Boolean
installKeyPair(admin: ComponentName?, privKey: PrivateKey, cert: Certificate, alias: String)

This API can be called by the following to install a certificate and corresponding private key:

All apps within the profile will be able to access the certificate and use the private key, given direct user approval.

open Boolean
installKeyPair(admin: ComponentName?, privKey: PrivateKey, certs: Array<Certificate!>, alias: String, requestAccess: Boolean)

This API can be called by the following to install a certificate chain and corresponding private key for the leaf certificate:

All apps within the profile will be able to access the certificate chain and use the private key, given direct user approval.

open Boolean
installKeyPair(admin: ComponentName?, privKey: PrivateKey, certs: Array<Certificate!>, alias: String, flags: Int)

This API can be called by the following to install a certificate chain and corresponding private key for the leaf certificate:

All apps within the profile will be able to access the certificate chain and use the private key, given direct user approval (if the user is allowed to select the private key).

open Unit

Called by device owner or profile owner of an organization-owned managed profile to install a system update from the given file.

open Boolean

Determines whether the calling user's current password meets policy requirements (e.g. quality, minimum length).

open Boolean

Called by profile owner of a managed profile to determine whether the current device password meets policy requirements set explicitly device-wide.

open Boolean

Return true if the given administrator component is currently active (enabled) in the system.

open Boolean

Returns whether this user is affiliated with the device.

open Boolean

Called by device or profile owner to query whether current always-on VPN is configured in lockdown mode.

open Boolean
isApplicationHidden(admin: ComponentName?, packageName: String!)

Determine if a package is hidden.

open Boolean

Return whether the backup service is enabled by the device owner or profile owner for the current user, as previously set by setBackupServiceEnabled(android.content.ComponentName,boolean).

open Boolean

Called by any application to find out whether it has been granted permission via setApplicationRestrictionsManagingPackage to manage application restrictions for the calling user.

open Boolean

Returns whether Common Criteria mode is currently enabled.

open Boolean

Called by a profile owner of an organization-owned managed profile to query whether it needs to acknowledge device compliance to allow the user to turn the profile off if needed according to the maximum profile time off policy.

open Boolean

Returns true if this device is marked as a financed device.

open Boolean

Returns true if the device supports attestation of device identifiers in addition to key attestation.

open Boolean
isDeviceOwnerApp(packageName: String!)

Used to determine if a particular package has been registered as a Device Owner app.

open Boolean

Checks if the profile owner is running in an ephemeral user.

open Boolean

Called by a device or profile owner, or delegated certificate chooser (an app that has been delegated the DELEGATION_CERT_SELECTION privilege), to query whether a KeyChain key pair can be used for authentication to Wifi networks.

open Boolean

This function lets the caller know whether the given component is allowed to start the lock task mode.

open Boolean

Returns whether logout is enabled by a device owner.

open Boolean

Return if this user is a managed profile of another user.

open Boolean

Called by profile or device owners to check whether the global volume mute is on or off.

open static Boolean

Get the current MTE state of the device.

open Boolean

Return whether network logging is enabled by a device owner or profile owner of a managed profile.

open Boolean

Apps can use this method to find out if the device was provisioned as organization-owend device with a managed profile.

open Boolean

Called by device owner to check if override APNs are currently enabled.

open Boolean
isPackageSuspended(admin: ComponentName?, packageName: String!)

Determine if a package is suspended.

open Boolean

Indicates whether preferential network service is enabled.

open Boolean
isProfileOwnerApp(packageName: String!)

Used to determine if a particular package is registered as the profile owner for the user.

open Boolean

Returns whether it is possible for the caller to initiate provisioning of a managed profile or device, setting itself as the device or profile owner.

open Boolean

Called by a profile, device owner or a holder of the permission android.Manifest.permission#MANAGE_DEVICE_POLICY_RESET_PASSWORD to check if the current reset password token is active.

open Boolean

Checks if it's safe to run operations that can be affected by the given reason.

open Boolean

Return whether security logging is enabled or not by the admin.

open Boolean

Returns whether the status bar is disabled/enabled, see setStatusBarDisabled.

open Boolean
isUninstallBlocked(admin: ComponentName?, packageName: String!)

Check whether the user has been blocked by device policy from uninstalling a package.

open Boolean

Returns true if the StrongBox Keymaster implementation on the device was provisioned with an individual attestation certificate and can sign attestation records using it (as attestation using an individual attestation certificate is a feature only Keymaster implementations with StrongBox security level can implement).

open Boolean

Returns whether USB data signaling is currently enabled.

open Boolean

When called by a profile owner of a managed profile returns true if the profile uses unified challenge with its parent user.

open MutableList<UserHandle!>

Gets the list of affiliated users running on foreground.

open Unit

Make the device lock immediately, as if the lock screen timeout has expired at the point of this call.

open Unit
lockNow(flags: Int)

Make the device lock immediately, as if the lock screen timeout has expired at the point of this call.

open Int

Called by a profile owner of secondary user that is affiliated with the device to stop the calling user and switch back to primary user (when the user was switchUser(android.content.ComponentName,android.os.UserHandle) switched to) or stop the user (when it was started in background.

open Unit

Called by device owner to reboot the device.

open Unit

Remove a current administration component.

open Boolean

Called by the profile owner of a managed profile or a holder of the permission android.Manifest.permission#MANAGE_DEVICE_POLICY_PROFILE_INTERACTION to disable widget providers from a given package to be available in the parent profile.

open Boolean

This API can be called by the following to remove a certificate and private key pair installed under a given alias:

  • Device owner
  • Profile owner
  • Delegated certificate installer
  • Credential management app

open Boolean

Called by device owner or managed profile owner to remove an override APN.

open Boolean
removeUser(admin: ComponentName, userHandle: UserHandle)

Called by a device owner to remove a user/profile and all associated data.

open Boolean

Called by a device owner to request a bugreport.

open Boolean
resetPassword(password: String!, flags: Int)

Force a new password for device unlock (the password needed to access the entire device) or the work profile challenge on the current user.

open Boolean
resetPasswordWithToken(admin: ComponentName?, password: String!, token: ByteArray!, flags: Int)

Called by device or profile owner to force set a new device unlock password or a managed profile challenge on current user.

open MutableList<NetworkEvent!>?
retrieveNetworkLogs(admin: ComponentName?, batchToken: Long)

Called by device owner, profile owner of a managed profile or delegated app with DELEGATION_NETWORK_LOGGING to retrieve the most recent batch of network logging events.

open MutableList<SecurityLog.SecurityEvent!>?

Called by device owner or profile owner of an organization-owned managed profile to retrieve device logs from before the device's last reboot.

open MutableList<SecurityLog.SecurityEvent!>?

Called by device owner or profile owner of an organization-owned managed profile to retrieve all new security logging entries since the last call to this API after device boots.

open Boolean
revokeKeyPairFromApp(admin: ComponentName?, alias: String, packageName: String)

Called by a device or profile owner, or delegated certificate chooser (an app that has been delegated the DELEGATION_CERT_SELECTION privilege), to revoke an application's grant to a KeyChain key pair.

open Boolean

Called by a device or profile owner, or delegated certificate chooser (an app that has been delegated the DELEGATION_CERT_SELECTION privilege), to deny using a KeyChain key pair for authentication to Wifi networks.

open Unit
setAccountManagementDisabled(admin: ComponentName?, accountType: String!, disabled: Boolean)

Called by a device owner or profile owner to disable account management for a specific type of account.

open Unit

Indicates the entity that controls the device.

open Unit
setAlwaysOnVpnPackage(admin: ComponentName, vpnPackage: String?, lockdownEnabled: Boolean)

Called by a device or profile owner to configure an always-on VPN connection through a specific application for the current user.

open Unit
setAlwaysOnVpnPackage(admin: ComponentName, vpnPackage: String?, lockdownEnabled: Boolean, lockdownAllowlist: MutableSet<String!>?)

A version of setAlwaysOnVpnPackage(android.content.ComponentName,java.lang.String,boolean) that allows the admin to specify a set of apps that should be able to access the network directly when VPN is not connected.

open Unit

Sets the android.app.appfunctions.AppFunctionManager policy which controls app functions operations on the device.

open Boolean
setApplicationHidden(admin: ComponentName?, packageName: String!, hidden: Boolean)

Hide or unhide packages.

open Unit
setApplicationRestrictions(admin: ComponentName?, packageName: String!, settings: Bundle!)

Sets the application restrictions for a given target application running in the calling user.

open Unit

Called by a profile owner or device owner to grant permission to a package to manage application restrictions for the calling user via setApplicationRestrictions and getApplicationRestrictions.

open Unit

Called by a device owner, a profile owner for the primary user or a profile owner of an organization-owned managed profile to turn auto time on and off.

open Unit

Called by a device owner, a profile owner for the primary user or a profile owner of an organization-owned managed profile to turn auto time on and off i.

open Unit

Called by a device owner, or alternatively a profile owner from Android 8.

open Unit

Called by a device owner, a profile owner for the primary user or a profile owner of an organization-owned managed profile to turn auto time zone on and off.

open Unit

Called by a device owner, a profile owner for the primary user or a profile owner of an organization-owned managed profile to turn auto time zone on and off.

open Unit

Allows the device owner or profile owner to enable or disable the backup service.

open Unit

Called by a profile owner of a managed profile to set whether bluetooth devices can access enterprise contacts.

open Unit

Called by an application that is administering the device to disable all cameras on the device, for this user.

open Unit
setCertInstallerPackage(admin: ComponentName, installerPackage: String?)

Called by a profile owner or device owner to grant access to privileged certificate manipulation APIs to a third-party certificate installer app.

open Unit

Called by device owner or profile owner of an organization-owned managed profile to toggle Common Criteria mode for the device.

open Unit

Called by a device owner or a profile owner of an organization-owned managed profile to control whether the user can change networks configured by the admin.

open Unit

Sets the content protection policy which controls scanning for deceptive apps.

open Unit

Called by a device owner or profile owner of a managed profile to set the credential manager policy.

open Unit

Allows a set of packages to access cross-profile calendar APIs.

open Unit

Called by a profile owner of a managed profile to set whether caller-Id information from the managed profile will be shown in the parent profile, for incoming calls.

open Unit

Called by a profile owner of a managed profile to set whether contacts search from the managed profile will be shown in the parent profile, for incoming calls.

open Unit

Sets the set of admin-allowlisted package names that are allowed to request user consent for cross-profile communication.

open Unit

Must be called by a device owner or a profile owner of an organization-owned managed profile to set the default dialer application for the calling user.

open Unit

Must be called by a device owner or a profile owner of an organization-owned managed profile to set the default SMS application.

open Unit
setDelegatedScopes(admin: ComponentName, delegatePackage: String, scopes: MutableList<String!>)

Called by a profile owner or device owner to grant access to privileged APIs to another app.

open Unit

Sets the device owner information to be shown on the lock screen.

open Unit
setEndUserSessionMessage(admin: ComponentName, endUserSessionMessage: CharSequence?)

Called by a device owner to specify the user session end message.

open Unit

Callable by device owner or profile owner of an organization-owned device, to set a factory reset protection (FRP) policy.

open Int

Sets the global Private DNS mode to opportunistic.

open Int

Sets the global Private DNS host to be used.

open Unit
setGlobalSetting(admin: ComponentName, setting: String!, value: String!)

This method is mostly deprecated.

open Unit

Set a list of apps to keep around as APKs even if no user has currently installed it.

open Boolean
setKeyPairCertificate(admin: ComponentName?, alias: String, certs: MutableList<Certificate!>, isUserSelectable: Boolean)

This API can be called by the following to associate certificates with a key pair that was generated using generateKeyPair, and set whether the key is available for the user to choose in the certificate selection prompt:

  • Device owner
  • Profile owner
  • Delegated certificate installer
  • Credential management app

open Boolean

Called by a device owner or profile owner of secondary users that is affiliated with the device to disable the keyguard altogether.

open Unit

Called by an application that is administering the device to disable keyguard customizations, such as widgets.

open Unit
setLocationEnabled(admin: ComponentName, locationEnabled: Boolean)

Called by device owners to set the user's global location setting.

open Unit

Sets which system features are enabled when the device runs in lock task mode.

open Unit

Sets which packages may enter lock task mode.

open Unit

Called by a device owner to specify whether logout is enabled for all secondary users.

open Unit

Called by a device admin to set the long support message.

open Unit

Called by a profile owner of a managed profile to set the packages that are allowed to lookup contacts in the managed profile based on caller id information.

open Unit

Called by a profile owner of a managed profile to set the packages that are allowed access to the managed profile contacts from the parent user.

open Unit

Called by a profile owner of an organization-owned managed profile to set maximum time the profile is allowed to be turned off.

open Unit

Called by a profile owner of an organization-owned device to specify ManagedSubscriptionsPolicy

open Unit

Called by profile or device owners to set the global volume mute on or off.

open Unit

Setting this to a value greater than zero enables a policy that will perform a device or profile wipe after too many incorrect device-unlock passwords have been entered.

open Unit

Called by an application that is administering the device to set the maximum time for user activity until the device will lock.

open MutableList<String!>

Called by a device or profile owner to restrict packages from using metered data.

open Unit

Called by device owner or profile owner of an organization-owned managed profile to specify the minimum security level required for Wi-Fi networks.

open Unit
setMtePolicy(policy: Int)

Called by a device owner, profile owner of an organization-owned device, to set the Memory Tagging Extension (MTE) policy.

open Unit

Called by a device/profile owner to set nearby app streaming policy.

open Unit

Called by a device/profile owner to set nearby notification streaming policy.

open Unit

Called by a device owner, profile owner of a managed profile or delegated app with DELEGATION_NETWORK_LOGGING to control the network logging feature.

open Unit

Called by a profile owner of a managed profile to set the color used for customization.

open Unit
setOrganizationId(enterpriseId: String)

Sets the Enterprise ID for the work profile or managed device.

open Unit

Called by the device owner (since API 26) or profile owner (since API 24) to set the name of the organization under management.

open Unit

Called by device owner to set if override APNs should be enabled.

open Array<String!>
setPackagesSuspended(admin: ComponentName?, packageNames: Array<String!>, suspended: Boolean)

Called by device or profile owners to suspend packages for this user.

open Unit

Called by a device admin to set the password expiration timeout.

open Unit

Called by an application that is administering the device to set the length of the password history.

open Unit

Called by an application that is administering the device to set the minimum allowed password length.

open Unit

Called by an application that is administering the device to set the minimum number of letters required in the password.

open Unit

Called by an application that is administering the device to set the minimum number of lower case letters required in the password.

open Unit

Called by an application that is administering the device to set the minimum number of non-letter characters (numerical digits or symbols) required in the password.

open Unit

Called by an application that is administering the device to set the minimum number of numerical digits required in the password.

open Unit

Called by an application that is administering the device to set the minimum number of symbols required in the password.

open Unit

Called by an application that is administering the device to set the minimum number of upper case letters required in the password.

open Unit

Called by an application that is administering the device to set the password restrictions it is imposing.

open Boolean
setPermissionGrantState(admin: ComponentName?, packageName: String, permission: String, grantState: Int)

Sets the grant state of a runtime permission for a specific application.

open Unit

Set the default response for future runtime permission requests by applications.

open Boolean

Called by a profile or device owner to set the permitted android.accessibilityservice.AccessibilityService.

open Boolean

Called by a profile owner of a managed profile to set the packages that are allowed to use a android.service.notification.NotificationListenerService in the primary user to see notifications from the managed profile.

open Boolean

Called by a profile or device owner or holder of the android.Manifest.permission#MANAGE_DEVICE_POLICY_INPUT_METHODS permission to set the permitted input methods services for this user.

open Unit

Called by a profile owner of an organization-owned managed profile to suspend personal apps on the device.

open Unit

Sets preferential network configurations.

open Unit

Sets whether preferential network service is enabled.

open Unit

Sets the enabled state of the profile.

open Unit
setProfileName(admin: ComponentName, profileName: String!)

Sets the name of the profile.

open Unit

Set a network-independent global HTTP proxy.

open Unit
setRequiredPasswordComplexity(passwordComplexity: Int)

Sets a minimum password complexity requirement for the user's screen lock.

open Unit

Called by a device/profile owner to set the timeout after which unlocking with secondary, non strong auth (e.g. fingerprint, face, trust agents) times out, i.

open Boolean

Called by a profile or device owner to provision a token which can later be used to reset the device lockscreen password (if called by device owner), or managed profile challenge (if called by profile owner), via resetPasswordWithToken.

open Unit

Designates a specific service component as the provider for making permission requests of a local or remote administrator of the user.

open Unit

Called by a device/profile owner to set whether the screen capture is disabled.

open Unit
setSecureSetting(admin: ComponentName, setting: String!, value: String!)

This method is mostly deprecated.

open Unit

Called by device owner or a profile owner of an organization-owned managed profile to control the security logging feature.

open Unit

Called by a device admin to set the short support message.

open Unit
setStartUserSessionMessage(admin: ComponentName, startUserSessionMessage: CharSequence?)

Called by a device owner to specify the user session start message.

open Boolean

Called by device owner or profile owner of secondary users that is affiliated with the device to disable the status bar.

open Int

open Unit
setSystemSetting(admin: ComponentName, setting: String, value: String!)

Called by a device or profile owner to update android.provider.Settings.System settings.

open Unit

Called by device owners or profile owners of an organization-owned managed profile to set a local system update policy.

open Boolean
setTime(admin: ComponentName?, millis: Long)

Called by a device owner or a profile owner of an organization-owned managed profile to set the system wall clock time.

open Boolean
setTimeZone(admin: ComponentName?, timeZone: String!)

Called by a device owner or a profile owner of an organization-owned managed profile to set the system's persistent default time zone.

open Unit

Sets a list of configuration features to enable for a trust agent component.

open Unit
setUninstallBlocked(admin: ComponentName?, packageName: String!, uninstallBlocked: Boolean)

Change whether a user can uninstall a package.

open Unit

Called by a device owner or profile owner of an organization-owned managed profile to enable or disable USB data signaling for the device.

open Unit

Called by a device owner or a profile owner or holder of the permission android.Manifest.permission#MANAGE_DEVICE_POLICY_APPS_CONTROL to disable user control over apps.

open Unit
setUserIcon(admin: ComponentName, icon: Bitmap!)

Called by profile or device owners to set the user's photo.

open Unit

Called by device owner or profile owner of an organization-owned managed profile to specify the Wi-Fi SSID policy (WifiSsidPolicy).

open Int

Called by a device owner to start the specified secondary user in background.

open Int
stopUser(admin: ComponentName, userHandle: UserHandle)

Called by a device owner to stop the specified secondary user.

open Boolean
switchUser(admin: ComponentName, userHandle: UserHandle?)

Called by a device owner to switch the specified secondary user to the foreground.

open Unit

Changes the current administrator to another one.

open Unit

Uninstalls all custom trusted CA certificates from the profile.

open Unit
uninstallCaCert(admin: ComponentName?, certBuffer: ByteArray!)

Uninstalls the given certificate from trusted user CAs, if present.

open Boolean
updateOverrideApn(admin: ComponentName, apnId: Int, apnSetting: ApnSetting)

Called by device owner or managed profile owner to update an override APN.

open Unit
wipeData(flags: Int)

See wipeData(int,java.lang.CharSequence)

open Unit
wipeData(flags: Int, reason: CharSequence)

Ask that all user data be wiped.

open Unit
wipeDevice(flags: Int)

Ask that the device be wiped and factory reset.

Constants

ACTION_ADD_DEVICE_ADMIN

Added in API level 8
static val ACTION_ADD_DEVICE_ADMIN: String

Activity action: ask the user to add a new device administrator to the system. The desired policy is the ComponentName of the policy in the EXTRA_DEVICE_ADMIN extra field. This will invoke a UI to bring the user through adding the device administrator to the system (or allowing them to reject it).

You can optionally include the EXTRA_ADD_EXPLANATION field to provide the user with additional explanation (in addition to your component's description) about what is being added.

If your administrator is already active, this will ordinarily return immediately (without user intervention). However, if your administrator has been updated and is requesting additional uses-policy flags, the user will be presented with the new list. New policies will not be available to the updated administrator until the user has accepted the new list.

Value: "android.app.action.ADD_DEVICE_ADMIN"

ACTION_ADMIN_POLICY_COMPLIANCE

Added in API level 29
static val ACTION_ADMIN_POLICY_COMPLIANCE: String

Activity action: Starts the administrator to show policy compliance for the provisioning. This action is used any time that the administrator has an opportunity to show policy compliance before the end of setup wizard. This could happen as part of the admin-integrated provisioning flow (in which case this gets sent after ACTION_GET_PROVISIONING_MODE), or it could happen during provisioning finalization if the administrator supports finalization during setup wizard.

Intents with this action may also be supplied with the EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE extra.

Value: "android.app.action.ADMIN_POLICY_COMPLIANCE"

ACTION_APPLICATION_DELEGATION_SCOPES_CHANGED

Added in API level 26
static val ACTION_APPLICATION_DELEGATION_SCOPES_CHANGED: String

Broadcast Action: Sent after application delegation scopes are changed. The new delegation scopes will be sent in an ArrayList<String> extra identified by the EXTRA_DELEGATION_SCOPES key.

Note: This is a protected intent that can only be sent by the system.

Value: "android.app.action.APPLICATION_DELEGATION_SCOPES_CHANGED"

ACTION_CHECK_POLICY_COMPLIANCE

Added in API level 30
static val ACTION_CHECK_POLICY_COMPLIANCE: String

Activity action: launch the DPC to check policy compliance. This intent is launched when the user taps on the notification about personal apps suspension. When handling this intent the DPC must check if personal apps should still be suspended and either unsuspend them or instruct the user on how to resolve the noncompliance causing the suspension.

Value: "android.app.action.CHECK_POLICY_COMPLIANCE"

ACTION_DEVICE_ADMIN_SERVICE

Added in API level 26
static val ACTION_DEVICE_ADMIN_SERVICE: String

Service action: Action for a service that device owner and profile owner can optionally own. If a device owner or a profile owner has such a service, the system tries to keep a bound connection to it, in order to keep their process always running. The service must be protected with the android.Manifest.permission#BIND_DEVICE_ADMIN permission.

Value: "android.app.action.DEVICE_ADMIN_SERVICE"

ACTION_DEVICE_FINANCING_STATE_CHANGED

Added in API level 34
static val ACTION_DEVICE_FINANCING_STATE_CHANGED: String

Broadcast Action: Broadcast sent to indicate that the device financing state has changed.

This occurs when, for example, a financing kiosk app has been added or removed.

To query the current device financing state see isDeviceFinanced.

This will be delivered to the following apps if they include a receiver for this action in their manifest:

  • Device owner admins.
  • Organization-owned profile owner admins
  • The supervision app
  • The device management role holder
Value: "android.app.admin.action.DEVICE_FINANCING_STATE_CHANGED"

ACTION_DEVICE_OWNER_CHANGED

Added in API level 23
static val ACTION_DEVICE_OWNER_CHANGED: String

Broadcast action: sent when the device owner is set, changed or cleared. This broadcast is sent only to the primary user.

Value: "android.app.action.DEVICE_OWNER_CHANGED"

ACTION_DEVICE_POLICY_RESOURCE_UPDATED

Added in API level 33
static val ACTION_DEVICE_POLICY_RESOURCE_UPDATED: String

Broadcast action: notify system apps (e.g. settings, SysUI, etc) that the device management resources with IDs EXTRA_RESOURCE_IDS has been updated, the updated resources can be retrieved using android.app.admin.DevicePolicyResourcesManager#getDrawable and android.app.admin.DevicePolicyResourcesManager#getString.

This broadcast is sent to registered receivers only.

EXTRA_RESOURCE_TYPE will be included to identify the type of resource being updated.

Value: "android.app.action.DEVICE_POLICY_RESOURCE_UPDATED"

ACTION_GET_PROVISIONING_MODE

Added in API level 29
static val ACTION_GET_PROVISIONING_MODE: String

Activity action: Starts the administrator to get the mode for the provisioning. This intent may contain the following extras:

The target activity should return one of the following values in EXTRA_PROVISIONING_MODE as result:

If performing fully-managed device provisioning and the admin app desires to show its own education screens, the target activity can additionally return EXTRA_PROVISIONING_SKIP_EDUCATION_SCREENS set to true.

The target activity may also return the account that needs to be migrated from primary user to managed profile in case of a profile owner provisioning in EXTRA_PROVISIONING_ACCOUNT_TO_MIGRATE as result.

The target activity may also include the EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE extra in the intent result. The values of this android.os.PersistableBundle will be sent as an intent extra of the same name to the ACTION_ADMIN_POLICY_COMPLIANCE activity, along with the values of the EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE extra that are already supplied to this activity.

Other extras the target activity may include in the intent result:

Value: "android.app.action.GET_PROVISIONING_MODE"

ACTION_MANAGED_PROFILE_PROVISIONED

Added in API level 23
static val ACTION_MANAGED_PROFILE_PROVISIONED: String

Broadcast Action: This broadcast is sent to indicate that provisioning of a managed profile has completed successfully.

The broadcast is limited to the primary profile, to the app specified in the provisioning intent with action ACTION_PROVISION_MANAGED_PROFILE.

This intent will contain the following extras

Value: "android.app.action.MANAGED_PROFILE_PROVISIONED"

ACTION_PROFILE_OWNER_CHANGED

Added in API level 28
static val ACTION_PROFILE_OWNER_CHANGED: String

Broadcast action: sent when the profile owner is set, changed or cleared. This broadcast is sent only to the user managed by the new profile owner.

Value: "android.app.action.PROFILE_OWNER_CHANGED"

ACTION_PROVISIONING_SUCCESSFUL

Added in API level 26
static val ACTION_PROVISIONING_SUCCESSFUL: String

Activity action: This activity action is sent to indicate that provisioning of a managed profile or managed device has completed successfully. It'll be sent at the same time as DeviceAdminReceiver.ACTION_PROFILE_PROVISIONING_COMPLETE broadcast but this will be delivered faster as it's an activity intent.

The intent is only sent to the new device or profile owner.

Value: "android.app.action.PROVISIONING_SUCCESSFUL"

ACTION_PROVISION_MANAGED_DEVICE

Added in API level 23
Deprecated in API level 31
static val ACTION_PROVISION_MANAGED_DEVICE: String

Deprecated: to support android.os.Build.VERSION_CODES#S and later, admin apps must implement activities with intent filters for the ACTION_GET_PROVISIONING_MODE and ACTION_ADMIN_POLICY_COMPLIANCE intent actions; using ACTION_PROVISION_MANAGED_DEVICE to start provisioning will cause the provisioning to fail; to additionally support pre-android.os.Build.VERSION_CODES#S, admin apps must also continue to use this constant.

Activity action: Starts the provisioning flow which sets up a managed device. Must be started with android.app.Activity#startActivityForResult(Intent, int).

During device owner provisioning a device admin app is set as the owner of the device. A device owner has full control over the device. The device owner can not be modified by the user.

A typical use case would be a device that is owned by a company, but used by either an employee or client.

An intent with this action can be sent only on an unprovisioned device. It is possible to check if provisioning is allowed or not by querying the method isProvisioningAllowed(java.lang.String).

The intent contains the following extras:

When device owner provisioning has completed, an intent of the type DeviceAdminReceiver.ACTION_PROFILE_PROVISIONING_COMPLETE is broadcast to the device owner.

From version android.os.Build.VERSION_CODES#O, when device owner provisioning has completed, along with the above broadcast, activity intent ACTION_PROVISIONING_SUCCESSFUL will also be sent to the device owner.

If provisioning fails, the device is factory reset.

A result code of android.app.Activity#RESULT_OK implies that the synchronous part of the provisioning flow was successful, although this doesn't guarantee the full flow will succeed. Conversely a result code of android.app.Activity#RESULT_CANCELED implies that the user backed-out of provisioning, or some precondition for provisioning wasn't met.

Value: "android.app.action.PROVISION_MANAGED_DEVICE"

ACTION_PROVISION_MANAGED_PROFILE

Added in API level 21
static val ACTION_PROVISION_MANAGED_PROFILE: String

Activity action: Starts the provisioning flow which sets up a managed profile.

It is possible to check if provisioning is allowed or not by querying the method isProvisioningAllowed(java.lang.String).

The intent may contain the following extras:

Extra Supported Versions
EXTRA_PROVISIONING_ACCOUNT_TO_MIGRATE
EXTRA_PROVISIONING_SKIP_ENCRYPTION android.os.Build.VERSION_CODES#N+
EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE
EXTRA_PROVISIONING_LOGO_URI
EXTRA_PROVISIONING_SKIP_USER_CONSENT Can only be used by an existing device owner trying to create a managed profile
EXTRA_PROVISIONING_KEEP_ACCOUNT_ON_MIGRATION
EXTRA_PROVISIONING_DISCLAIMERS
EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME Required if EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME is not specified. Must match the package name of the calling application. android.os.Build.VERSION_CODES#LOLLIPOP+
EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME Required if EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME is not specified. Package name must match the package name of the calling application. android.os.Build.VERSION_CODES#M+
EXTRA_PROVISIONING_ALLOW_OFFLINE On android.os.Build.VERSION_CODES#TIRAMISU+, when set to true this will force offline provisioning instead of allowing it

When managed provisioning has completed, broadcasts are sent to the application specified in the provisioning intent. The DeviceAdminReceiver.ACTION_PROFILE_PROVISIONING_COMPLETE broadcast is sent in the managed profile and the ACTION_MANAGED_PROFILE_PROVISIONED broadcast is sent in the primary profile.

From version android.os.Build.VERSION_CODES#O, when managed provisioning has completed, along with the above broadcast, activity intent ACTION_PROVISIONING_SUCCESSFUL will also be sent to the profile owner.

If provisioning fails, the managed profile is removed so the device returns to its previous state.

If launched with android.app.Activity#startActivityForResult(Intent, int) a result code of android.app.Activity#RESULT_OK indicates that the synchronous part of the provisioning flow was successful, although this doesn't guarantee the full flow will succeed. Conversely a result code of android.app.Activity#RESULT_CANCELED indicates that the user backed-out of provisioning or some precondition for provisioning wasn't met.

If a device policy management role holder updater is present on the device, an internet connection attempt must be made prior to launching this intent.

Value: "android.app.action.PROVISION_MANAGED_PROFILE"

ACTION_SET_NEW_PARENT_PROFILE_PASSWORD

Added in API level 24
static val ACTION_SET_NEW_PARENT_PROFILE_PASSWORD: String

Activity action: have the user enter a new password for the parent profile. If the intent is launched from within a managed profile, this will trigger entering a new password for the parent of the profile. The caller can optionally set EXTRA_DEVICE_PASSWORD_REQUIREMENT_ONLY to only enforce device-wide password requirement. In all other cases the behaviour is identical to ACTION_SET_NEW_PASSWORD.

Value: "android.app.action.SET_NEW_PARENT_PROFILE_PASSWORD"

ACTION_SET_NEW_PASSWORD

Added in API level 8
static val ACTION_SET_NEW_PASSWORD: String

Activity action: have the user enter a new password.

For admin apps, this activity should be launched after using setPasswordQuality(android.content.ComponentName,int), or setPasswordMinimumLength(android.content.ComponentName,int) to have the user enter a new password that meets the current requirements. You can use isActivePasswordSufficient() to determine whether you need to have the user select a new password in order to meet the current constraints. Upon being resumed from this activity, you can check the new password characteristics to see if they are sufficient.

Non-admin apps can use getPasswordComplexity() to check the current screen lock complexity, and use this activity with extra EXTRA_PASSWORD_COMPLEXITY to suggest to users how complex the app wants the new screen lock to be. Note that both getPasswordComplexity() and the extra EXTRA_PASSWORD_COMPLEXITY require the calling app to have the permission permission.REQUEST_PASSWORD_COMPLEXITY.

If the intent is launched from within a managed profile with a profile owner built against android.os.Build.VERSION_CODES#M or before, this will trigger entering a new password for the parent of the profile. For all other cases it will trigger entering a new password for the user or profile it is launched from.

Value: "android.app.action.SET_NEW_PASSWORD"

ACTION_START_ENCRYPTION

Added in API level 11
static val ACTION_START_ENCRYPTION: String

Activity action: begin the process of encrypting data on the device. This activity should be launched after using setStorageEncryption to request encryption be activated. After resuming from this activity, use getStorageEncryption to check encryption status. However, on some devices this activity may never return, as it may trigger a reboot and in some cases a complete data wipe of the device.

Value: "android.app.action.START_ENCRYPTION"

ACTION_SYSTEM_UPDATE_POLICY_CHANGED

Added in API level 23
static val ACTION_SYSTEM_UPDATE_POLICY_CHANGED: String

Broadcast action: notify that a new local system update policy has been set by the device owner. The new policy can be retrieved by getSystemUpdatePolicy().

Value: "android.app.action.SYSTEM_UPDATE_POLICY_CHANGED"

APP_FUNCTIONS_DISABLED

Added in API level 36
static val APP_FUNCTIONS_DISABLED: Int

Indicates that android.app.appfunctions.AppFunctionManager is controlled and disabled by policy, i.e. no apps in the current user are allowed to expose app functions.

Value: 1

APP_FUNCTIONS_DISABLED_CROSS_PROFILE

Added in API level 36
static val APP_FUNCTIONS_DISABLED_CROSS_PROFILE: Int

Indicates that android.app.appfunctions.AppFunctionManager is controlled and disabled by a policy for cross profile interactions only, i.e. app functions exposed by apps in the current user can only be invoked within the same user.

This is different from APP_FUNCTIONS_DISABLED in that it only disables cross profile interactions (even if the caller has permissions required to interact across users). appfunctions can still be used within the a user profile boundary.

Value: 2

APP_FUNCTIONS_NOT_CONTROLLED_BY_POLICY

Added in API level 36
static val APP_FUNCTIONS_NOT_CONTROLLED_BY_POLICY: Int

Indicates that android.app.appfunctions.AppFunctionManager is not controlled by policy.

If no admin set this policy, it means appfunctions are enabled.

Value: 0

AUTO_TIME_DISABLED

Added in API level 36
static val AUTO_TIME_DISABLED: Int

Specifies the "disabled" auto time state.

Value: 1

See Also

    AUTO_TIME_ENABLED

    Added in API level 36
    static val AUTO_TIME_ENABLED: Int

    Specifies the "enabled" auto time state.

    Value: 2

    See Also

      AUTO_TIME_NOT_CONTROLLED_BY_POLICY

      Added in API level 36
      static val AUTO_TIME_NOT_CONTROLLED_BY_POLICY: Int

      Specifies that the auto time state is not controlled by device policy.

      Value: 0

      See Also

        AUTO_TIME_ZONE_DISABLED

        Added in API level 36
        static val AUTO_TIME_ZONE_DISABLED: Int

        Specifies the "disabled" auto time zone state.

        Value: 1

        AUTO_TIME_ZONE_ENABLED

        Added in API level 36
        static val AUTO_TIME_ZONE_ENABLED: Int

        Specifies the "enabled" auto time zone state.

        Value: 2

        AUTO_TIME_ZONE_NOT_CONTROLLED_BY_POLICY

        Added in API level 36
        static val AUTO_TIME_ZONE_NOT_CONTROLLED_BY_POLICY: Int

        Specifies that the auto time zone state is not controlled by device policy.

        Value: 0

        CONTENT_PROTECTION_DISABLED

        Added in API level 35
        static val CONTENT_PROTECTION_DISABLED: Int

        Indicates that content protection is controlled and disabled by a policy (default).

        Value: 1

        CONTENT_PROTECTION_ENABLED

        Added in API level 35
        static val CONTENT_PROTECTION_ENABLED: Int

        Indicates that content protection is controlled and enabled by a policy.

        Value: 2

        CONTENT_PROTECTION_NOT_CONTROLLED_BY_POLICY

        Added in API level 35
        static val CONTENT_PROTECTION_NOT_CONTROLLED_BY_POLICY: Int

        Indicates that content protection is not controlled by policy, allowing user to choose.

        Value: 0

        DELEGATION_APP_RESTRICTIONS

        Added in API level 26
        static val DELEGATION_APP_RESTRICTIONS: String

        Delegation of application restrictions management. This scope grants access to the setApplicationRestrictions and getApplicationRestrictions APIs.

        Value: "delegation-app-restrictions"

        DELEGATION_BLOCK_UNINSTALL

        Added in API level 26
        static val DELEGATION_BLOCK_UNINSTALL: String

        Delegation of application uninstall block. This scope grants access to the setUninstallBlocked API.

        Value: "delegation-block-uninstall"

        DELEGATION_CERT_INSTALL

        Added in API level 26
        static val DELEGATION_CERT_INSTALL: String

        Delegation of certificate installation and management. This scope grants access to the getInstalledCaCerts, hasCaCertInstalled, installCaCert, uninstallCaCert, uninstallAllUserCaCerts and #installKeyPair APIs. This scope also grants the ability to read identifiers that the delegating device owner or profile owner can obtain. See getEnrollmentSpecificId().

        Value: "delegation-cert-install"

        DELEGATION_CERT_SELECTION

        Added in API level 29
        static val DELEGATION_CERT_SELECTION: String

        Grants access to selection of KeyChain certificates on behalf of requesting apps. Once granted the app will start receiving DelegatedAdminReceiver.onChoosePrivateKeyAlias. The caller (PO/DO) will no longer receive DeviceAdminReceiver.onChoosePrivateKeyAlias. There can be at most one app that has this delegation. If another app already had delegated certificate selection access, it will lose the delegation when a new app is delegated.

        The delegated app can also call grantKeyPairToApp and revokeKeyPairFromApp to directly grant KeyChain keys to other apps.

        Can be granted by Device Owner or Profile Owner.

        Value: "delegation-cert-selection"

        DELEGATION_ENABLE_SYSTEM_APP

        Added in API level 26
        static val DELEGATION_ENABLE_SYSTEM_APP: String

        Delegation for enabling system apps. This scope grants access to the #enableSystemApp API.

        Value: "delegation-enable-system-app"

        DELEGATION_INSTALL_EXISTING_PACKAGE

        Added in API level 28
        static val DELEGATION_INSTALL_EXISTING_PACKAGE: String

        Delegation for installing existing packages. This scope grants access to the installExistingPackage API.

        Value: "delegation-install-existing-package"

        DELEGATION_KEEP_UNINSTALLED_PACKAGES

        Added in API level 28
        static val DELEGATION_KEEP_UNINSTALLED_PACKAGES: String

        Delegation of management of uninstalled packages. This scope grants access to the setKeepUninstalledPackages and getKeepUninstalledPackages APIs.

        Value: "delegation-keep-uninstalled-packages"

        DELEGATION_NETWORK_LOGGING

        Added in API level 29
        static val DELEGATION_NETWORK_LOGGING: String

        Grants access to setNetworkLoggingEnabled, isNetworkLoggingEnabled and retrieveNetworkLogs. Once granted the delegated app will start receiving DelegatedAdminReceiver.onNetworkLogsAvailable() callback, and Device owner or Profile Owner will no longer receive the DeviceAdminReceiver.onNetworkLogsAvailable() callback. There can be at most one app that has this delegation. If another app already had delegated network logging access, it will lose the delegation when a new app is delegated.

        Device Owner can grant this access since Android 10. Profile Owner of a managed profile can grant this access since Android 12.

        Value: "delegation-network-logging"

        DELEGATION_PACKAGE_ACCESS

        Added in API level 26
        static val DELEGATION_PACKAGE_ACCESS: String

        Delegation of package access state. This scope grants access to the isApplicationHidden, setApplicationHidden, isPackageSuspended, and setPackagesSuspended APIs.

        Value: "delegation-package-access"

        DELEGATION_PERMISSION_GRANT

        Added in API level 26
        static val DELEGATION_PERMISSION_GRANT: String

        Delegation of permission policy and permission grant state. This scope grants access to the setPermissionPolicy, getPermissionGrantState, and setPermissionGrantState APIs.

        Value: "delegation-permission-grant"

        DELEGATION_SECURITY_LOGGING

        Added in API level 31
        static val DELEGATION_SECURITY_LOGGING: String

        Grants access to setSecurityLoggingEnabled, isSecurityLoggingEnabled, retrieveSecurityLogs, and retrievePreRebootSecurityLogs. Once granted the delegated app will start receiving DelegatedAdminReceiver.onSecurityLogsAvailable callback, and Device owner or Profile Owner will no longer receive the DeviceAdminReceiver.onSecurityLogsAvailable callback. There can be at most one app that has this delegation. If another app already had delegated security logging access, it will lose the delegation when a new app is delegated.

        Can only be granted by Device Owner or Profile Owner of an organization-owned managed profile.

        Value: "delegation-security-logging"

        ENCRYPTION_STATUS_ACTIVATING

        Added in API level 11
        Deprecated in API level 34
        static val ENCRYPTION_STATUS_ACTIVATING: Int

        Deprecated: This result code has never actually been used, so there is no reason for apps to check for it.

        Result code for getStorageEncryptionStatus: indicating that encryption is not currently active, but is currently being activated.

        Value: 2

        ENCRYPTION_STATUS_ACTIVE

        Added in API level 11
        static val ENCRYPTION_STATUS_ACTIVE: Int

        Result code for setStorageEncryption and getStorageEncryptionStatus: indicating that encryption is active.

        getStorageEncryptionStatus can only return this value for apps targeting API level 23 or lower, or on devices that use Full Disk Encryption. Support for Full Disk Encryption was entirely removed in API level 33, having been replaced by File Based Encryption. The result code ENCRYPTION_STATUS_ACTIVE_PER_USER is used on devices that use File Based Encryption, except when the app targets API level 23 or lower.

        setStorageEncryption can still return this value for an unrelated reason, but setStorageEncryption is deprecated since it doesn't do anything useful.

        Value: 3

        ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY

        Added in API level 23
        static val ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY: Int

        Result code for getStorageEncryptionStatus: indicating that encryption is active, but the encryption key is not cryptographically protected by the user's credentials.

        This value can only be returned on devices that use Full Disk Encryption. Support for Full Disk Encryption was entirely removed in API level 33, having been replaced by File Based Encryption. With File Based Encryption, each user's credential-encrypted storage is always cryptographically protected by the user's credentials.

        Value: 4

        ENCRYPTION_STATUS_ACTIVE_PER_USER

        Added in API level 24
        static val ENCRYPTION_STATUS_ACTIVE_PER_USER: Int

        Result code for getStorageEncryptionStatus: indicating that encryption is active and the encryption key is tied to the user or profile.

        This value is only returned to apps targeting API level 24 and above. For apps targeting earlier API levels, ENCRYPTION_STATUS_ACTIVE is returned, even if the encryption key is specific to the user or profile.

        Value: 5

        ENCRYPTION_STATUS_INACTIVE

        Added in API level 11
        static val ENCRYPTION_STATUS_INACTIVE: Int

        Result code for setStorageEncryption and getStorageEncryptionStatus: indicating that encryption is supported, but is not currently active.

        getStorageEncryptionStatus can only return this value on devices that use Full Disk Encryption. Support for Full Disk Encryption was entirely removed in API level 33, having been replaced by File Based Encryption. Devices that use File Based Encryption always automatically activate their encryption on first boot.

        setStorageEncryption can still return this value for an unrelated reason, but setStorageEncryption is deprecated since it doesn't do anything useful.

        Value: 1

        ENCRYPTION_STATUS_UNSUPPORTED

        Added in API level 11
        static val ENCRYPTION_STATUS_UNSUPPORTED: Int

        Result code for setStorageEncryption and getStorageEncryptionStatus: indicating that encryption is not supported.

        Value: 0

        EXTRA_ADD_EXPLANATION

        Added in API level 8
        static val EXTRA_ADD_EXPLANATION: String

        An optional CharSequence providing additional explanation for why the admin is being added.

        Value: "android.app.extra.ADD_EXPLANATION"

        EXTRA_DELEGATION_SCOPES

        Added in API level 26
        static val EXTRA_DELEGATION_SCOPES: String

        An ArrayList<String> corresponding to the delegation scopes given to an app in the ACTION_APPLICATION_DELEGATION_SCOPES_CHANGED broadcast.

        Value: "android.app.extra.DELEGATION_SCOPES"

        EXTRA_DEVICE_ADMIN

        Added in API level 8
        static val EXTRA_DEVICE_ADMIN: String

        The ComponentName of the administrator component.

        Value: "android.app.extra.DEVICE_ADMIN"

        EXTRA_DEVICE_PASSWORD_REQUIREMENT_ONLY

        Added in API level 31
        static val EXTRA_DEVICE_PASSWORD_REQUIREMENT_ONLY: String

        A boolean extra for ACTION_SET_NEW_PARENT_PROFILE_PASSWORD requesting that only device password requirement is enforced during the parent profile password enrolment flow.

        Normally when enrolling password for the parent profile, both the device-wide password requirement (requirement set via getParentProfileInstance(android.content.ComponentName) instance) and the profile password requirement are enforced, if the profile currently does not have a separate work challenge. By setting this to true, profile password requirement is explicitly disregarded.

        Value: "android.app.extra.DEVICE_PASSWORD_REQUIREMENT_ONLY"

        EXTRA_PASSWORD_COMPLEXITY

        Added in API level 29
        static val EXTRA_PASSWORD_COMPLEXITY: String

        An integer indicating the complexity level of the new password an app would like the user to set when launching the action ACTION_SET_NEW_PASSWORD.

        Must be one of

        If an invalid value is used, it will be treated as PASSWORD_COMPLEXITY_NONE.
        Requires android.Manifest.permission#REQUEST_PASSWORD_COMPLEXITY

        Value: "android.app.extra.PASSWORD_COMPLEXITY"

        EXTRA_PROVISIONING_ACCOUNT_TO_MIGRATE

        Added in API level 22
        static val EXTRA_PROVISIONING_ACCOUNT_TO_MIGRATE: String

        An android.accounts.Account extra holding the account to migrate during managed profile provisioning.

        If the account supplied is present in the user, it will be copied, along with its credentials to the managed profile and removed from the user.

        Value: "android.app.extra.PROVISIONING_ACCOUNT_TO_MIGRATE"

        EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE

        Added in API level 21
        static val EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE: String

        A android.os.Parcelable extra of type android.os.PersistableBundle that is passed directly to the Device Policy Controller after provisioning.

        Starting from android.os.Build.VERSION_CODES#M, if used with MIME_TYPE_PROVISIONING_NFC as part of NFC managed device provisioning, the NFC message should contain a stringified java.util.Properties instance, whose string properties will be converted into a android.os.PersistableBundle and passed to the management application after provisioning.

        Value: "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE"

        EXTRA_PROVISIONING_ALLOWED_PROVISIONING_MODES

        Added in API level 31
        static val EXTRA_PROVISIONING_ALLOWED_PROVISIONING_MODES: String

        An ArrayList of Integer extra specifying the allowed provisioning modes.

        This extra will be passed to the admin app's ACTION_GET_PROVISIONING_MODE activity, whose result intent must contain EXTRA_PROVISIONING_MODE set to one of the values in this array.

        If the value set to EXTRA_PROVISIONING_MODE is not in the array, provisioning will fail.

        Value: "android.app.extra.PROVISIONING_ALLOWED_PROVISIONING_MODES"

        EXTRA_PROVISIONING_ALLOW_OFFLINE

        Added in API level 33
        static val EXTRA_PROVISIONING_ALLOW_OFFLINE: String

        A boolean extra indicating whether offline provisioning should be used.

        The default value is false.

        Value: "android.app.extra.PROVISIONING_ALLOW_OFFLINE"

        EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME

        Added in API level 23
        static val EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME: String

        A ComponentName extra indicating the device admin receiver of the application that will be set as the Device Policy Controller.

        If an application starts provisioning directly via an intent with action ACTION_PROVISION_MANAGED_DEVICE the package name of this component has to match the package name of the application that started provisioning.

        This component is set as device owner and active admin when device owner provisioning is started by an intent with action ACTION_PROVISION_MANAGED_DEVICE or by an NFC message containing an NFC record with MIME type MIME_TYPE_PROVISIONING_NFC. For the NFC record, the component name must be flattened to a string, via ComponentName.flattenToShortString().

        Value: "android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME"

        EXTRA_PROVISIONING_DEVICE_ADMIN_MINIMUM_VERSION_CODE

        Added in API level 23
        static val EXTRA_PROVISIONING_DEVICE_ADMIN_MINIMUM_VERSION_CODE: String

        An int extra holding a minimum required version code for the device admin package. If the device admin is already installed on the device, it will only be re-downloaded from EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION if the version of the installed package is less than this version code.

        Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump. It can also be used for QR code provisioning.

        Value: "android.app.extra.PROVISIONING_DEVICE_ADMIN_MINIMUM_VERSION_CODE"

        EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM

        Added in API level 21
        static val EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM: String

        A String extra holding the URL-safe base64 encoded SHA-256 hash of the file at download location specified in EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION.

        Either this extra or EXTRA_PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM must be present. The provided checksum must match the checksum of the file at the download location. If the checksum doesn't match an error will be shown to the user and the user will be asked to factory reset the device.

        Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump. It can also be used for QR code provisioning.

        Note: for devices running android.os.Build.VERSION_CODES#LOLLIPOP and android.os.Build.VERSION_CODES#LOLLIPOP_MR1 only SHA-1 hash is supported. Starting from android.os.Build.VERSION_CODES#M, this parameter accepts SHA-256 in addition to SHA-1. From android.os.Build.VERSION_CODES#Q, only SHA-256 hash is supported.

        Value: "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM"
        Added in API level 21
        static val EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_COOKIE_HEADER: String

        A String extra holding a http cookie header which should be used in the http request to the url specified in EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION.

        Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump. It can also be used for QR code provisioning.

        Value: "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_COOKIE_HEADER"

        EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION

        Added in API level 21
        static val EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION: String

        A String extra holding a url that specifies the download location of the device admin package. When not provided it is assumed that the device admin package is already installed.

        Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump. It can also be used for QR code provisioning.

        Value: "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION"

        EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME

        Added in API level 21
        Deprecated in API level 23
        static val EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME: String

        Deprecated: Use EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME.

        A String extra holding the package name of the application that will be set as Device Policy Controller.

        When this extra is set, the application must have exactly one device admin receiver. This receiver will be set as the Device Policy Controller.

        Value: "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME"

        EXTRA_PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM

        Added in API level 23
        static val EXTRA_PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM: String

        A String extra holding the URL-safe base64 encoded SHA-256 checksum of any signature of the android package archive at the download location specified in EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION.

        The signatures of an android package archive can be obtained using android.content.pm.PackageManager#getPackageArchiveInfo with flag android.content.pm.PackageManager#GET_SIGNATURES.

        Either this extra or EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM must be present. The provided checksum must match the checksum of any signature of the file at the download location. If the checksum does not match an error will be shown to the user and the user will be asked to factory reset the device.

        Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump. It can also be used for QR code provisioning.

        Value: "android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM"

        EXTRA_PROVISIONING_DISCLAIMERS

        Added in API level 26
        static val EXTRA_PROVISIONING_DISCLAIMERS: String

        A Bundle[] extra consisting of list of disclaimer headers and disclaimer contents.

        Each Bundle must have both EXTRA_PROVISIONING_DISCLAIMER_HEADER as disclaimer header, and EXTRA_PROVISIONING_DISCLAIMER_CONTENT as disclaimer content.

        The extra typically contains one disclaimer from the company of mobile device management application (MDM), and one disclaimer from the organization.

        Call Bundle.putParcelableArray(String, Parcelable[]) to put the Bundle[]

        Maximum 3 key-value pairs can be specified. The rest will be ignored.

        Can be used in an intent with action ACTION_PROVISION_MANAGED_PROFILE. This extra can also be returned by the admin app when performing the admin-integrated provisioning flow as a result of the ACTION_GET_PROVISIONING_MODE activity.

        Value: "android.app.extra.PROVISIONING_DISCLAIMERS"

        EXTRA_PROVISIONING_DISCLAIMER_CONTENT

        Added in API level 26
        static val EXTRA_PROVISIONING_DISCLAIMER_CONTENT: String

        A Uri extra pointing to disclaimer content.

        The following URI schemes are accepted:

        Styled text is supported. This is parsed by android.text.Html#fromHtml(String) and displayed in a android.widget.TextView.

        If a content: URI is passed, the intent should also have the flag Intent.FLAG_GRANT_READ_URI_PERMISSION and the uri should be added to the android.content.ClipData of the intent.

        System apps can also insert a disclaimer by declaring an application-level meta-data in AndroidManifest.xml.

        For example:

        <meta-data
               android:name="android.app.extra.PROVISIONING_DISCLAIMER_CONTENT"
               android:resource="@string/disclaimer_content"
          />

        This must be accompanied with another extra using the key EXTRA_PROVISIONING_DISCLAIMER_HEADER.

        Value: "android.app.extra.PROVISIONING_DISCLAIMER_CONTENT"

        EXTRA_PROVISIONING_DISCLAIMER_HEADER

        Added in API level 26
        static val EXTRA_PROVISIONING_DISCLAIMER_HEADER: String

        A String extra of localized disclaimer header.

        The extra is typically the company name of mobile device management application (MDM) or the organization name.

        System apps can also insert a disclaimer by declaring an application-level meta-data in AndroidManifest.xml.

        For example:

        <meta-data
               android:name="android.app.extra.PROVISIONING_DISCLAIMER_HEADER"
               android:resource="@string/disclaimer_header"
          />

        This must be accompanied with another extra using the key EXTRA_PROVISIONING_DISCLAIMER_CONTENT.

        Value: "android.app.extra.PROVISIONING_DISCLAIMER_HEADER"

        EXTRA_PROVISIONING_EMAIL_ADDRESS

        Added in API level 21
        Deprecated in API level 26
        static val EXTRA_PROVISIONING_EMAIL_ADDRESS: String

        Deprecated: From android.os.Build.VERSION_CODES#O, never used while provisioning the device.

        Value: "android.app.extra.PROVISIONING_EMAIL_ADDRESS"

        EXTRA_PROVISIONING_IMEI

        Added in API level 29
        static val EXTRA_PROVISIONING_IMEI: String

        A string extra holding the IMEI (International Mobile Equipment Identity) of the device.

        Value: "android.app.extra.PROVISIONING_IMEI"

        EXTRA_PROVISIONING_KEEP_ACCOUNT_ON_MIGRATION

        Added in API level 26
        static val EXTRA_PROVISIONING_KEEP_ACCOUNT_ON_MIGRATION: String

        Boolean extra to indicate that the migrated account should be kept.

        If it's set to true, the account will not be removed from the user after it is migrated to the newly created user or profile.

        Defaults to false

        Value: "android.app.extra.PROVISIONING_KEEP_ACCOUNT_ON_MIGRATION"

        EXTRA_PROVISIONING_KEEP_SCREEN_ON

        Added in API level 33
        Deprecated in API level 34
        static val EXTRA_PROVISIONING_KEEP_SCREEN_ON: String

        Deprecated: from android.os.Build.VERSION_CODES#UPSIDE_DOWN_CAKE, the flag wouldn't be functional. The screen is kept on throughout the provisioning flow.

        A boolean flag that indicates whether the screen should be on throughout the provisioning flow.

        This extra can either be passed as an extra to the ACTION_PROVISION_MANAGED_PROFILE intent, or it can be returned by the admin app when performing the admin-integrated provisioning flow as a result of the ACTION_GET_PROVISIONING_MODE activity.

        Value: "android.app.extra.PROVISIONING_KEEP_SCREEN_ON"

        EXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED

        Added in API level 22
        static val EXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED: String

        A Boolean extra that can be used by the mobile device management application to skip the disabling of system apps during provisioning when set to true.

        Use in an NFC record with MIME_TYPE_PROVISIONING_NFC, an intent with action ACTION_PROVISION_MANAGED_PROFILE that starts profile owner provisioning or set as an extra to the intent result of the ACTION_GET_PROVISIONING_MODE activity.

        Value: "android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED"

        EXTRA_PROVISIONING_LOCALE

        Added in API level 21
        static val EXTRA_PROVISIONING_LOCALE: String

        A String extra holding the java.util.Locale that the device will be set to. Format: xx_yy, where xx is the language code, and yy the country code.

        Use only for device owner provisioning. This extra can be returned by the admin app when performing the admin-integrated provisioning flow as a result of the ACTION_GET_PROVISIONING_MODE activity.

        Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump. It can also be used for QR code provisioning.

        Value: "android.app.extra.PROVISIONING_LOCALE"

        EXTRA_PROVISIONING_LOCAL_TIME

        Added in API level 21
        static val EXTRA_PROVISIONING_LOCAL_TIME: String

        A Long extra holding the wall clock time (in milliseconds) to be set on the device's android.app.AlarmManager.

        Use only for device owner provisioning. This extra can be returned by the admin app when performing the admin-integrated provisioning flow as a result of the ACTION_GET_PROVISIONING_MODE activity.

        Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump. It can also be used for QR code provisioning.

        Value: "android.app.extra.PROVISIONING_LOCAL_TIME"

        EXTRA_PROVISIONING_LOGO_URI

        Added in API level 24
        Deprecated in API level 33
        static val EXTRA_PROVISIONING_LOGO_URI: String

        Deprecated: Logo customization is no longer supported in the provisioning flow.

        A Uri extra pointing to a logo image. This image will be shown during the provisioning. If this extra is not passed, a default image will be shown.

        The following URI schemes are accepted:

        It is the responsibility of the caller to provide an image with a reasonable pixel density for the device.

        If a content: URI is passed, the intent should also have the flag Intent.FLAG_GRANT_READ_URI_PERMISSION and the uri should be added to the android.content.ClipData of the intent.

        Value: "android.app.extra.PROVISIONING_LOGO_URI"

        EXTRA_PROVISIONING_MAIN_COLOR

        Added in API level 24
        Deprecated in API level 31
        static val EXTRA_PROVISIONING_MAIN_COLOR: String

        Deprecated: Color customization is no longer supported in the provisioning flow.

        A integer extra indicating the predominant color to show during the provisioning. Refer to android.graphics.Color for how the color is represented.

        Use with ACTION_PROVISION_MANAGED_PROFILE or ACTION_PROVISION_MANAGED_DEVICE.

        Value: "android.app.extra.PROVISIONING_MAIN_COLOR"

        EXTRA_PROVISIONING_MODE

        Added in API level 29
        static val EXTRA_PROVISIONING_MODE: String

        An intent extra holding the provisioning mode returned by the administrator. The value of this extra must be one of the values provided in EXTRA_PROVISIONING_ALLOWED_PROVISIONING_MODES, which is provided as an intent extra to the admin app's ACTION_GET_PROVISIONING_MODE activity.

        Value: "android.app.extra.PROVISIONING_MODE"

        EXTRA_PROVISIONING_SENSORS_PERMISSION_GRANT_OPT_OUT

        Added in API level 31
        static val EXTRA_PROVISIONING_SENSORS_PERMISSION_GRANT_OPT_OUT: String

        A boolean extra indicating the admin of a fully-managed device opts out of controlling permission grants for sensor-related permissions, see setPermissionGrantState(android.content.ComponentName,java.lang.String,java.lang.String,int). The default for this extra is false - by default, the admin of a fully-managed device has the ability to grant sensors-related permissions.

        Use only for device owner provisioning. This extra can be returned by the admin app when performing the admin-integrated provisioning flow as a result of the ACTION_GET_PROVISIONING_MODE activity.

        This extra may also be provided to the admin app via an intent extra for ACTION_GET_PROVISIONING_MODE.

        Value: "android.app.extra.PROVISIONING_SENSORS_PERMISSION_GRANT_OPT_OUT"

        EXTRA_PROVISIONING_SERIAL_NUMBER

        Added in API level 29
        static val EXTRA_PROVISIONING_SERIAL_NUMBER: String

        A string extra holding the serial number of the device.

        Value: "android.app.extra.PROVISIONING_SERIAL_NUMBER"

        EXTRA_PROVISIONING_SHOULD_LAUNCH_RESULT_INTENT

        Added in API level 33
        static val EXTRA_PROVISIONING_SHOULD_LAUNCH_RESULT_INTENT: String

        A boolean extra that determines whether the provisioning flow should launch the resulting launch intent, if one is supplied by the device policy management role holder via EXTRA_RESULT_LAUNCH_INTENT. Default value is false.

        If true, the resulting intent will be launched by the provisioning flow, if one is supplied by the device policy management role holder.

        If false, the resulting intent will be returned as EXTRA_RESULT_LAUNCH_INTENT to the provisioning initiator, if one is supplied by the device manager role holder. It will be the responsibility of the provisioning initiator to launch this Intent after provisioning completes.

        This extra is respected when provided via the provisioning intent actions such as ACTION_PROVISION_MANAGED_PROFILE.

        Value: "android.app.extra.PROVISIONING_SHOULD_LAUNCH_RESULT_INTENT"

        EXTRA_PROVISIONING_SKIP_EDUCATION_SCREENS

        Added in API level 29
        static val EXTRA_PROVISIONING_SKIP_EDUCATION_SCREENS: String

        A boolean extra indicating if the education screens from the provisioning flow should be skipped. If unspecified, defaults to false.

        This extra can be set in the following ways:

        • By the admin app when performing the admin-integrated provisioning flow as a result of the ACTION_GET_PROVISIONING_MODE activity
        • For managed account enrollment

        If the education screens are skipped, it is the admin application's responsibility to display its own user education screens.

        Value: "android.app.extra.PROVISIONING_SKIP_EDUCATION_SCREENS"

        EXTRA_PROVISIONING_SKIP_ENCRYPTION

        Added in API level 23
        static val EXTRA_PROVISIONING_SKIP_ENCRYPTION: String

        A boolean extra indicating whether device encryption can be skipped as part of provisioning.

        Use in an NFC record with MIME_TYPE_PROVISIONING_NFC or an intent with action ACTION_PROVISION_MANAGED_DEVICE that starts device owner provisioning.

        From android.os.Build.VERSION_CODES#N onwards, this is also supported for an intent with action ACTION_PROVISION_MANAGED_PROFILE.

        Value: "android.app.extra.PROVISIONING_SKIP_ENCRYPTION"
        Added in API level 26
        Deprecated in API level 31
        static val EXTRA_PROVISIONING_SKIP_USER_CONSENT: String

        Deprecated: this extra is no longer relevant as device owners cannot create managed profiles

        A boolean extra indicating if the user consent steps from the provisioning flow should be skipped.

        If unspecified, defaults to false.

        Value: "android.app.extra.PROVISIONING_SKIP_USER_CONSENT"

        EXTRA_PROVISIONING_TIME_ZONE

        Added in API level 21
        static val EXTRA_PROVISIONING_TIME_ZONE: String

        A String extra holding the time zone android.app.AlarmManager that the device will be set to.

        Use only for device owner provisioning. This extra can be returned by the admin app when performing the admin-integrated provisioning flow as a result of the ACTION_GET_PROVISIONING_MODE activity.

        Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump. It can also be used for QR code provisioning.

        Value: "android.app.extra.PROVISIONING_TIME_ZONE"

        EXTRA_PROVISIONING_USE_MOBILE_DATA

        Added in API level 33
        static val EXTRA_PROVISIONING_USE_MOBILE_DATA: String

        A boolean extra indicating if mobile data should be used during the provisioning flow for downloading the admin app. If EXTRA_PROVISIONING_WIFI_SSID is also specified, wifi network will be used instead.

        Default value is false.

        If this extra is set to true and EXTRA_PROVISIONING_WIFI_SSID is not specified, this extra has different behaviour depending on the way provisioning is triggered:

        • For provisioning started via a QR code or an NFC tag, mobile data is always used for downloading the admin app.
        • For all other provisioning methods, a mobile data connection check is made at the start of provisioning. If mobile data is connected at that point, the admin app download will happen using mobile data. If mobile data is not connected at that point, the end-user will be asked to pick a wifi network and the admin app download will proceed over wifi.
        Value: "android.app.extra.PROVISIONING_USE_MOBILE_DATA"

        EXTRA_PROVISIONING_WIFI_ANONYMOUS_IDENTITY

        Added in API level 29
        static val EXTRA_PROVISIONING_WIFI_ANONYMOUS_IDENTITY: String

        The anonymous identity of the wifi network in EXTRA_PROVISIONING_WIFI_SSID. This is only used if the EXTRA_PROVISIONING_WIFI_SECURITY_TYPE is EAP.

        Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump. It can also be used for QR code provisioning.

        Value: "android.app.extra.PROVISIONING_WIFI_ANONYMOUS_IDENTITY"

        EXTRA_PROVISIONING_WIFI_CA_CERTIFICATE

        Added in API level 29
        static val EXTRA_PROVISIONING_WIFI_CA_CERTIFICATE: String

        The CA certificate of the wifi network in EXTRA_PROVISIONING_WIFI_SSID. This should be an X.509 certificate Base64 encoded DER format, ie. PEM representation of a certificate without header, footer and line breaks. More information This is only used if the EXTRA_PROVISIONING_WIFI_SECURITY_TYPE is EAP.

        Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump. It can also be used for QR code provisioning.

        Value: "android.app.extra.PROVISIONING_WIFI_CA_CERTIFICATE"

        EXTRA_PROVISIONING_WIFI_DOMAIN

        Added in API level 29
        static val EXTRA_PROVISIONING_WIFI_DOMAIN: String

        The domain of the wifi network in EXTRA_PROVISIONING_WIFI_SSID. This is only used if the EXTRA_PROVISIONING_WIFI_SECURITY_TYPE is EAP.

        Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump. It can also be used for QR code provisioning.

        Value: "android.app.extra.PROVISIONING_WIFI_DOMAIN"

        EXTRA_PROVISIONING_WIFI_EAP_METHOD

        Added in API level 29
        static val EXTRA_PROVISIONING_WIFI_EAP_METHOD: String

        The EAP method of the wifi network in EXTRA_PROVISIONING_WIFI_SSID and could be one of PEAP, TLS, TTLS, PWD, SIM, AKA or AKA_PRIME. This is only used if the EXTRA_PROVISIONING_WIFI_SECURITY_TYPE is EAP.

        Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump. It can also be used for QR code provisioning.

        Value: "android.app.extra.PROVISIONING_WIFI_EAP_METHOD"

        EXTRA_PROVISIONING_WIFI_HIDDEN

        Added in API level 21
        static val EXTRA_PROVISIONING_WIFI_HIDDEN: String

        A boolean extra indicating whether the wifi network in EXTRA_PROVISIONING_WIFI_SSID is hidden or not.

        Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump. It can also be used for QR code provisioning.

        Value: "android.app.extra.PROVISIONING_WIFI_HIDDEN"

        EXTRA_PROVISIONING_WIFI_IDENTITY

        Added in API level 29
        static val EXTRA_PROVISIONING_WIFI_IDENTITY: String

        The identity of the wifi network in EXTRA_PROVISIONING_WIFI_SSID. This is only used if the EXTRA_PROVISIONING_WIFI_SECURITY_TYPE is EAP.

        Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump. It can also be used for QR code provisioning.

        Value: "android.app.extra.PROVISIONING_WIFI_IDENTITY"

        EXTRA_PROVISIONING_WIFI_PAC_URL

        Added in API level 21
        static val EXTRA_PROVISIONING_WIFI_PAC_URL: String

        A String extra holding the proxy auto-config (PAC) URL for the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

        Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump. It can also be used for QR code provisioning.

        Value: "android.app.extra.PROVISIONING_WIFI_PAC_URL"

        EXTRA_PROVISIONING_WIFI_PASSWORD

        Added in API level 21
        static val EXTRA_PROVISIONING_WIFI_PASSWORD: String

        A String extra holding the password of the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

        Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump. It can also be used for QR code provisioning.

        Value: "android.app.extra.PROVISIONING_WIFI_PASSWORD"

        EXTRA_PROVISIONING_WIFI_PHASE2_AUTH

        Added in API level 29
        static val EXTRA_PROVISIONING_WIFI_PHASE2_AUTH: String

        The phase 2 authentication of the wifi network in EXTRA_PROVISIONING_WIFI_SSID and could be one of NONE, PAP, MSCHAP, MSCHAPV2, GTC, SIM, AKA or AKA_PRIME. This is only used if the EXTRA_PROVISIONING_WIFI_SECURITY_TYPE is EAP.

        Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump. It can also be used for QR code provisioning.

        Value: "android.app.extra.PROVISIONING_WIFI_PHASE2_AUTH"

        EXTRA_PROVISIONING_WIFI_PROXY_BYPASS

        Added in API level 21
        static val EXTRA_PROVISIONING_WIFI_PROXY_BYPASS: String

        A String extra holding the proxy bypass for the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

        Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump. It can also be used for QR code provisioning.

        Value: "android.app.extra.PROVISIONING_WIFI_PROXY_BYPASS"

        EXTRA_PROVISIONING_WIFI_PROXY_HOST

        Added in API level 21
        static val EXTRA_PROVISIONING_WIFI_PROXY_HOST: String

        A String extra holding the proxy host for the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

        Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump. It can also be used for QR code provisioning.

        Value: "android.app.extra.PROVISIONING_WIFI_PROXY_HOST"

        EXTRA_PROVISIONING_WIFI_PROXY_PORT

        Added in API level 21
        static val EXTRA_PROVISIONING_WIFI_PROXY_PORT: String

        An int extra holding the proxy port for the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

        Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump. It can also be used for QR code provisioning.

        Value: "android.app.extra.PROVISIONING_WIFI_PROXY_PORT"

        EXTRA_PROVISIONING_WIFI_SECURITY_TYPE

        Added in API level 21
        static val EXTRA_PROVISIONING_WIFI_SECURITY_TYPE: String

        A String extra indicating the security type of the wifi network in EXTRA_PROVISIONING_WIFI_SSID and could be one of NONE, WPA, WEP or EAP.

        Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump. It can also be used for QR code provisioning.

        Value: "android.app.extra.PROVISIONING_WIFI_SECURITY_TYPE"

        EXTRA_PROVISIONING_WIFI_SSID

        Added in API level 21
        static val EXTRA_PROVISIONING_WIFI_SSID: String

        A String extra holding the ssid of the wifi network that should be used during nfc device owner provisioning for downloading the mobile device management application.

        Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump. It can also be used for QR code provisioning.

        Value: "android.app.extra.PROVISIONING_WIFI_SSID"

        EXTRA_PROVISIONING_WIFI_USER_CERTIFICATE

        Added in API level 29
        static val EXTRA_PROVISIONING_WIFI_USER_CERTIFICATE: String

        The user certificate of the wifi network in EXTRA_PROVISIONING_WIFI_SSID. This should be an X.509 certificate and private key Base64 encoded DER format, ie. PEM representation of a certificate and key without header, footer and line breaks. More information This is only used if the EXTRA_PROVISIONING_WIFI_SECURITY_TYPE is EAP.

        Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump. It can also be used for QR code provisioning.

        Value: "android.app.extra.PROVISIONING_WIFI_USER_CERTIFICATE"

        EXTRA_RESOURCE_IDS

        Added in API level 33
        static val EXTRA_RESOURCE_IDS: String

        An integer array extra for ACTION_DEVICE_POLICY_RESOURCE_UPDATED to indicate which resource IDs (i.e. strings and drawables) have been updated.

        Value: "android.app.extra.RESOURCE_IDS"

        EXTRA_RESOURCE_TYPE

        Added in API level 33
        static val EXTRA_RESOURCE_TYPE: String

        An int extra for ACTION_DEVICE_POLICY_RESOURCE_UPDATED to indicate the type of the resource being updated, the type can be EXTRA_RESOURCE_TYPE_DRAWABLE or EXTRA_RESOURCE_TYPE_STRING

        Value: "android.app.extra.RESOURCE_TYPE"

        EXTRA_RESOURCE_TYPE_DRAWABLE

        Added in API level 33
        static val EXTRA_RESOURCE_TYPE_DRAWABLE: Int

        A int value for EXTRA_RESOURCE_TYPE to indicate that a resource of type Drawable is being updated.

        Value: 1

        EXTRA_RESOURCE_TYPE_STRING

        Added in API level 33
        static val EXTRA_RESOURCE_TYPE_STRING: Int

        A int value for EXTRA_RESOURCE_TYPE to indicate that a resource of type String is being updated.

        Value: 2

        EXTRA_RESULT_LAUNCH_INTENT

        Added in API level 33
        static val EXTRA_RESULT_LAUNCH_INTENT: String

        An Intent result extra specifying the Intent to be launched after provisioning is finalized.

        If EXTRA_PROVISIONING_SHOULD_LAUNCH_RESULT_INTENT is set to false, this result will be supplied as part of the result Intent for provisioning actions such as ACTION_PROVISION_MANAGED_PROFILE. This result will also be supplied as part of the result Intent for the device policy management role holder provisioning actions.

        Value: "android.app.extra.RESULT_LAUNCH_INTENT"

        FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY

        Added in API level 26
        static val FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY: Int

        Flag for lockNow(int): also evict the user's credential encryption key from the keyring. The user's credential will need to be entered again in order to derive the credential encryption key that will be stored back in the keyring for future use.

        This flag can only be used by a profile owner when locking a managed profile when getStorageEncryptionStatus returns ENCRYPTION_STATUS_ACTIVE_PER_USER.

        In order to secure user data, the user will be stopped and restarted so apps should wait until they are next run to perform further actions.

        Value: 1

        FLAG_MANAGED_CAN_ACCESS_PARENT

        Added in API level 21
        static val FLAG_MANAGED_CAN_ACCESS_PARENT: Int

        Flag used by addCrossProfileIntentFilter to allow activities in the managed profile to access intents sent from the parent profile. That is, when an app in the parent profile calls android.app.Activity#startActivity(android.content.Intent), the intent can be resolved by a matching activity in the managed profile.

        Value: 2

        FLAG_PARENT_CAN_ACCESS_MANAGED

        Added in API level 21
        static val FLAG_PARENT_CAN_ACCESS_MANAGED: Int

        Flag used by addCrossProfileIntentFilter to allow activities in the parent profile to access intents sent from the managed profile. That is, when an app in the managed profile calls android.app.Activity#startActivity(android.content.Intent), the intent can be resolved by a matching activity in the parent profile.

        Value: 1

        ID_TYPE_BASE_INFO

        Added in API level 28
        static val ID_TYPE_BASE_INFO: Int

        Specifies that the device should attest its manufacturer details. For use with generateKeyPair.

        Value: 1

        See Also

        ID_TYPE_IMEI

        Added in API level 28
        static val ID_TYPE_IMEI: Int

        Specifies that the device should attest its IMEI. For use with generateKeyPair.

        Value: 4

        See Also

        ID_TYPE_INDIVIDUAL_ATTESTATION

        Added in API level 30
        static val ID_TYPE_INDIVIDUAL_ATTESTATION: Int

        Specifies that the device should attest using an individual attestation certificate. For use with generateKeyPair.

        Value: 16

        See Also

        ID_TYPE_MEID

        Added in API level 28
        static val ID_TYPE_MEID: Int

        Specifies that the device should attest its MEID. For use with generateKeyPair.

        Value: 8

        See Also

        ID_TYPE_SERIAL

        Added in API level 28
        static val ID_TYPE_SERIAL: Int

        Specifies that the device should attest its serial number. For use with generateKeyPair.

        Value: 2

        See Also

        INSTALLKEY_REQUEST_CREDENTIALS_ACCESS

        Added in API level 28
        static val INSTALLKEY_REQUEST_CREDENTIALS_ACCESS: Int

        Specifies that the calling app should be granted access to the installed credentials immediately. Otherwise, access to the credentials will be gated by user approval. For use with installKeyPair(android.content.ComponentName,java.security.PrivateKey,java.security.cert.Certificate[],java.lang.String,int)

        Value: 1

        INSTALLKEY_SET_USER_SELECTABLE

        Added in API level 28
        static val INSTALLKEY_SET_USER_SELECTABLE: Int

        Specifies that a user can select the key via the Certificate Selection prompt. If this flag is not set when calling #installKeyPair, the key can only be granted access by implementing android.app.admin.DeviceAdminReceiver#onChoosePrivateKeyAlias. For use with installKeyPair(android.content.ComponentName,java.security.PrivateKey,java.security.cert.Certificate[],java.lang.String,int)

        Value: 2

        KEYGUARD_DISABLE_BIOMETRICS

        Added in API level 28
        static val KEYGUARD_DISABLE_BIOMETRICS: Int

        Disable all biometric authentication on keyguard secure screens (e.g. PIN/Pattern/Password).

        Value: 416

        KEYGUARD_DISABLE_FACE

        Added in API level 28
        static val KEYGUARD_DISABLE_FACE: Int

        Disable face authentication on keyguard secure screens (e.g. PIN/Pattern/Password).

        Value: 128

        KEYGUARD_DISABLE_FEATURES_ALL

        Added in API level 17
        static val KEYGUARD_DISABLE_FEATURES_ALL: Int

        Disable all current and future keyguard customizations.

        Value: 2147483647

        KEYGUARD_DISABLE_FEATURES_NONE

        Added in API level 17
        static val KEYGUARD_DISABLE_FEATURES_NONE: Int

        Widgets are enabled in keyguard

        Value: 0

        KEYGUARD_DISABLE_FINGERPRINT

        Added in API level 21
        static val KEYGUARD_DISABLE_FINGERPRINT: Int

        Disable fingerprint authentication on keyguard secure screens (e.g. PIN/Pattern/Password).

        Value: 32

        KEYGUARD_DISABLE_IRIS

        Added in API level 28
        static val KEYGUARD_DISABLE_IRIS: Int

        Disable iris authentication on keyguard secure screens (e.g. PIN/Pattern/Password).

        Value: 256

        KEYGUARD_DISABLE_REMOTE_INPUT

        Added in API level 24
        Deprecated in API level 33
        static val KEYGUARD_DISABLE_REMOTE_INPUT: Int

        Deprecated: This flag was added in version android.os.Build.VERSION_CODES#N, but it never had any effect.

        Disable text entry into notifications on secure keyguard screens (e.g. PIN/Pattern/Password).

        Value: 64

        KEYGUARD_DISABLE_SECURE_CAMERA

        Added in API level 17
        static val KEYGUARD_DISABLE_SECURE_CAMERA: Int

        Disable the camera on secure keyguard screens (e.g. PIN/Pattern/Password)

        Value: 2

        KEYGUARD_DISABLE_SECURE_NOTIFICATIONS

        Added in API level 21
        static val KEYGUARD_DISABLE_SECURE_NOTIFICATIONS: Int

        Disable showing all notifications on secure keyguard screens (e.g. PIN/Pattern/Password)

        Value: 4

        KEYGUARD_DISABLE_SHORTCUTS_ALL

        Added in API level 34
        static val KEYGUARD_DISABLE_SHORTCUTS_ALL: Int

        Disable all keyguard shortcuts.

        Value: 512

        KEYGUARD_DISABLE_TRUST_AGENTS

        Added in API level 21
        static val KEYGUARD_DISABLE_TRUST_AGENTS: Int

        Disable trust agents on secure keyguard screens (e.g. PIN/Pattern/Password). By setting this flag alone, all trust agents are disabled. If the admin then wants to allowlist specific features of some trust agent, setTrustAgentConfiguration can be used in conjuction to set trust-agent-specific configurations.

        Value: 16

        KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS

        Added in API level 21
        static val KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS: Int

        Only allow redacted notifications on secure keyguard screens (e.g. PIN/Pattern/Password)

        Value: 8

        KEYGUARD_DISABLE_WIDGETS_ALL

        Added in API level 17
        static val KEYGUARD_DISABLE_WIDGETS_ALL: Int

        Disable all keyguard widgets. Has no effect between android.os.Build.VERSION_CODES#LOLLIPOP and android.os.Build.VERSION_CODES#UPSIDE_DOWN_CAKE (both inclusive), since keyguard widget is only supported on Android versions lower than 5.0 and versions higher than 14.

        Value: 1

        LEAVE_ALL_SYSTEM_APPS_ENABLED

        Added in API level 28
        static val LEAVE_ALL_SYSTEM_APPS_ENABLED: Int

        Flag used by createAndManageUser to specify that the newly created user should skip the disabling of system apps during provisioning.

        Value: 16

        LOCK_TASK_FEATURE_BLOCK_ACTIVITY_START_IN_TASK

        Added in API level 30
        static val LOCK_TASK_FEATURE_BLOCK_ACTIVITY_START_IN_TASK: Int

        Enable blocking of non-allowlisted activities from being started into a locked task.

        Value: 64

        LOCK_TASK_FEATURE_GLOBAL_ACTIONS

        Added in API level 28
        static val LOCK_TASK_FEATURE_GLOBAL_ACTIONS: Int

        Enable the global actions dialog during LockTask mode. This is the dialog that shows up when the user long-presses the power button, for example. Note that the user may not be able to power off the device if this flag is not set.

        This flag is enabled by default until setLockTaskFeatures(android.content.ComponentName,int) is called for the first time.

        Value: 16

        LOCK_TASK_FEATURE_HOME

        Added in API level 28
        static val LOCK_TASK_FEATURE_HOME: Int

        Enable the Home button during LockTask mode. Note that if a custom launcher is used, it has to be registered as the default launcher with addPersistentPreferredActivity(android.content.ComponentName,android.content.IntentFilter,android.content.ComponentName), and its package needs to be allowlisted for LockTask with setLockTaskPackages(android.content.ComponentName,java.lang.String[]).

        Value: 4

        LOCK_TASK_FEATURE_KEYGUARD

        Added in API level 28
        static val LOCK_TASK_FEATURE_KEYGUARD: Int

        Enable the keyguard during LockTask mode. Note that if the keyguard is already disabled with setKeyguardDisabled(android.content.ComponentName,boolean), setting this flag will have no effect. If this flag is not set, the keyguard will not be shown even if the user has a lock screen credential.

        Value: 32

        LOCK_TASK_FEATURE_NONE

        Added in API level 28
        static val LOCK_TASK_FEATURE_NONE: Int

        Disable all configurable SystemUI features during LockTask mode. This includes,

        • system info area in the status bar (connectivity icons, clock, etc.)
        • notifications (including alerts, icons, and the notification shade)
        • Home button
        • Recents button and UI
        • global actions menu (i.e. power button menu)
        • keyguard

        Value: 0

        LOCK_TASK_FEATURE_NOTIFICATIONS

        Added in API level 28
        static val LOCK_TASK_FEATURE_NOTIFICATIONS: Int

        Enable notifications during LockTask mode. This includes notification icons on the status bar, heads-up notifications, and the expandable notification shade. Note that the Quick Settings panel remains disabled. This feature flag can only be used in combination with LOCK_TASK_FEATURE_HOME. setLockTaskFeatures(android.content.ComponentName,int) throws an IllegalArgumentException if this feature flag is defined without LOCK_TASK_FEATURE_HOME.

        Value: 2

        LOCK_TASK_FEATURE_OVERVIEW

        Added in API level 28
        static val LOCK_TASK_FEATURE_OVERVIEW: Int

        Enable the Overview button and the Overview screen during LockTask mode. This feature flag can only be used in combination with LOCK_TASK_FEATURE_HOME, and setLockTaskFeatures(android.content.ComponentName,int) will throw an IllegalArgumentException if this feature flag is defined without LOCK_TASK_FEATURE_HOME.

        Value: 8

        LOCK_TASK_FEATURE_SYSTEM_INFO

        Added in API level 28
        static val LOCK_TASK_FEATURE_SYSTEM_INFO: Int

        Enable the system info area in the status bar during LockTask mode. The system info area usually occupies the right side of the status bar (although this can differ across OEMs). It includes all system information indicators, such as date and time, connectivity, battery, vibration mode, etc.

        Value: 1

        MAKE_USER_EPHEMERAL

        Added in API level 28
        static val MAKE_USER_EPHEMERAL: Int

        Flag used by createAndManageUser to specify that the user should be created ephemeral. Ephemeral users will be removed after switching to another user or rebooting the device.

        Value: 2

        MIME_TYPE_PROVISIONING_NFC

        Added in API level 21
        static val MIME_TYPE_PROVISIONING_NFC: String

        This MIME type is used for starting the device owner provisioning.

        During device owner provisioning a device admin app is set as the owner of the device. A device owner has full control over the device. The device owner can not be modified by the user and the only way of resetting the device is if the device owner app calls a factory reset.

        A typical use case would be a device that is owned by a company, but used by either an employee or client.

        The NFC message must be sent to an unprovisioned device.

        The NFC record must contain a serialized java.util.Properties object which contains the following properties:

        As of android.os.Build.VERSION_CODES#M, the properties should contain EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME instead of EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME, (although specifying only EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME is still supported).

        Value: "application/com.android.managedprovisioning"

        MTE_DISABLED

        Added in API level 34
        static val MTE_DISABLED: Int

        Require that MTE be disabled on the device. Can be set by a device owner.

        Value: 2

        MTE_ENABLED

        Added in API level 34
        static val MTE_ENABLED: Int

        Require that MTE be enabled on the device, if supported. Can be set by a device owner or a profile owner of an organization-owned managed profile.

        Value: 1

        MTE_NOT_CONTROLLED_BY_POLICY

        Added in API level 34
        static val MTE_NOT_CONTROLLED_BY_POLICY: Int

        Allow the user to choose whether to enable MTE on the device.

        Value: 0

        NEARBY_STREAMING_DISABLED

        Added in API level 31
        static val NEARBY_STREAMING_DISABLED: Int

        Indicates that nearby streaming is disabled.

        Value: 1

        NEARBY_STREAMING_ENABLED

        Added in API level 31
        static val NEARBY_STREAMING_ENABLED: Int

        Indicates that nearby streaming is enabled.

        Value: 2

        NEARBY_STREAMING_NOT_CONTROLLED_BY_POLICY

        Added in API level 31
        static val NEARBY_STREAMING_NOT_CONTROLLED_BY_POLICY: Int

        Indicates that nearby streaming is not controlled by policy, which means nearby streaming is allowed.

        Value: 0

        NEARBY_STREAMING_SAME_MANAGED_ACCOUNT_ONLY

        Added in API level 31
        static val NEARBY_STREAMING_SAME_MANAGED_ACCOUNT_ONLY: Int

        Indicates that nearby streaming is enabled only to devices offering a comparable level of security, with the same authenticated managed account.

        Value: 3

        OPERATION_SAFETY_REASON_DRIVING_DISTRACTION

        Added in API level 31
        static val OPERATION_SAFETY_REASON_DRIVING_DISTRACTION: Int

        Indicates that a UnsafeStateException was thrown because the operation would distract the driver of the vehicle.

        Value: 1

        PASSWORD_COMPLEXITY_HIGH

        static val PASSWORD_COMPLEXITY_HIGH: Int

        Constant for getPasswordComplexity() and setRequiredPasswordComplexity(int). Define the high password complexity band as:

        • PIN with no repeating (4444) or ordered (1234, 4321, 2468) sequences, length at least 8
        • alphabetic, length at least 6
        • alphanumeric, length at least 6

        When returned from getPasswordComplexity(), the constant represents the exact complexity band the password is in. When passed to it sets the minimum complexity

        Value: 327680

        PASSWORD_COMPLEXITY_LOW

        static val PASSWORD_COMPLEXITY_LOW: Int

        Constant for getPasswordComplexity() and setRequiredPasswordComplexity(int). Define the low password complexity band as:

        • pattern
        • PIN with repeating (4444) or ordered (1234, 4321, 2468) sequences

        When returned from getPasswordComplexity(), the constant represents the exact complexity band the password is in. When passed to it sets the minimum complexity

        Value: 65536

        PASSWORD_COMPLEXITY_MEDIUM

        static val PASSWORD_COMPLEXITY_MEDIUM: Int

        Constant for getPasswordComplexity() and setRequiredPasswordComplexity(int). Define the medium password complexity band as:

        • PIN with no repeating (4444) or ordered (1234, 4321, 2468) sequences, length at least 4
        • alphabetic, length at least 4
        • alphanumeric, length at least 4

        When returned from getPasswordComplexity(), the constant represents the exact complexity band the password is in. When passed to it sets the minimum complexity

        Value: 196608

        PASSWORD_COMPLEXITY_NONE

        static val PASSWORD_COMPLEXITY_NONE: Int

        Constant for getPasswordComplexity() and setRequiredPasswordComplexity(int): no password.

        When returned from getPasswordComplexity(), the constant represents the exact complexity band the password is in. When passed to it sets the minimum complexity

        Value: 0

        PASSWORD_QUALITY_ALPHABETIC

        Added in API level 8
        static val PASSWORD_QUALITY_ALPHABETIC: Int

        Constant for setPasswordQuality: the user must have entered a password containing at least alphabetic (or other symbol) characters. Note that quality constants are ordered so that higher values are more restrictive.

        Value: 262144

        PASSWORD_QUALITY_ALPHANUMERIC

        Added in API level 8
        static val PASSWORD_QUALITY_ALPHANUMERIC: Int

        Constant for setPasswordQuality: the user must have entered a password containing at least both> numeric and alphabetic (or other symbol) characters. Note that quality constants are ordered so that higher values are more restrictive.

        Value: 327680

        PASSWORD_QUALITY_BIOMETRIC_WEAK

        Added in API level 14
        static val PASSWORD_QUALITY_BIOMETRIC_WEAK: Int

        Constant for setPasswordQuality: the policy allows for low-security biometric recognition technology. This implies technologies that can recognize the identity of an individual to about a 3 digit PIN (false detection is less than 1 in 1,000). Note that quality constants are ordered so that higher values are more restrictive.

        Value: 32768

        PASSWORD_QUALITY_COMPLEX

        Added in API level 11
        static val PASSWORD_QUALITY_COMPLEX: Int

        Constant for setPasswordQuality: allows the admin to set precisely how many characters of various types the password should contain to satisfy the policy. The admin should set these requirements via setPasswordMinimumLetters, setPasswordMinimumNumeric, setPasswordMinimumSymbols, setPasswordMinimumUpperCase, setPasswordMinimumLowerCase, setPasswordMinimumNonLetter, and setPasswordMinimumLength. Note that quality constants are ordered so that higher values are more restrictive.

        Value: 393216

        PASSWORD_QUALITY_NUMERIC

        Added in API level 8
        static val PASSWORD_QUALITY_NUMERIC: Int

        Constant for setPasswordQuality: the user must have entered a password containing at least numeric characters. Note that quality constants are ordered so that higher values are more restrictive.

        Value: 131072

        PASSWORD_QUALITY_NUMERIC_COMPLEX

        Added in API level 21
        static val PASSWORD_QUALITY_NUMERIC_COMPLEX: Int

        Constant for setPasswordQuality: the user must have entered a password containing at least numeric characters with no repeating (4444) or ordered (1234, 4321, 2468) sequences. Note that quality constants are ordered so that higher values are more restrictive.

        Value: 196608

        PASSWORD_QUALITY_SOMETHING

        Added in API level 8
        static val PASSWORD_QUALITY_SOMETHING: Int

        Constant for setPasswordQuality: the policy requires some kind of password or pattern, but doesn't care what it is. Note that quality constants are ordered so that higher values are more restrictive.

        Value: 65536

        PASSWORD_QUALITY_UNSPECIFIED

        Added in API level 8
        static val PASSWORD_QUALITY_UNSPECIFIED: Int

        Constant for setPasswordQuality: the policy has no requirements for the password. Note that quality constants are ordered so that higher values are more restrictive.

        Value: 0

        PERMISSION_GRANT_STATE_DEFAULT

        Added in API level 23
        static val PERMISSION_GRANT_STATE_DEFAULT: Int

        Runtime permission state: The user can manage the permission through the UI.

        Value: 0

        PERMISSION_GRANT_STATE_DENIED

        Added in API level 23
        static val PERMISSION_GRANT_STATE_DENIED: Int

        Runtime permission state: The permission is denied to the app and the user cannot manage the permission through the UI.

        Value: 2

        PERMISSION_GRANT_STATE_GRANTED

        Added in API level 23
        static val PERMISSION_GRANT_STATE_GRANTED: Int

        Runtime permission state: The permission is granted to the app and the user cannot manage the permission through the UI.

        Value: 1

        PERMISSION_POLICY_AUTO_DENY

        Added in API level 23
        static val PERMISSION_POLICY_AUTO_DENY: Int

        Permission policy to always deny new permission requests for runtime permissions. Already granted or denied permissions are not affected by this.

        Value: 2

        PERMISSION_POLICY_AUTO_GRANT

        Added in API level 23
        static val PERMISSION_POLICY_AUTO_GRANT: Int

        Permission policy to always grant new permission requests for runtime permissions. Already granted or denied permissions are not affected by this.

        Value: 1

        PERMISSION_POLICY_PROMPT

        Added in API level 23
        static val PERMISSION_POLICY_PROMPT: Int

        Permission policy to prompt user for new permission requests for runtime permissions. Already granted or denied permissions are not affected by this.

        Value: 0

        PERSONAL_APPS_NOT_SUSPENDED

        Added in API level 30
        static val PERSONAL_APPS_NOT_SUSPENDED: Int

        Return value for getPersonalAppsSuspendedReasons when personal apps are not suspended.

        Value: 0

        PERSONAL_APPS_SUSPENDED_EXPLICITLY

        Added in API level 30
        static val PERSONAL_APPS_SUSPENDED_EXPLICITLY: Int

        Flag for getPersonalAppsSuspendedReasons return value. Set when personal apps are suspended by an admin explicitly via setPersonalAppsSuspended.

        Value: 1

        PERSONAL_APPS_SUSPENDED_PROFILE_TIMEOUT

        Added in API level 30
        static val PERSONAL_APPS_SUSPENDED_PROFILE_TIMEOUT: Int

        Flag for getPersonalAppsSuspendedReasons return value. Set when personal apps are suspended by framework because managed profile was off for longer than allowed by policy.

        Value: 2

        POLICY_DISABLE_CAMERA

        Added in API level 26
        static val POLICY_DISABLE_CAMERA: String

        Constant to indicate the feature of disabling the camera. Used as argument to createAdminSupportIntent(java.lang.String).

        Value: "policy_disable_camera"

        POLICY_DISABLE_SCREEN_CAPTURE

        Added in API level 26
        static val POLICY_DISABLE_SCREEN_CAPTURE: String

        Constant to indicate the feature of disabling screen captures. Used as argument to createAdminSupportIntent(java.lang.String).

        Value: "policy_disable_screen_capture"

        PRIVATE_DNS_MODE_OFF

        Added in API level 29
        static val PRIVATE_DNS_MODE_OFF: Int

        Specifies that Private DNS was turned off completely.

        Value: 1

        PRIVATE_DNS_MODE_OPPORTUNISTIC

        Added in API level 29
        static val PRIVATE_DNS_MODE_OPPORTUNISTIC: Int

        Specifies that the device owner requested opportunistic DNS over TLS

        Value: 2

        PRIVATE_DNS_MODE_PROVIDER_HOSTNAME

        Added in API level 29
        static val PRIVATE_DNS_MODE_PROVIDER_HOSTNAME: Int

        Specifies that the device owner configured a specific host to use for Private DNS.

        Value: 3

        PRIVATE_DNS_MODE_UNKNOWN

        Added in API level 29
        static val PRIVATE_DNS_MODE_UNKNOWN: Int

        Specifies that the Private DNS setting is in an unknown state.

        Value: 0

        PRIVATE_DNS_SET_ERROR_FAILURE_SETTING

        Added in API level 29
        static val PRIVATE_DNS_SET_ERROR_FAILURE_SETTING: Int

        General failure to set the Private DNS mode, not due to one of the reasons listed above.

        Value: 2

        PRIVATE_DNS_SET_ERROR_HOST_NOT_SERVING

        Added in API level 29
        static val PRIVATE_DNS_SET_ERROR_HOST_NOT_SERVING: Int

        If the privateDnsHost provided was of a valid hostname but that host was found to not support DNS-over-TLS.

        Value: 1

        PRIVATE_DNS_SET_NO_ERROR

        Added in API level 29
        static val PRIVATE_DNS_SET_NO_ERROR: Int

        The selected mode has been set successfully. If the mode is PRIVATE_DNS_MODE_PROVIDER_HOSTNAME then it implies the supplied host is valid and reachable.

        Value: 0

        PROVISIONING_MODE_FULLY_MANAGED_DEVICE

        Added in API level 29
        static val PROVISIONING_MODE_FULLY_MANAGED_DEVICE: Int

        The provisioning mode for fully managed device.

        Value: 1

        PROVISIONING_MODE_MANAGED_PROFILE

        Added in API level 29
        static val PROVISIONING_MODE_MANAGED_PROFILE: Int

        The provisioning mode for managed profile.

        Value: 2

        PROVISIONING_MODE_MANAGED_PROFILE_ON_PERSONAL_DEVICE

        Added in API level 31
        static val PROVISIONING_MODE_MANAGED_PROFILE_ON_PERSONAL_DEVICE: Int

        The provisioning mode for a managed profile on a personal device.

        This mode is only available when the provisioning initiator has explicitly instructed the provisioning flow to support managed profile on a personal device provisioning. In that case, PROVISIONING_MODE_MANAGED_PROFILE corresponds to an organization-owned managed profile, whereas this constant corresponds to a personally-owned managed profile.

        Value: 3

        RESET_PASSWORD_DO_NOT_ASK_CREDENTIALS_ON_BOOT

        Added in API level 23
        static val RESET_PASSWORD_DO_NOT_ASK_CREDENTIALS_ON_BOOT: Int

        Flag for resetPasswordWithToken and resetPassword: don't ask for user credentials on device boot. If the flag is set, the device can be booted without asking for user password. The absence of this flag does not change the current boot requirements. This flag can be set by the device owner only. If the app is not the device owner, the flag is ignored. Once the flag is set, it cannot be reverted back without resetting the device to factory defaults.

        Value: 2

        RESET_PASSWORD_REQUIRE_ENTRY

        Added in API level 8
        static val RESET_PASSWORD_REQUIRE_ENTRY: Int

        Flag for resetPasswordWithToken and resetPassword: don't allow other admins to change the password again until the user has entered it.

        Value: 1

        SKIP_SETUP_WIZARD

        Added in API level 24
        static val SKIP_SETUP_WIZARD: Int

        Flag used by createAndManageUser to skip setup wizard after creating a new user.

        Value: 1

        WIFI_SECURITY_ENTERPRISE_192

        Added in API level 33
        static val WIFI_SECURITY_ENTERPRISE_192: Int

        Constant for getMinimumRequiredWifiSecurityLevel() and setMinimumRequiredWifiSecurityLevel(int): enterprise 192 bit network.

        When returned from getMinimumRequiredWifiSecurityLevel(), the constant represents the current minimum security level required. When passed to setMinimumRequiredWifiSecurityLevel(int), it sets the minimum security level a Wi-Fi network must meet.

        Value: 3

        WIFI_SECURITY_ENTERPRISE_EAP

        Added in API level 33
        static val WIFI_SECURITY_ENTERPRISE_EAP: Int

        Constant for getMinimumRequiredWifiSecurityLevel() and setMinimumRequiredWifiSecurityLevel(int): enterprise EAP network.

        When returned from getMinimumRequiredWifiSecurityLevel(), the constant represents the current minimum security level required. When passed to setMinimumRequiredWifiSecurityLevel(int), it sets the minimum security level a Wi-Fi network must meet.

        Value: 2

        WIFI_SECURITY_OPEN

        Added in API level 33
        static val WIFI_SECURITY_OPEN: Int

        Constant for getMinimumRequiredWifiSecurityLevel() and setMinimumRequiredWifiSecurityLevel(int): no minimum security level.

        When returned from getMinimumRequiredWifiSecurityLevel(), the constant represents the current minimum security level required. When passed to setMinimumRequiredWifiSecurityLevel(int), it sets the minimum security level a Wi-Fi network must meet.

        Value: 0

        WIFI_SECURITY_PERSONAL

        Added in API level 33
        static val WIFI_SECURITY_PERSONAL: Int

        Constant for getMinimumRequiredWifiSecurityLevel() and setMinimumRequiredWifiSecurityLevel(int): personal network such as WEP, WPA2-PSK.

        When returned from getMinimumRequiredWifiSecurityLevel(), the constant represents the current minimum security level required. When passed to setMinimumRequiredWifiSecurityLevel(int), it sets the minimum security level a Wi-Fi network must meet.

        Value: 1

        WIPE_EUICC

        Added in API level 28
        static val WIPE_EUICC: Int

        Flag for wipeData(int): also erase the device's eUICC data.

        Value: 4

        WIPE_EXTERNAL_STORAGE

        Added in API level 9
        static val WIPE_EXTERNAL_STORAGE: Int

        Flag for wipeData(int): also erase the device's adopted external storage (such as adopted SD cards).

        Value: 1

        See Also

          WIPE_RESET_PROTECTION_DATA

          Added in API level 22
          static val WIPE_RESET_PROTECTION_DATA: Int

          Flag for wipeData(int): also erase the factory reset protection data.

          This flag may only be set by device owner admins; if it is set by other admins a SecurityException will be thrown.

          Value: 2

          WIPE_SILENTLY

          Added in API level 29
          static val WIPE_SILENTLY: Int

          Flag for wipeData(int): won't show reason for wiping to the user.

          Value: 8

          Public methods

          acknowledgeDeviceCompliant

          Added in API level 31
          open fun acknowledgeDeviceCompliant(): Unit

          Called by a profile owner of an organization-owned managed profile to acknowledge that the device is compliant and the user can turn the profile off if needed according to the maximum time off policy. This method should be called when the device is deemed compliant after getting DeviceAdminReceiver.onComplianceAcknowledgementRequired(Context, Intent) callback in case it is overridden. Before this method is called the user is still free to turn the profile off, but the timer won't be reset, so personal apps will be suspended sooner. DPCs only need acknowledging device compliance if they override DeviceAdminReceiver.onComplianceAcknowledgementRequired(Context, Intent), otherwise compliance is acknowledged automatically.

          Exceptions
          java.lang.IllegalStateException if the user isn't unlocked

          addCrossProfileIntentFilter

          Added in API level 21
          open fun addCrossProfileIntentFilter(
              admin: ComponentName?,
              filter: IntentFilter!,
              flags: Int
          ): Unit

          Called by the profile owner of a managed profile so that some intents sent in the managed profile can also be resolved in the parent, or vice versa. Only activity intents are supported.

          Parameters
          admin ComponentName?: Which DeviceAdminReceiver this request is associated with. This value may be null.
          filter IntentFilter!: The IntentFilter the intent has to match to be also resolved in the other profile
          flags Int: DevicePolicyManager.FLAG_MANAGED_CAN_ACCESS_PARENT and DevicePolicyManager.FLAG_PARENT_CAN_ACCESS_MANAGED are supported.
          Exceptions
          java.lang.SecurityException if admin is not a device or profile owner.

          addCrossProfileWidgetProvider

          Added in API level 21
          open fun addCrossProfileWidgetProvider(
              admin: ComponentName?,
              packageName: String!
          ): Boolean

          Called by the profile owner of a managed profile or a holder of the permission android.Manifest.permission#MANAGE_DEVICE_POLICY_PROFILE_INTERACTION to enable widget providers from a given package to be available in the parent profile. As a result the user will be able to add widgets from the allowlisted package running under the profile to a widget host which runs under the parent profile, for example the home screen. Note that a package may have zero or more provider components, where each component provides a different widget type.

          Note: By default no widget provider package is allowlisted.

          Parameters
          admin ComponentName?: Which DeviceAdminReceiver this request is associated with. Null if the caller is not a device admin. This value may be null.
          packageName String!: The package from which widget providers are allowlisted.
          Return
          Boolean Whether the package was added.
          Exceptions
          java.lang.SecurityException if admin is not a profile owner and not a holder of the permission android.Manifest.permission#MANAGE_DEVICE_POLICY_PROFILE_INTERACTION.

          addOverrideApn

          Added in API level 28
          open fun addOverrideApn(
              admin: ComponentName,
              apnSetting: ApnSetting
          ): Int

          Called by device owner or managed profile owner to add an override APN.

          This method may returns -1 if apnSetting conflicts with an existing override APN. Update the existing conflicted APN with updateOverrideApn(android.content.ComponentName,int,android.telephony.data.ApnSetting) instead of adding a new entry.

          Two override APNs are considered to conflict when all the following APIs return the same values on both override APNs:

          Before Android version android.os.Build.VERSION_CODES#TIRAMISU: Only device owners can add APNs.

          Starting from Android version android.os.Build.VERSION_CODES#TIRAMISU: Both device owners and managed profile owners can add enterprise APNs (ApnSetting.TYPE_ENTERPRISE), while only device owners can add other type of APNs. Enterprise APNs are specific to the managed profile and do not override any user-configured VPNs. They are prerequisites for enabling preferential network service on the managed profile on 4G networks (setPreferentialNetworkServiceConfigs).

          Parameters
          admin ComponentName: which DeviceAdminReceiver this request is associated with This value cannot be null.
          apnSetting ApnSetting: the override APN to insert This value cannot be null.
          Return
          Int The id of inserted override APN. Or -1 when failed to insert into the database.
          Exceptions
          java.lang.SecurityException If request is for enterprise APN admin is either device owner or profile owner and in all other types of APN if admin is not a device owner.

          addPersistentPreferredActivity

          Added in API level 21
          open fun addPersistentPreferredActivity(
              admin: ComponentName?,
              filter: IntentFilter!,
              activity: ComponentName
          ): Unit

          Called by a profile owner or device owner or holder of the permission android.Manifest.permission#MANAGE_DEVICE_POLICY_LOCK_TASK. to set a default activity that the system selects to handle intents that match the given IntentFilter instead of showing the default disambiguation mechanism. This activity will remain the default intent handler even if the set of potential event handlers for the intent filter changes and if the intent preferences are reset.

          Note that the target application should still declare the activity in the manifest, the API just sets the activity to be the default one to handle the given intent filter.

          The default disambiguation mechanism takes over if the activity is not installed (anymore). When the activity is (re)installed, it is automatically reset as default intent handler for the filter.

          Note that calling this API to set a default intent handler, only allow to avoid the default disambiguation mechanism. Implicit intents that do not trigger this mechanism (like invoking the browser) cannot be configured as they are controlled by other configurations.

          The calling device admin must be a profile owner or device owner. If it is not, a security exception will be thrown.

          Starting from Build.VERSION_CODES.UPSIDE_DOWN_CAKE, after the persistent preferred activity policy has been set, PolicyUpdateReceiver.onPolicySetResult(Context, String, will notify the admin on whether the policy was successfully set or not. This callback will contain:

          If there has been a change to the policy, PolicyUpdateReceiver.onPolicyChanged(Context, String, Bundle, TargetUser, will notify the admin of this change. This callback will contain the same parameters as PolicyUpdateReceiver#onPolicySetResult and the PolicyUpdateResult will contain the reason why the policy changed.

          NOTE: Performs disk I/O and shouldn't be called on the main thread.

          Parameters
          admin ComponentName?: Which DeviceAdminReceiver this request is associated with. Null if the caller is not a device admin. This value may be null.
          filter IntentFilter!: The IntentFilter for which a default handler is added.
          activity ComponentName: The Activity that is added as default intent handler. This value cannot be null.
          Exceptions
          java.lang.SecurityException if admin is not a device or profile owner or holder of the permission android.Manifest.permission#MANAGE_DEVICE_POLICY_LOCK_TASK.

          addUserRestriction

          Added in API level 21
          open fun addUserRestriction(
              admin: ComponentName?,
              key: String!
          ): Unit

          Called by a profile owner, device owner or a holder of any permission that is associated with a user restriction to set a user restriction specified by the key.

          The calling device admin must be a profile owner, device owner or holder of any permission that is associated with a user restriction; if it is not, a security exception will be thrown.

          The profile owner of an organization-owned managed profile may invoke this method on the DevicePolicyManager instance it obtained from getParentProfileInstance(android.content.ComponentName), for enforcing device-wide restrictions.

          See the constants in android.os.UserManager for the list of restrictions that can be enforced device-wide. These constants will also state in their documentation which permission is required to manage the restriction using this API.

          Starting from Build.VERSION_CODES.UPSIDE_DOWN_CAKE, after the user restriction policy has been set, PolicyUpdateReceiver.onPolicySetResult(Context, String, will notify the admin on whether the policy was successfully set or not. This callback will contain:

          If there has been a change to the policy, PolicyUpdateReceiver.onPolicyChanged(Context, String, Bundle, TargetUser, will notify the admin of this change. This callback will contain the same parameters as PolicyUpdateReceiver#onPolicySetResult and the PolicyUpdateResult will contain the reason why the policy changed.
          Parameters
          admin ComponentName?: Which DeviceAdminReceiver this request is associated with or null if the caller is not a device admin.
          key String!: The key of the restriction. Value is android.os.UserManager#ALLOW_PARENT_PROFILE_APP_LINKING, android.os.UserManager.DISALLOW_ADD_CLONE_PROFILE, android.os.UserManager#DISALLOW_ADD_MANAGED_PROFILE, android.os.UserManager#DISALLOW_ADD_PRIVATE_PROFILE, android.os.UserManager#DISALLOW_ADD_USER, android.os.UserManager#DISALLOW_ADD_WIFI_CONFIG, android.os.UserManager#DISALLOW_ADJUST_VOLUME, android.os.UserManager#DISALLOW_AIRPLANE_MODE, android.os.UserManager#DISALLOW_AMBIENT_DISPLAY, android.os.UserManager#DISALLOW_APPS_CONTROL, android.os.UserManager#DISALLOW_ASSIST_CONTENT, android.os.UserManager#DISALLOW_AUTOFILL, android.os.UserManager.DISALLOW_BIOMETRIC, android.os.UserManager#DISALLOW_BLUETOOTH, android.os.UserManager#DISALLOW_BLUETOOTH_SHARING, android.os.UserManager.DISALLOW_CAMERA, android.os.UserManager#DISALLOW_CAMERA_TOGGLE, android.os.UserManager#DISALLOW_CELLULAR_2G, android.os.UserManager#DISALLOW_CHANGE_NEAR_FIELD_COMMUNICATION_RADIO, android.os.UserManager#DISALLOW_CHANGE_WIFI_STATE, android.os.UserManager#DISALLOW_CONFIG_BLUETOOTH, android.os.UserManager#DISALLOW_CONFIG_BRIGHTNESS, android.os.UserManager#DISALLOW_CONFIG_CELL_BROADCASTS, android.os.UserManager#DISALLOW_CONFIG_CREDENTIALS, android.os.UserManager#DISALLOW_CONFIG_DATE_TIME, android.os.UserManager#DISALLOW_CONFIG_DEFAULT_APPS, android.os.UserManager#DISALLOW_CONFIG_LOCALE, android.os.UserManager#DISALLOW_CONFIG_LOCATION, android.os.UserManager#DISALLOW_CONFIG_MOBILE_NETWORKS, android.os.UserManager#DISALLOW_CONFIG_PRIVATE_DNS, android.os.UserManager#DISALLOW_CONFIG_SCREEN_TIMEOUT, android.os.UserManager#DISALLOW_CONFIG_TETHERING, android.os.UserManager#DISALLOW_CONFIG_VPN, android.os.UserManager#DISALLOW_CONFIG_WIFI, android.os.UserManager#DISALLOW_CONTENT_CAPTURE, android.os.UserManager#DISALLOW_CONTENT_SUGGESTIONS, android.os.UserManager#DISALLOW_CREATE_WINDOWS, android.os.UserManager#DISALLOW_CROSS_PROFILE_COPY_PASTE, android.os.UserManager#DISALLOW_DATA_ROAMING, android.os.UserManager#DISALLOW_DEBUGGING_FEATURES, android.os.UserManager#DISALLOW_FACTORY_RESET, android.os.UserManager#DISALLOW_FUN, android.os.UserManager#DISALLOW_GRANT_ADMIN, android.os.UserManager#DISALLOW_INSTALL_APPS, android.os.UserManager#DISALLOW_INSTALL_UNKNOWN_SOURCES, android.os.UserManager#DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY, android.os.UserManager#DISALLOW_MICROPHONE_TOGGLE, android.os.UserManager#DISALLOW_MODIFY_ACCOUNTS, android.os.UserManager#DISALLOW_MOUNT_PHYSICAL_MEDIA, android.os.UserManager#DISALLOW_NEAR_FIELD_COMMUNICATION_RADIO, android.os.UserManager#DISALLOW_NETWORK_RESET, android.os.UserManager.DISALLOW_OEM_UNLOCK, android.os.UserManager#DISALLOW_OUTGOING_BEAM, android.os.UserManager#DISALLOW_OUTGOING_CALLS, android.os.UserManager#DISALLOW_PRINTING, android.os.UserManager.DISALLOW_RECORD_AUDIO, android.os.UserManager#DISALLOW_REMOVE_MANAGED_PROFILE, android.os.UserManager#DISALLOW_REMOVE_USER, android.os.UserManager.DISALLOW_RUN_IN_BACKGROUND, android.os.UserManager#DISALLOW_SAFE_BOOT, android.os.UserManager#DISALLOW_SET_USER_ICON, android.os.UserManager#DISALLOW_SET_WALLPAPER, android.os.UserManager#DISALLOW_SHARE_INTO_MANAGED_PROFILE, android.os.UserManager#DISALLOW_SHARE_LOCATION, android.os.UserManager#DISALLOW_SHARING_ADMIN_CONFIGURED_WIFI, android.os.UserManager#DISALLOW_SIM_GLOBALLY, android.os.UserManager#DISALLOW_SMS, android.os.UserManager#DISALLOW_SYSTEM_ERROR_DIALOGS, android.os.UserManager#DISALLOW_THREAD_NETWORK, android.os.UserManager#DISALLOW_ULTRA_WIDEBAND_RADIO, android.os.UserManager#DISALLOW_UNIFIED_PASSWORD, android.os.UserManager#DISALLOW_UNINSTALL_APPS, android.os.UserManager.DISALLOW_UNMUTE_DEVICE, android.os.UserManager#DISALLOW_UNMUTE_MICROPHONE, android.os.UserManager#DISALLOW_USB_FILE_TRANSFER, android.os.UserManager#DISALLOW_USER_SWITCH, android.os.UserManager.DISALLOW_WALLPAPER, android.os.UserManager#DISALLOW_WIFI_DIRECT, android.os.UserManager#DISALLOW_WIFI_TETHERING, android.os.UserManager#ENSURE_VERIFY_APPS, or android.os.UserManager#KEY_RESTRICTIONS_PENDING
          Exceptions
          java.lang.SecurityException if admin is not a device or profile owner and if the caller has not been granted the permission to set the given user restriction.

          addUserRestrictionGlobally

          Added in API level 34
          open fun addUserRestrictionGlobally(key: String): Unit

          Called by a profile owner, device owner or a holder of any permission that is associated with a user restriction to set a user restriction specified by the provided key globally on all users. To clear the restriction use clearUserRestriction.

          For a given user, a restriction will be set if it was applied globally or locally by any admin.

          The calling device admin must be a profile owner, device owner or a holder of any permission that is associated with a user restriction; if it is not, a security exception will be thrown.

          See the constants in android.os.UserManager for the list of restrictions that can be enforced device-wide. These constants will also state in their documentation which permission is required to manage the restriction using this API.

          After the user restriction policy has been set, PolicyUpdateReceiver.onPolicySetResult(Context, String, Bundle, TargetUser, will notify the admin on whether the policy was successfully set or not. This callback will contain:

          If there has been a change to the policy, PolicyUpdateReceiver.onPolicyChanged(Context, String, Bundle, TargetUser, will notify the admin of this change. This callback will contain the same parameters as PolicyUpdateReceiver#onPolicySetResult and the PolicyUpdateResult will contain the reason why the policy changed.
          Parameters
          key String: The key of the restriction. This value cannot be null. Value is android.os.UserManager#ALLOW_PARENT_PROFILE_APP_LINKING, android.os.UserManager.DISALLOW_ADD_CLONE_PROFILE, android.os.UserManager#DISALLOW_ADD_MANAGED_PROFILE, android.os.UserManager#DISALLOW_ADD_PRIVATE_PROFILE, android.os.UserManager#DISALLOW_ADD_USER, android.os.UserManager#DISALLOW_ADD_WIFI_CONFIG, android.os.UserManager#DISALLOW_ADJUST_VOLUME, android.os.UserManager#DISALLOW_AIRPLANE_MODE, android.os.UserManager#DISALLOW_AMBIENT_DISPLAY, android.os.UserManager#DISALLOW_APPS_CONTROL, android.os.UserManager#DISALLOW_ASSIST_CONTENT, android.os.UserManager#DISALLOW_AUTOFILL, android.os.UserManager.DISALLOW_BIOMETRIC, android.os.UserManager#DISALLOW_BLUETOOTH, android.os.UserManager#DISALLOW_BLUETOOTH_SHARING, android.os.UserManager.DISALLOW_CAMERA, android.os.UserManager#DISALLOW_CAMERA_TOGGLE, android.os.UserManager#DISALLOW_CELLULAR_2G, android.os.UserManager#DISALLOW_CHANGE_NEAR_FIELD_COMMUNICATION_RADIO, android.os.UserManager#DISALLOW_CHANGE_WIFI_STATE, android.os.UserManager#DISALLOW_CONFIG_BLUETOOTH, android.os.UserManager#DISALLOW_CONFIG_BRIGHTNESS, android.os.UserManager#DISALLOW_CONFIG_CELL_BROADCASTS, android.os.UserManager#DISALLOW_CONFIG_CREDENTIALS, android.os.UserManager#DISALLOW_CONFIG_DATE_TIME, android.os.UserManager#DISALLOW_CONFIG_DEFAULT_APPS, android.os.UserManager#DISALLOW_CONFIG_LOCALE, android.os.UserManager#DISALLOW_CONFIG_LOCATION, android.os.UserManager#DISALLOW_CONFIG_MOBILE_NETWORKS, android.os.UserManager#DISALLOW_CONFIG_PRIVATE_DNS, android.os.UserManager#DISALLOW_CONFIG_SCREEN_TIMEOUT, android.os.UserManager#DISALLOW_CONFIG_TETHERING, android.os.UserManager#DISALLOW_CONFIG_VPN, android.os.UserManager#DISALLOW_CONFIG_WIFI, android.os.UserManager#DISALLOW_CONTENT_CAPTURE, android.os.UserManager#DISALLOW_CONTENT_SUGGESTIONS, android.os.UserManager#DISALLOW_CREATE_WINDOWS, android.os.UserManager#DISALLOW_CROSS_PROFILE_COPY_PASTE, android.os.UserManager#DISALLOW_DATA_ROAMING, android.os.UserManager#DISALLOW_DEBUGGING_FEATURES, android.os.UserManager#DISALLOW_FACTORY_RESET, android.os.UserManager#DISALLOW_FUN, android.os.UserManager#DISALLOW_GRANT_ADMIN, android.os.UserManager#DISALLOW_INSTALL_APPS, android.os.UserManager#DISALLOW_INSTALL_UNKNOWN_SOURCES, android.os.UserManager#DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY, android.os.UserManager#DISALLOW_MICROPHONE_TOGGLE, android.os.UserManager#DISALLOW_MODIFY_ACCOUNTS, android.os.UserManager#DISALLOW_MOUNT_PHYSICAL_MEDIA, android.os.UserManager#DISALLOW_NEAR_FIELD_COMMUNICATION_RADIO, android.os.UserManager#DISALLOW_NETWORK_RESET, android.os.UserManager.DISALLOW_OEM_UNLOCK, android.os.UserManager#DISALLOW_OUTGOING_BEAM, android.os.UserManager#DISALLOW_OUTGOING_CALLS, android.os.UserManager#DISALLOW_PRINTING, android.os.UserManager.DISALLOW_RECORD_AUDIO, android.os.UserManager#DISALLOW_REMOVE_MANAGED_PROFILE, android.os.UserManager#DISALLOW_REMOVE_USER, android.os.UserManager.DISALLOW_RUN_IN_BACKGROUND, android.os.UserManager#DISALLOW_SAFE_BOOT, android.os.UserManager#DISALLOW_SET_USER_ICON, android.os.UserManager#DISALLOW_SET_WALLPAPER, android.os.UserManager#DISALLOW_SHARE_INTO_MANAGED_PROFILE, android.os.UserManager#DISALLOW_SHARE_LOCATION, android.os.UserManager#DISALLOW_SHARING_ADMIN_CONFIGURED_WIFI, android.os.UserManager#DISALLOW_SIM_GLOBALLY, android.os.UserManager#DISALLOW_SMS, android.os.UserManager#DISALLOW_SYSTEM_ERROR_DIALOGS, android.os.UserManager#DISALLOW_THREAD_NETWORK, android.os.UserManager#DISALLOW_ULTRA_WIDEBAND_RADIO, android.os.UserManager#DISALLOW_UNIFIED_PASSWORD, android.os.UserManager#DISALLOW_UNINSTALL_APPS, android.os.UserManager.DISALLOW_UNMUTE_DEVICE, android.os.UserManager#DISALLOW_UNMUTE_MICROPHONE, android.os.UserManager#DISALLOW_USB_FILE_TRANSFER, android.os.UserManager#DISALLOW_USER_SWITCH, android.os.UserManager.DISALLOW_WALLPAPER, android.os.UserManager#DISALLOW_WIFI_DIRECT, android.os.UserManager#DISALLOW_WIFI_TETHERING, android.os.UserManager#ENSURE_VERIFY_APPS, or android.os.UserManager#KEY_RESTRICTIONS_PENDING
          Exceptions
          java.lang.SecurityException if admin is not a device or profile owner and if the caller has not been granted the permission to set the given user restriction.
          java.lang.IllegalStateException if caller is not targeting Android android.os.Build.VERSION_CODES#UPSIDE_DOWN_CAKE or above.

          bindDeviceAdminServiceAsUser

          Added in API level 34
          open fun bindDeviceAdminServiceAsUser(
              admin: ComponentName,
              serviceIntent: Intent,
              conn: ServiceConnection,
              flags: Context.BindServiceFlags,
              targetUser: UserHandle
          ): Boolean

          See bindDeviceAdminServiceAsUser(android.content.ComponentName,android.content.Intent,android.content.ServiceConnection,int,android.os.UserHandle). Call Context.BindServiceFlags.of(long) to obtain a BindServiceFlags object.

          Parameters
          admin ComponentName: This value cannot be null.
          serviceIntent Intent: This value cannot be null.
          conn ServiceConnection: This value cannot be null.
          flags Context.BindServiceFlags: This value cannot be null.
          targetUser UserHandle: This value cannot be null.

          bindDeviceAdminServiceAsUser

          Added in API level 26
          open fun bindDeviceAdminServiceAsUser(
              admin: ComponentName,
              serviceIntent: Intent,
              conn: ServiceConnection,
              flags: Int,
              targetUser: UserHandle
          ): Boolean

          Called by a device owner to bind to a service from a secondary managed user or vice versa. See getBindDeviceAdminTargetUsers for the pre-requirements of a device owner to bind to services of another managed user.

          The service must be protected by android.Manifest.permission#BIND_DEVICE_ADMIN. Note that the Context used to obtain this DevicePolicyManager instance via Context.getSystemService(Class) will be used to bind to the android.app.Service.

          Note: This method used to be available for communication between device owner and profile owner. However, since Android 11, this combination is not possible. This method is now only useful for communication between device owner and managed secondary users.

          Parameters
          admin ComponentName: Which DeviceAdminReceiver this request is associated with. This value cannot be null.
          serviceIntent Intent: Identifies the service to connect to. The Intent must specify either an explicit component name or a package name to match an IntentFilter published by a service. This value cannot be null.
          conn ServiceConnection: Receives information as the service is started and stopped in main thread. This must be a valid ServiceConnection object; it must not be null.
          flags Int: Operation options for the binding operation. See Context.bindService(Intent, ServiceConnection, int). Value is either 0 or a combination of android.content.Context#BIND_AUTO_CREATE, android.content.Context#BIND_DEBUG_UNBIND, android.content.Context#BIND_NOT_FOREGROUND, android.content.Context#BIND_ABOVE_CLIENT, android.content.Context#BIND_ALLOW_OOM_MANAGEMENT, android.content.Context#BIND_WAIVE_PRIORITY, android.content.Context#BIND_IMPORTANT, android.content.Context#BIND_ADJUST_WITH_ACTIVITY, android.content.Context#BIND_NOT_PERCEPTIBLE, android.content.Context#BIND_ALLOW_ACTIVITY_STARTS, android.content.Context#BIND_INCLUDE_CAPABILITIES, android.content.Context#BIND_SHARED_ISOLATED_PROCESS, android.content.Context#BIND_PACKAGE_ISOLATED_PROCESS, and android.content.Context#BIND_EXTERNAL_SERVICE
          targetUser UserHandle: Which user to bind to. Must be one of the users returned by getBindDeviceAdminTargetUsers, otherwise a SecurityException will be thrown. This value cannot be null.
          Return
          Boolean If you have successfully bound to the service, true is returned; false is returned if the connection is not made and you will not receive the service object.

          canAdminGrantSensorsPermissions

          Added in API level 31
          open fun canAdminGrantSensorsPermissions(): Boolean

          Returns true if the caller is running on a device where an admin can grant permissions related to device sensors. This is a signal that the device is a fully-managed device where personal usage is discouraged. The list of permissions is listed in setPermissionGrantState(android.content.ComponentName,java.lang.String,java.lang.String,int). May be called by any app.

          Return
          Boolean true if an admin can grant device sensors-related permissions, false otherwise.

          canUsbDataSignalingBeDisabled

          Added in API level 31
          open fun canUsbDataSignalingBeDisabled(): Boolean

          Returns whether enabling or disabling USB data signaling is supported on the device.

          Return
          Boolean true if the device supports enabling and disabling USB data signaling.

          clearApplicationUserData

          Added in API level 28
          open fun clearApplicationUserData(
              admin: ComponentName,
              packageName: String,
              executor: Executor,
              listener: DevicePolicyManager.OnClearApplicationUserDataListener
          ): Unit

          Called by the device owner or profile owner to clear application user data of a given package. The behaviour of this is equivalent to the target application calling android.app.ActivityManager#clearApplicationUserData().

          Note: an application can store data outside of its application data, e.g. external storage or user dictionary. This data will not be wiped by calling this API.

          Parameters
          admin ComponentName: Which DeviceAdminReceiver this request is associated with. This value cannot be null.
          packageName String: The name of the package which will have its user data wiped. This value cannot be null.
          executor Executor: The executor through which the listener should be invoked. This value cannot be null. Callback and listener events are dispatched through this Executor, providing an easy way to control which thread is used. To dispatch events through the main thread of your application, you can use Context.getMainExecutor(). Otherwise, provide an Executor that dispatches to an appropriate thread.
          listener DevicePolicyManager.OnClearApplicationUserDataListener: A callback object that will inform the caller when the clearing is done. This value cannot be null.
          Exceptions
          java.lang.SecurityException if the caller is not the device owner/profile owner.

          clearCrossProfileIntentFilters

          Added in API level 21
          open fun clearCrossProfileIntentFilters(admin: ComponentName?): Unit

          Called by a profile owner of a managed profile to remove the cross-profile intent filters that go from the managed profile to the parent, or from the parent to the managed profile. Only removes those that have been set by the profile owner.

          Note: A list of default cross profile intent filters are set up by the system when the profile is created, some of them ensure the proper functioning of the profile, while others enable sharing of data from the parent to the managed profile for user convenience. These default intent filters are not cleared when this API is called. If the default cross profile data sharing is not desired, they can be disabled with UserManager.DISALLOW_SHARE_INTO_MANAGED_PROFILE.

          Parameters
          admin ComponentName?: Which DeviceAdminReceiver this request is associated with. This value may be null.
          Exceptions
          java.lang.SecurityException if admin is not a profile owner.

          clearDeviceOwnerApp

          Added in API level 21
          Deprecated in API level 26
          open fun clearDeviceOwnerApp(packageName: String!): Unit

          Deprecated: This method is expected to be used for testing purposes only. The device owner will lose control of the device and its data after calling it. In order to protect any sensitive data that remains on the device, it is advised that the device owner factory resets the device instead of calling this method. See wipeData(int).

          Clears the current device owner. The caller must be the device owner. This function should be used cautiously as once it is called it cannot be undone. The device owner can only be set as a part of device setup, before it completes.

          While some policies previously set by the device owner will be cleared by this method, it is a best-effort process and some other policies will still remain in place after the device owner is cleared.

          Parameters
          packageName String!: The package name of the device owner.
          Exceptions
          java.lang.SecurityException if the caller is not in packageName or packageName does not own the current device owner component.

          clearPackagePersistentPreferredActivities

          Added in API level 21
          open fun clearPackagePersistentPreferredActivities(
              admin: ComponentName?,
              packageName: String!
          ): Unit

          Called by a profile owner or device owner or holder of the permission android.Manifest.permission#MANAGE_DEVICE_POLICY_LOCK_TASK to remove all persistent intent handler preferences associated with the given package that were set by addPersistentPreferredActivity.

          The calling device admin must be a profile owner. If it is not, a security exception will be thrown.

          Starting from Build.VERSION_CODES.UPSIDE_DOWN_CAKE, after the persistent preferred activity policy has been cleared, PolicyUpdateReceiver.onPolicySetResult(Context, will notify the admin on whether the policy was successfully cleared or not. This callback will contain:

          If there has been a change to the policy, PolicyUpdateReceiver.onPolicyChanged(Context, String, Bundle, TargetUser, will notify the admin of this change. This callback will contain the same parameters as PolicyUpdateReceiver#onPolicySetResult and the PolicyUpdateResult will contain the reason why the policy changed.
          Parameters
          admin ComponentName?: Which DeviceAdminReceiver this request is associated with. Null if the caller is not a device admin. This value may be null.
          packageName String!: The name of the package for which preferences are removed.
          Exceptions
          java.lang.SecurityException if admin is not a device or profile owner or holder of the permission android.Manifest.permission#MANAGE_DEVICE_POLICY_LOCK_TASK.

          clearProfileOwner

          Added in API level 24
          Deprecated in API level 26
          open fun clearProfileOwner(admin: ComponentName): Unit

          Deprecated: This method is expected to be used for testing purposes only. The profile owner will lose control of the user and its data after calling it. In order to protect any sensitive data that remains on this user, it is advised that the profile owner deletes it instead of calling this method. See wipeData(int).

          Clears the active profile owner. The caller must be the profile owner of this user, otherwise a SecurityException will be thrown. This method is not available to managed profile owners.

          While some policies previously set by the profile owner will be cleared by this method, it is a best-effort process and some other policies will still remain in place after the profile owner is cleared.

          Parameters
          admin ComponentName: The component to remove as the profile owner. This value cannot be null.
          Exceptions
          java.lang.SecurityException if admin is not an active profile owner, or the method is being called from a managed profile.

          clearResetPasswordToken

          Added in API level 26
          open fun clearResetPasswordToken(admin: ComponentName?): Boolean

          Called by a profile, device owner or holder of the permission android.Manifest.permission#MANAGE_DEVICE_POLICY_RESET_PASSWORD to revoke the current password reset token.

          On devices not supporting PackageManager.FEATURE_SECURE_LOCK_SCREEN feature, this method has no effect - the reset token should not have been set in the first place - and false is returned.
          Requires the PackageManager#FEATURE_SECURE_LOCK_SCREEN feature which can be detected using PackageManager.hasSystemFeature(String).

          Parameters
          admin ComponentName?: Which DeviceAdminReceiver this request is associated with. Null if the caller is not a device admin. This value may be null.
          Return
          Boolean true if the operation is successful, false otherwise.
          Exceptions
          java.lang.SecurityException if admin is not a device or profile owner and if the caller does not the permission android.Manifest.permission#MANAGE_DEVICE_POLICY_RESET_PASSWORD.

          clearUserRestriction

          Added in API level 21
          open fun clearUserRestriction(
              admin: ComponentName?,
              key: String!
          ): Unit

          Called by a profile owner, device owner or a holder of any permission that is associated with a user restriction to clear a user restriction specified by the key.

          The calling device admin must be a profile or device owner; if it is not, a security exception will be thrown.

          The profile owner of an organization-owned managed profile may invoke this method on the DevicePolicyManager instance it obtained from getParentProfileInstance(android.content.ComponentName), for clearing device-wide restrictions.

          See the constants in android.os.UserManager for the list of restrictions. These constants state in their documentation which permission is required to manage the restriction using this API.

          Starting from Build.VERSION_CODES.UPSIDE_DOWN_CAKE, after the user restriction policy has been cleared, PolicyUpdateReceiver.onPolicySetResult(Context, String, will notify the admin on whether the policy was successfully cleared or not. This callback will contain:

          If there has been a change to the policy, PolicyUpdateReceiver.onPolicyChanged(Context, String, Bundle, TargetUser, will notify the admin of this change. This callback will contain the same parameters as PolicyUpdateReceiver#onPolicySetResult and the PolicyUpdateResult will contain the reason why the policy changed.
          Parameters
          admin ComponentName?: Which DeviceAdminReceiver this request is associated with or null if the caller is not a device admin.
          key String!: The key of the restriction. Value is android.os.UserManager#ALLOW_PARENT_PROFILE_APP_LINKING, android.os.UserManager.DISALLOW_ADD_CLONE_PROFILE, android.os.UserManager#DISALLOW_ADD_MANAGED_PROFILE, android.os.UserManager#DISALLOW_ADD_PRIVATE_PROFILE, android.os.UserManager#DISALLOW_ADD_USER, android.os.UserManager#DISALLOW_ADD_WIFI_CONFIG, android.os.UserManager#DISALLOW_ADJUST_VOLUME, android.os.UserManager#DISALLOW_AIRPLANE_MODE, android.os.UserManager#DISALLOW_AMBIENT_DISPLAY, android.os.UserManager#DISALLOW_APPS_CONTROL, android.os.UserManager#DISALLOW_ASSIST_CONTENT, android.os.UserManager#DISALLOW_AUTOFILL, android.os.UserManager.DISALLOW_BIOMETRIC, android.os.UserManager#DISALLOW_BLUETOOTH, android.os.UserManager#DISALLOW_BLUETOOTH_SHARING, android.os.UserManager.DISALLOW_CAMERA, android.os.UserManager#DISALLOW_CAMERA_TOGGLE, android.os.UserManager#DISALLOW_CELLULAR_2G, android.os.UserManager#DISALLOW_CHANGE_NEAR_FIELD_COMMUNICATION_RADIO, android.os.UserManager#DISALLOW_CHANGE_WIFI_STATE, android.os.UserManager#DISALLOW_CONFIG_BLUETOOTH, android.os.UserManager#DISALLOW_CONFIG_BRIGHTNESS, android.os.UserManager#DISALLOW_CONFIG_CELL_BROADCASTS, android.os.UserManager#DISALLOW_CONFIG_CREDENTIALS, android.os.UserManager#DISALLOW_CONFIG_DATE_TIME, android.os.UserManager#DISALLOW_CONFIG_DEFAULT_APPS, android.os.UserManager#DISALLOW_CONFIG_LOCALE, android.os.UserManager#DISALLOW_CONFIG_LOCATION, android.os.UserManager#DISALLOW_CONFIG_MOBILE_NETWORKS, android.os.UserManager#DISALLOW_CONFIG_PRIVATE_DNS, android.os.UserManager#DISALLOW_CONFIG_SCREEN_TIMEOUT, android.os.UserManager#DISALLOW_CONFIG_TETHERING, android.os.UserManager#DISALLOW_CONFIG_VPN, android.os.UserManager#DISALLOW_CONFIG_WIFI, android.os.UserManager#DISALLOW_CONTENT_CAPTURE, android.os.UserManager#DISALLOW_CONTENT_SUGGESTIONS, android.os.UserManager#DISALLOW_CREATE_WINDOWS, android.os.UserManager#DISALLOW_CROSS_PROFILE_COPY_PASTE, android.os.UserManager#DISALLOW_DATA_ROAMING, android.os.UserManager#DISALLOW_DEBUGGING_FEATURES, android.os.UserManager#DISALLOW_FACTORY_RESET, android.os.UserManager#DISALLOW_FUN, android.os.UserManager#DISALLOW_GRANT_ADMIN, android.os.UserManager#DISALLOW_INSTALL_APPS, android.os.UserManager#DISALLOW_INSTALL_UNKNOWN_SOURCES, android.os.UserManager#DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY, android.os.UserManager#DISALLOW_MICROPHONE_TOGGLE, android.os.UserManager#DISALLOW_MODIFY_ACCOUNTS, android.os.UserManager#DISALLOW_MOUNT_PHYSICAL_MEDIA, android.os.UserManager#DISALLOW_NEAR_FIELD_COMMUNICATION_RADIO, android.os.UserManager#DISALLOW_NETWORK_RESET, android.os.UserManager.DISALLOW_OEM_UNLOCK, android.os.UserManager#DISALLOW_OUTGOING_BEAM, android.os.UserManager#DISALLOW_OUTGOING_CALLS, android.os.UserManager#DISALLOW_PRINTING, android.os.UserManager.DISALLOW_RECORD_AUDIO, android.os.UserManager#DISALLOW_REMOVE_MANAGED_PROFILE, android.os.UserManager#DISALLOW_REMOVE_USER, android.os.UserManager.DISALLOW_RUN_IN_BACKGROUND, android.os.UserManager#DISALLOW_SAFE_BOOT, android.os.UserManager#DISALLOW_SET_USER_ICON, android.os.UserManager#DISALLOW_SET_WALLPAPER, android.os.UserManager#DISALLOW_SHARE_INTO_MANAGED_PROFILE, android.os.UserManager#DISALLOW_SHARE_LOCATION, android.os.UserManager#DISALLOW_SHARING_ADMIN_CONFIGURED_WIFI, android.os.UserManager#DISALLOW_SIM_GLOBALLY, android.os.UserManager#DISALLOW_SMS, android.os.UserManager#DISALLOW_SYSTEM_ERROR_DIALOGS, android.os.UserManager#DISALLOW_THREAD_NETWORK, android.os.UserManager#DISALLOW_ULTRA_WIDEBAND_RADIO, android.os.UserManager#DISALLOW_UNIFIED_PASSWORD, android.os.UserManager#DISALLOW_UNINSTALL_APPS, android.os.UserManager.DISALLOW_UNMUTE_DEVICE, android.os.UserManager#DISALLOW_UNMUTE_MICROPHONE, android.os.UserManager#DISALLOW_USB_FILE_TRANSFER, android.os.UserManager#DISALLOW_USER_SWITCH, android.os.UserManager.DISALLOW_WALLPAPER, android.os.UserManager#DISALLOW_WIFI_DIRECT, android.os.UserManager#DISALLOW_WIFI_TETHERING, android.os.UserManager#ENSURE_VERIFY_APPS, or android.os.UserManager#KEY_RESTRICTIONS_PENDING
          Exceptions
          java.lang.SecurityException if admin is not a device or profile owner and if the caller has not been granted the permission to set the given user restriction.

          createAdminSupportIntent

          Added in API level 26
          open fun createAdminSupportIntent(restriction: String): Intent!

          Called by any app to display a support dialog when a feature was disabled by an admin. This returns an intent that can be used with Context.startActivity(Intent) to display the dialog. It will tell the user that the feature indicated by restriction was disabled by an admin, and include a link for more information. The default content of the dialog can be changed by the restricting admin via setShortSupportMessage(android.content.ComponentName,java.lang.CharSequence). If the restriction is not set (i.e. the feature is available), then the return value will be null.

          Parameters
          restriction String: Indicates for which feature the dialog should be displayed. Can be a user restriction from UserManager, e.g. UserManager.DISALLOW_ADJUST_VOLUME, or one of the constants POLICY_DISABLE_CAMERA or POLICY_DISABLE_SCREEN_CAPTURE. This value cannot be null.
          Return
          Intent! Intent An intent to be used to start the dialog-activity if the restriction is set by an admin, or null if the restriction does not exist or no admin set it.

          createAndManageUser

          Added in API level 24
          open fun createAndManageUser(
              admin: ComponentName,
              name: String,
              profileOwner: ComponentName,
              adminExtras: PersistableBundle?,
              flags: Int
          ): UserHandle?

          Called by a device owner to create a user with the specified name and a given component of the calling package as profile owner. The UserHandle returned by this method should not be persisted as user handles are recycled as users are removed and created. If you need to persist an identifier for this user, use UserManager.getSerialNumberForUser. The new user will not be started in the background.

          admin is the DeviceAdminReceiver which is the device owner. profileOwner is also a DeviceAdminReceiver in the same package as admin, and will become the profile owner and will be registered as an active admin on the new user. The profile owner package will be installed on the new user.

          If the adminExtras are not null, they will be stored on the device until the user is started for the first time. Then the extras will be passed to the admin when onEnable is called.

          From android.os.Build.VERSION_CODES#P onwards, if targeting android.os.Build.VERSION_CODES#P, throws UserOperationException instead of returning null on failure.

          Parameters
          admin ComponentName: Which DeviceAdminReceiver this request is associated with. This value cannot be null.
          name String: The user's name. This value cannot be null.
          profileOwner ComponentName: Which DeviceAdminReceiver will be profile owner. Has to be in the same package as admin, otherwise no user is created and an IllegalArgumentException is thrown. This value cannot be null.
          adminExtras PersistableBundle?: Extras that will be passed to onEnable of the admin receiver on the new user. This value may be null.
          flags Int: SKIP_SETUP_WIZARD, MAKE_USER_EPHEMERAL and LEAVE_ALL_SYSTEM_APPS_ENABLED are supported. Value is either 0 or a combination of android.app.admin.DevicePolicyManager#SKIP_SETUP_WIZARD, android.app.admin.DevicePolicyManager#MAKE_USER_EPHEMERAL, android.app.admin.DevicePolicyManager.MAKE_USER_DEMO, and android.app.admin.DevicePolicyManager#LEAVE_ALL_SYSTEM_APPS_ENABLED
          Return
          UserHandle? the android.os.UserHandle object for the created user, or null if the user could not be created.
          Exceptions
          java.lang.SecurityException if admin is not a device owner
          android.os.UserManager.UserOperationException if the user could not be created and the calling app is targeting android.os.Build.VERSION_CODES#P and running on android.os.Build.VERSION_CODES#P.

          enableSystemApp

          Added in API level 21
          open fun enableSystemApp(
              admin: ComponentName,
              intent: Intent!
          ): Int

          Re-enable system apps by intent that were disabled by default when the user was initialized. This function can be called by a device owner, profile owner, or by a delegate given the DELEGATION_ENABLE_SYSTEM_APP scope via setDelegatedScopes.

          Parameters
          admin ComponentName: Which DeviceAdminReceiver this request is associated with, or null if the caller is an enable system app delegate.
          intent Intent!: An intent matching the app(s) to be installed. All apps that resolve for this intent will be re-enabled in the calling profile.
          Return
          Int int The number of activities that matched the intent and were installed.
          Exceptions
          java.lang.SecurityException if admin is not a device or profile owner.

          enableSystemApp

          Added in API level 21
          open fun enableSystemApp(
              admin: ComponentName,
              packageName: String!
          ): Unit

          Re-enable a system app that was disabled by default when the user was initialized. This function can be called by a device owner, profile owner, or by a delegate given the DELEGATION_ENABLE_SYSTEM_APP scope via setDelegatedScopes.

          Parameters
          admin ComponentName: Which DeviceAdminReceiver this request is associated with, or null if the caller is an enable system app delegate.
          packageName String!: The package to be re-enabled in the calling profile.
          Exceptions
          java.lang.SecurityException if admin is not a device or profile owner.

          generateKeyPair

          Added in API level 28
          open fun generateKeyPair(
              admin: ComponentName?,
              algorithm: String,
              keySpec: KeyGenParameterSpec,
              idAttestationFlags: Int
          ): AttestedKeyPair!

          This API can be called by the following to generate a new private/public key pair:

          If the device supports key generation via secure hardware, this method is useful for creating a key in KeyChain that never left the secure hardware. Access to the key is controlled the same way as in #installKeyPair.

          From Android android.os.Build.VERSION_CODES#S, the credential management app can call this API. If called by the credential management app, the componentName must be null. Note, there can only be a credential management app on an unmanaged device.

          Because this method might take several seconds to complete, it should only be called from a worker thread. This method returns null when called from the main thread.

          This method is not thread-safe, calling it from multiple threads at the same time will result in undefined behavior. If the calling thread is interrupted while the invocation is in-flight, it will eventually terminate and return null.

          Note: If the provided alias is of an existing alias, all former grants that apps have been given to access the key and certificates associated with this alias will be revoked.

          Attestation: to enable attestation, set an attestation challenge in keySpec via KeyGenParameterSpec.Builder.setAttestationChallenge. By specifying flags to the idAttestationFlags parameter, it is possible to request the device's unique identity to be included in the attestation record.

          Specific identifiers can be included in the attestation record, and an individual attestation certificate can be used to sign the attestation record. To find out if the device supports these features, refer to isDeviceIdAttestationSupported() and isUniqueDeviceAttestationSupported().

          Device owner, profile owner, their delegated certificate installer and the credential management app can use ID_TYPE_BASE_INFO to request inclusion of the general device information including manufacturer, model, brand, device and product in the attestation record. Only device owner, profile owner on an organization-owned device or affiliated user, and their delegated certificate installers can use ID_TYPE_SERIAL, ID_TYPE_IMEI and ID_TYPE_MEID to request unique device identifiers to be attested (the serial number, IMEI and MEID correspondingly), if supported by the device (see isDeviceIdAttestationSupported()). Additionally, device owner, profile owner on an organization-owned device and their delegated certificate installers can also request the attestation record to be signed using an individual attestation certificate by specifying the ID_TYPE_INDIVIDUAL_ATTESTATION flag (if supported by the device, see isUniqueDeviceAttestationSupported()).

          If any of ID_TYPE_SERIAL, ID_TYPE_IMEI and ID_TYPE_MEID is set, it is implicitly assumed that ID_TYPE_BASE_INFO is also set.

          Attestation using ID_TYPE_INDIVIDUAL_ATTESTATION can only be requested if key generation is done in StrongBox.

          Parameters
          admin ComponentName?: Which DeviceAdminReceiver this request is associated with, or null if the caller is not a device admin.
          algorithm String: The key generation algorithm, see java.security.KeyPairGenerator. This value cannot be null.
          keySpec KeyGenParameterSpec: Specification of the key to generate, see java.security.KeyPairGenerator. This value cannot be null.
          idAttestationFlags Int: A bitmask of the identifiers that should be included in the attestation record (ID_TYPE_BASE_INFO, ID_TYPE_SERIAL, ID_TYPE_IMEI and ID_TYPE_MEID), and ID_TYPE_INDIVIDUAL_ATTESTATION if the attestation record should be signed using an individual attestation certificate.

          0 should be passed in if no device identification is required in the attestation record and the batch attestation certificate should be used.

          If any flag is specified, then an attestation challenge must be included in the keySpec. Value is either 0 or a combination of android.app.admin.DevicePolicyManager#ID_TYPE_BASE_INFO, android.app.admin.DevicePolicyManager#ID_TYPE_SERIAL, android.app.admin.DevicePolicyManager#ID_TYPE_IMEI, android.app.admin.DevicePolicyManager#ID_TYPE_MEID, and android.app.admin.DevicePolicyManager#ID_TYPE_INDIVIDUAL_ATTESTATION

          Return
          AttestedKeyPair! A non-null AttestedKeyPair if the key generation succeeded, null otherwise.
          Exceptions
          java.lang.SecurityException if admin is not null and not a device or profile owner, or admin is null but the calling application is not a delegated certificate installer or credential management app. If Device ID attestation is requested (using ID_TYPE_SERIAL, ID_TYPE_IMEI or ID_TYPE_MEID), the caller must be the Device Owner or the Certificate Installer delegate.
          java.lang.IllegalArgumentException in the following cases:

          • The alias in keySpec is empty.
          • The algorithm specification in keySpec is not RSAKeyGenParameterSpec or ECGenParameterSpec.
          • Device ID attestation was requested but the keySpec does not contain an attestation challenge.
          java.lang.UnsupportedOperationException if Device ID attestation or individual attestation was requested but the underlying hardware does not support it.
          android.security.keystore.StrongBoxUnavailableException if the use of StrongBox for key generation was specified in keySpec but the device does not have one.

          getAccountTypesWithManagementDisabled

          Added in API level 21
          open fun getAccountTypesWithManagementDisabled(): Array<String!>?

          Gets the array of accounts for which account management is disabled by the profile owner or device owner.

          Account management can be disabled/enabled by calling setAccountManagementDisabled.

          This method may be called on the DevicePolicyManager instance returned from getParentProfileInstance(android.content.ComponentName). Note that only a profile owner on an organization-owned device can affect account types on the parent profile instance.

          Return
          Array<String!>? a list of account types for which account management has been disabled. This value may be null.

          getActiveAdmins

          Added in API level 8
          open fun getActiveAdmins(): MutableList<ComponentName!>?

          Return a list of all currently active device administrators' component names. If there are no administrators null may be returned.

          getAffiliationIds

          Added in API level 26
          open fun getAffiliationIds(admin: ComponentName): MutableSet<String!>

          Returns the set of affiliation ids previously set via setAffiliationIds, or an empty set if none have been set.

          Parameters
          admin ComponentName: This value cannot be null.
          Return
          MutableSet<String!> This value cannot be null.

          getAlwaysOnVpnLockdownWhitelist

          Added in API level 29
          open fun getAlwaysOnVpnLockdownWhitelist(admin: ComponentName): MutableSet<String!>?

          Called by device or profile owner to query the set of packages that are allowed to access the network directly when always-on VPN is in lockdown mode but not connected. Returns null when always-on VPN is not active or not in lockdown mode.

          Parameters
          admin ComponentName: Which DeviceAdminReceiver this request is associated with. This value cannot be null.
          Exceptions
          java.lang.SecurityException if admin is not a device or a profile owner.

          getAlwaysOnVpnPackage

          Added in API level 24
          open fun getAlwaysOnVpnPackage(admin: ComponentName): String?

          Called by a device or profile owner to read the name of the package administering an always-on VPN connection for the current user. If there is no such package, or the always-on VPN is provided by the system instead of by an application, null will be returned.

          Parameters
          admin ComponentName: This value cannot be null.
          Return
          String? Package name of VPN controller responsible for always-on VPN, or null if none is set.
          Exceptions
          java.lang.SecurityException if admin is not a device or a profile owner.

          getAppFunctionsPolicy

          Added in API level 36
          open fun getAppFunctionsPolicy(): Int

          Returns the current android.app.appfunctions.AppFunctionManager policy.

          The returned policy will be the current resolved policy rather than the policy set by the calling admin.

          Return
          Int Value is android.app.admin.DevicePolicyManager#APP_FUNCTIONS_NOT_CONTROLLED_BY_POLICY, android.app.admin.DevicePolicyManager#APP_FUNCTIONS_DISABLED, or android.app.admin.DevicePolicyManager#APP_FUNCTIONS_DISABLED_CROSS_PROFILE
          Exceptions
          java.lang.SecurityException if caller is not a device owner, a profile owner or a holder of the permission android.Manifest.permission#MANAGE_DEVICE_POLICY_APP_FUNCTIONS.

          getApplicationRestrictions

          Added in API level 21
          open fun getApplicationRestrictions(
              admin: ComponentName?,
              packageName: String!
          ): Bundle

          Retrieves the application restrictions for a given target application running in the calling user.

          The caller must be a profile or device owner on that user, or the package allowed to manage application restrictions via setDelegatedScopes with the DELEGATION_APP_RESTRICTIONS scope; otherwise a security exception will be thrown.

          NOTE: The method performs disk I/O and shouldn't be called on the main thread
          This method may take several seconds to complete, so it should only be called from a worker thread.

          Parameters
          admin ComponentName?: Which DeviceAdminReceiver this request is associated with, or null if called by the application restrictions managing package.
          packageName String!: The name of the package to fetch restricted settings of.
          Return
          Bundle Bundle of settings corresponding to what was set last time DevicePolicyManager.setApplicationRestrictions was called, or an empty Bundle if no restrictions have been set. This value cannot be null.
          Exceptions
          java.lang.SecurityException if admin is not a device or profile owner.

          getApplicationRestrictionsManagingPackage

          Added in API level 24
          Deprecated in API level 26
          open fun getApplicationRestrictionsManagingPackage(admin: ComponentName): String?

          Deprecated: From android.os.Build.VERSION_CODES#O. Use getDelegatePackages with the DELEGATION_APP_RESTRICTIONS scope instead.

          Called by a profile owner or device owner to retrieve the application restrictions managing package for the current user, or null if none is set. If there are multiple delegates this function will return one of them.

          Parameters
          admin ComponentName: Which DeviceAdminReceiver this request is associated with. This value cannot be null.
          Return
          String? The package name allowed to manage application restrictions on the current user, or null if none is set.
          Exceptions
          java.lang.SecurityException if admin is not a device or profile owner.

          getAutoTimeEnabled

          Added in API level 30
          open fun getAutoTimeEnabled(admin: ComponentName?): Boolean

          Returns true if auto time is enabled on the device.

          Parameters
          admin ComponentName?: Which DeviceAdminReceiver this request is associated with. Null if the caller is not a device admin. This value may be null.
          Return
          Boolean true if auto time is enabled on the device.
          Exceptions
          java.lang.SecurityException if caller is not a device owner, a profile owner for the primary user, or a profile owner of an organization-owned managed profile.

          getAutoTimePolicy

          Added in API level 36
          open fun getAutoTimePolicy(): Int

          Returns current auto time policy's state.

          Return
          Int One of AUTO_TIME_ENABLED if enabled, AUTO_TIME_DISABLED if disabled and AUTO_TIME_NOT_CONTROLLED_BY_POLICY if it's not controlled by policy. Value is android.app.admin.DevicePolicyManager#AUTO_TIME_NOT_CONTROLLED_BY_POLICY, android.app.admin.DevicePolicyManager#AUTO_TIME_DISABLED, or android.app.admin.DevicePolicyManager#AUTO_TIME_ENABLED
          Exceptions
          java.lang.SecurityException if caller is not a device owner, a profile owner for the primary user, or a profile owner of an organization-owned managed profile, or if the caller does not hold the required permission.

          getAutoTimeRequired

          Added in API level 21
          Deprecated in API level 30
          open fun getAutoTimeRequired(): Boolean

          Deprecated: From android.os.Build.VERSION_CODES#R. Use getAutoTimeEnabled

          Return
          Boolean true if auto time is required.

          getAutoTimeZoneEnabled

          Added in API level 30
          open fun getAutoTimeZoneEnabled(admin: ComponentName?): Boolean

          Returns true if auto time zone is enabled on the device.

          Parameters
          admin ComponentName?: Which DeviceAdminReceiver this request is associated with. Null if the caller is not a device admin. This value may be null.
          Return
          Boolean true if auto time zone is enabled on the device.
          Exceptions
          java.lang.SecurityException if caller is not a device owner, a profile owner for the primary user, or a profile owner of an organization-owned managed profile.

          getAutoTimeZonePolicy

          Added in API level 36
          open fun getAutoTimeZonePolicy(): Int

          Returns auto time zone policy's current state.

          Return
          Int One of AUTO_TIME_ZONE_ENABLED if enabled, AUTO_TIME_ZONE_DISABLED if disabled and AUTO_TIME_ZONE_NOT_CONTROLLED_BY_POLICY if the state is not controlled by policy. Value is android.app.admin.DevicePolicyManager#AUTO_TIME_ZONE_NOT_CONTROLLED_BY_POLICY, android.app.admin.DevicePolicyManager#AUTO_TIME_ZONE_DISABLED, or android.app.admin.DevicePolicyManager#AUTO_TIME_ZONE_ENABLED
          Exceptions
          java.lang.SecurityException if caller is not a device owner, a profile owner for the primary user, or a profile owner of an organization-owned managed profile, or if the caller does not hold the required permission.

          getBindDeviceAdminTargetUsers

          Added in API level 26
          open fun getBindDeviceAdminTargetUsers(admin: ComponentName): MutableList<UserHandle!>

          Returns the list of target users that the calling device owner or owner of secondary user can use when calling #bindDeviceAdminServiceAsUser.

          A device owner can bind to a service from a secondary managed user and vice versa, provided that both users are affiliated. See setAffiliationIds.

          Parameters
          admin ComponentName: This value cannot be null.
          Return
          MutableList<UserHandle!> This value cannot be null.

          getBluetoothContactSharingDisabled

          Added in API level 23
          open fun getBluetoothContactSharingDisabled(admin: ComponentName): Boolean

          Called by a profile owner of a managed profile to determine whether or not Bluetooth devices cannot access enterprise contacts.

          The calling device admin must be a profile owner. If it is not, a security exception will be thrown.

          This API works on managed profile only.

          Parameters
          admin ComponentName: Which DeviceAdminReceiver this request is associated with. This value cannot be null.
          Exceptions
          java.lang.SecurityException if admin is not a profile owner.

          getCameraDisabled

          Added in API level 14
          open fun getCameraDisabled(admin: ComponentName?): Boolean

          Determine whether or not the device's cameras have been disabled for this user, either by the calling admin, if specified, or all admins.

          This method can be called on the DevicePolicyManager instance, returned by getParentProfileInstance(android.content.ComponentName), where the caller must be the profile owner of an organization-owned managed profile.

          Parameters
          admin ComponentName?: The name of the admin component to check, or null to check whether any admins have disabled the camera

          getCertInstallerPackage

          Added in API level 23
          Deprecated in API level 26
          open fun getCertInstallerPackage(admin: ComponentName): String?

          Deprecated: From android.os.Build.VERSION_CODES#O. Use getDelegatePackages with the DELEGATION_CERT_INSTALL scope instead.

          Called by a profile owner or device owner to retrieve the certificate installer for the user, or null if none is set. If there are multiple delegates this function will return one of them.

          Parameters
          admin ComponentName: Which DeviceAdminReceiver this request is associated with. This value cannot be null.
          Return
          String? The package name of the current delegated certificate installer, or null if none is set.
          Exceptions
          java.lang.SecurityException if admin is not a device or a profile owner.

          getContentProtectionPolicy

          Added in API level 35
          open fun getContentProtectionPolicy(admin: ComponentName?): Int

          Returns the current content protection policy.

          The returned policy will be the current resolved policy rather than the policy set by the calling admin.

          Parameters
          admin ComponentName?: Which DeviceAdminReceiver this request is associated with. Null if the caller is not a device admin. This value may be null.
          Return
          Int Value is android.app.admin.DevicePolicyManager#CONTENT_PROTECTION_NOT_CONTROLLED_BY_POLICY, android.app.admin.DevicePolicyManager#CONTENT_PROTECTION_DISABLED, or android.app.admin.DevicePolicyManager#CONTENT_PROTECTION_ENABLED
          Exceptions
          java.lang.SecurityException if admin is not the device owner, the profile owner of an affiliated user or profile, or the profile owner when no device owner is set or holder of the permission android.Manifest.permission#MANAGE_DEVICE_POLICY_CONTENT_PROTECTION.

          getCredentialManagerPolicy

          Added in API level 34
          open fun getCredentialManagerPolicy(): PackagePolicy?

          Called by a device owner or profile owner of a managed profile to retrieve the credential manager policy.

          Return
          PackagePolicy? the current credential manager policy if null then this policy has not been configured.
          Exceptions
          java.lang.SecurityException if caller is not a device owner or profile owner of a managed profile.

          getCrossProfileCalendarPackages

          Added in API level 29
          Deprecated in API level 34
          open fun getCrossProfileCalendarPackages(admin: ComponentName): MutableSet<String!>?

          Deprecated: Use setCrossProfilePackages(android.content.ComponentName,java.util.Set).

          Gets a set of package names that are allowed to access cross-profile calendar APIs.

          Called by a profile owner of a managed profile.

          Parameters
          admin ComponentName: which DeviceAdminReceiver this request is associated with This value cannot be null.
          Return
          MutableSet<String!>? the set of names of packages that were previously allowed via setCrossProfileCalendarPackages(android.content.ComponentName,java.util.Set), or an empty set if none have been allowed This value may be null.
          Exceptions
          java.lang.SecurityException if admin is not a profile owner

          getCrossProfileCallerIdDisabled

          Added in API level 21
          Deprecated in API level 34
          open fun getCrossProfileCallerIdDisabled(admin: ComponentName): Boolean

          Deprecated: starting with android.os.Build.VERSION_CODES#UPSIDE_DOWN_CAKE, use getManagedProfileCallerIdAccessPolicy() instead

          Called by a profile owner of a managed profile to determine whether or not caller-Id information has been disabled.

          The calling device admin must be a profile owner. If it is not, a security exception will be thrown.

          Starting with android.os.Build.VERSION_CODES#UPSIDE_DOWN_CAKE, this will return true when setManagedProfileCallerIdAccessPolicy(android.app.admin.PackagePolicy) has been set with a non-null policy whose policy type is NOT PackagePolicy.PACKAGE_POLICY_BLOCKLIST

          Parameters
          admin ComponentName: Which DeviceAdminReceiver this request is associated with. This value cannot be null.
          Exceptions
          java.lang.SecurityException if admin is not a profile owner.

          getCrossProfileContactsSearchDisabled

          Added in API level 24
          Deprecated in API level 34
          open fun getCrossProfileContactsSearchDisabled(admin: ComponentName): Boolean

          Deprecated: From android.os.Build.VERSION_CODES#UPSIDE_DOWN_CAKE use getManagedProfileContactsAccessPolicy()

          Called by a profile owner of a managed profile to determine whether or not contacts search has been disabled.

          The calling device admin must be a profile owner. If it is not, a security exception will be thrown.

          Starting with android.os.Build.VERSION_CODES#UPSIDE_DOWN_CAKE, this will return true when setManagedProfileContactsAccessPolicy(android.app.admin.PackagePolicy) has been set with a non-null policy whose policy type is NOT PackagePolicy.PACKAGE_POLICY_BLOCKLIST

          Parameters
          admin ComponentName: Which DeviceAdminReceiver this request is associated with. This value cannot be null.
          Exceptions
          java.lang.SecurityException if admin is not a profile owner.

          getCrossProfilePackages

          Added in API level 30
          open fun getCrossProfilePackages(admin: ComponentName): MutableSet<String!>

          Returns the set of package names that the admin has previously set as allowed to request user consent for cross-profile communication, via setCrossProfilePackages(android.content.ComponentName,java.util.Set).

          Assumes that the caller is a profile owner and is the given admin.

          Note that other apps not included in the returned set may be able to request user consent for cross-profile communication if they have been explicitly allowlisted by the OEM.

          Parameters
          admin ComponentName: the DeviceAdminReceiver this request is associated with This value cannot be null.
          Return
          MutableSet<String!> the set of package names the admin has previously set as allowed to request user consent for cross-profile communication, via setCrossProfilePackages(android.content.ComponentName,java.util.Set) This value cannot be null.

          getCrossProfileWidgetProviders

          Added in API level 21
          open fun getCrossProfileWidgetProviders(admin: ComponentName?): MutableList<String!>

          Called by the profile owner of a managed profile or a holder of the permission android.Manifest.permission#MANAGE_DEVICE_POLICY_PROFILE_INTERACTION to query providers from which packages are available in the parent profile.

          Parameters
          admin ComponentName?: Which DeviceAdminReceiver this request is associated with. Null if the caller is not a device admin. This value may be null.
          Return
          MutableList<String!> The allowlisted package list. This value cannot be null.
          Exceptions
          java.lang.SecurityException if admin is not a profile owner and not a holder of the permission android.Manifest.permission#MANAGE_DEVICE_POLICY_PROFILE_INTERACTION.

          getCurrentFailedPasswordAttempts

          Added in API level 8
          open fun getCurrentFailedPasswordAttempts(): Int

          Retrieve the number of times the user has failed at entering a password since that last successful password entry.

          This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(android.content.ComponentName) in order to retrieve the number of failed password attemts for the parent user.

          The calling device admin must have requested DeviceAdminInfo.USES_POLICY_WATCH_LOGIN to be able to call this method; if it has not, a security exception will be thrown.

          On devices not supporting PackageManager.FEATURE_SECURE_LOCK_SCREEN feature, the password is always empty and this method always returns 0.
          Requires the PackageManager#FEATURE_SECURE_LOCK_SCREEN feature which can be detected using PackageManager.hasSystemFeature(String).

          Return
          Int The number of times user has entered an incorrect password since the last correct password entry.
          Exceptions
          java.lang.SecurityException if the calling application does not own an active administrator that uses DeviceAdminInfo.USES_POLICY_WATCH_LOGIN

          getDelegatePackages

          Added in API level 26
          open fun getDelegatePackages(
              admin: ComponentName,
              delegationScope: String
          ): MutableList<String!>?

          Called by a profile owner or device owner to retrieve a list of delegate packages that were granted a delegation scope.

          Parameters
          admin ComponentName: Which DeviceAdminReceiver this request is associated with. This value cannot be null.
          delegationScope String: The scope whose delegates should be retrieved. This value cannot be null.
          Return
          MutableList<String!>? A list of package names of the current delegated packages for delegationScope. This value may be null.
          Exceptions
          java.lang.SecurityException if admin is not a device or a profile owner.

          getDelegatedScopes

          Added in API level 26
          open fun getDelegatedScopes(
              admin: ComponentName?,
              delegatedPackage: String
          ): MutableList<String!>

          Called by a profile owner or device owner to retrieve a list of the scopes given to a delegate package. Other apps can use this method to retrieve their own delegated scopes by passing null for admin and their own package name as delegatedPackage.

          Parameters
          admin ComponentName?: Which DeviceAdminReceiver this request is associated with, or null if the caller is delegatedPackage.
          delegatedPackage String: The package name of the app whose scopes should be retrieved. This value cannot be null.
          Return
          MutableList<String!> A list containing the scopes given to delegatedPackage.
          Exceptions
          java.lang.SecurityException if admin is not a device or a profile owner.

          getDeviceOwnerLockScreenInfo

          Added in API level 24
          open fun getDeviceOwnerLockScreenInfo(): CharSequence!
          Return
          CharSequence! The device owner information. If it is not set returns null.

          getDevicePolicyManagementRoleHolderPackage

          Added in API level 33
          open fun getDevicePolicyManagementRoleHolderPackage(): String?

          Returns the package name of the device policy management role holder.

          If the device policy management role holder is not configured for this device, returns null.

          getEndUserSessionMessage

          Added in API level 28
          open fun getEndUserSessionMessage(admin: ComponentName): CharSequence!

          Returns the user session end message.

          Parameters
          admin ComponentName: which DeviceAdminReceiver this request is associated with. This value cannot be null.
          Exceptions
          java.lang.SecurityException if admin is not a device owner.

          getEnrollmentSpecificId

          Added in API level 31
          open fun getEnrollmentSpecificId(): String

          Returns an enrollment-specific identifier of this device, which is guaranteed to be the same value for the same device, enrolled into the same organization by the same managing app. This identifier is high-entropy, useful for uniquely identifying individual devices within the same organisation. It is available both in a work profile and on a fully-managed device. The identifier would be consistent even if the work profile is removed and enrolled again (to the same organization), or the device is factory reset and re-enrolled. Can only be called by the Profile Owner and Device Owner, and starting from Android android.os.Build.VERSION_CODES#VANILLA_ICE_CREAM, holders of the permission android.Manifest.permission#MANAGE_DEVICE_POLICY_CERTIFICATES. If setOrganizationId(java.lang.String) was not called, then the returned value will be an empty string.

          Note about access to device identifiers: a device owner, a profile owner of an organization-owned device or the delegated certificate installer (holding the DELEGATION_CERT_INSTALL delegation) on such a device can still obtain hardware identifiers by calling e.g. android.os.Build#getSerial(), in addition to using this method. However, a profile owner on a personal (non organization-owned) device, or the delegated certificate installer on such a device, cannot obtain hardware identifiers anymore and must switch to using this method.

          Return
          String A stable, enrollment-specific identifier. This value cannot be null.
          Exceptions
          java.lang.SecurityException if the caller is not a profile owner, device owner or holding the android.Manifest.permission#MANAGE_DEVICE_POLICY_CERTIFICATES permission

          getFactoryResetProtectionPolicy

          Added in API level 30
          open fun getFactoryResetProtectionPolicy(admin: ComponentName?): FactoryResetProtectionPolicy?

          Callable by device owner or profile owner of an organization-owned device, to retrieve the current factory reset protection (FRP) policy set previously by setFactoryResetProtectionPolicy.

          This method can also be called by the FRP management agent on device or with the permission android.Manifest.permission#MASTER_CLEAR, in which case, it can pass null as the ComponentName.

          Parameters
          admin ComponentName?: Which DeviceAdminReceiver this request is associated with or null if the caller is not a device admin
          Return
          FactoryResetProtectionPolicy? The current FRP policy object or null if no policy is set.
          Exceptions
          java.lang.SecurityException if admin is not a device owner, a profile owner of an organization-owned device or the FRP management agent.
          java.lang.UnsupportedOperationException if factory reset protection is not supported on the device.

          getGlobalPrivateDnsHost

          Added in API level 29
          open fun getGlobalPrivateDnsHost(admin: ComponentName): String?

          Returns the system-wide Private DNS host.

          Parameters
          admin ComponentName: which DeviceAdminReceiver this request is associated with. This value cannot be null.
          Return
          String? The hostname used for Private DNS queries, null if none is set.
          Exceptions
          java.lang.SecurityException if the caller is not the device owner.

          getGlobalPrivateDnsMode

          Added in API level 29
          open fun getGlobalPrivateDnsMode(admin: ComponentName): Int

          Returns the system-wide Private DNS mode.

          Parameters
          admin ComponentName: which DeviceAdminReceiver this request is associated with. This value cannot be null.
          Return
          Int one of PRIVATE_DNS_MODE_OFF, PRIVATE_DNS_MODE_OPPORTUNISTIC, PRIVATE_DNS_MODE_PROVIDER_HOSTNAME or PRIVATE_DNS_MODE_UNKNOWN.
          Exceptions
          java.lang.SecurityException if the caller is not the device owner.

          getInstalledCaCerts

          Added in API level 21
          open fun getInstalledCaCerts(admin: ComponentName?): MutableList<ByteArray!>

          Returns all CA certificates that are currently trusted, excluding system CA certificates. If a user has installed any certificates by other means than device policy these will be included too.

          Parameters
          admin ComponentName?: Which DeviceAdminReceiver this request is associated with, or null if calling from a delegated certificate installer.
          Return
          MutableList<ByteArray!> a List of byte[] arrays, each encoding one user CA certificate. This value cannot be null.
          Exceptions
          java.lang.SecurityException if admin is not null and not a device or profile owner.

          getKeepUninstalledPackages

          Added in API level 28
          open fun getKeepUninstalledPackages(admin: ComponentName?): MutableList<String!>?

          Get the list of apps to keep around as APKs even if no user has currently installed it. This function can be called by a device owner or by a delegate given the DELEGATION_KEEP_UNINSTALLED_PACKAGES scope via setDelegatedScopes.

          Please note that packages returned in this method are not automatically pre-cached.

          Parameters
          admin ComponentName?: Which DeviceAdminReceiver this request is associated with, or null if the caller is a keep uninstalled packages delegate.
          Return
          MutableList<String!>? List of package names to keep cached. This value may be null.

          getKeyPairGrants

          Added in API level 31
          open fun getKeyPairGrants(alias: String): MutableMap<Int!, MutableSet<String!>!>

          Called by a device or profile owner, or delegated certificate chooser (an app that has been delegated the DELEGATION_CERT_SELECTION privilege), to query which apps have access to a given KeyChain key. Key are granted on a per-UID basis, so if several apps share the same UID, granting access to one of them automatically grants it to others. This method returns a map containing one entry per grantee UID. Entries have UIDs as keys and sets of corresponding package names as values. In particular, grantee packages that don't share UID with other packages are represented by entries having singleton sets as values.

          Parameters
          alias String: The alias of the key to grant access to. This value cannot be null.
          Return
          MutableMap<Int!, MutableSet<String!>!> apps that have access to a given key, arranged in a map from UID to sets of package names. This value cannot be null.
          Exceptions
          java.lang.SecurityException if the caller is not a device owner, a profile owner or delegated certificate chooser.
          java.lang.IllegalArgumentException if alias doesn't correspond to an existing key.

          getKeyguardDisabledFeatures

          Added in API level 17
          open fun getKeyguardDisabledFeatures(admin: ComponentName?): Int

          Determine whether or not features have been disabled in keyguard either by the calling admin, if specified, or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account.

          This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(android.content.ComponentName) in order to retrieve restrictions on the parent profile.

          Parameters
          admin ComponentName?: The name of the admin component to check, or null to check whether any admins have disabled features in keyguard.
          Return
          Int bitfield of flags. See setKeyguardDisabledFeatures(android.content.ComponentName,int) for a list.

          getLockTaskFeatures

          Added in API level 28
          open fun getLockTaskFeatures(admin: ComponentName?): Int

          Gets which system features are enabled for LockTask mode.

          Starting from Build.VERSION_CODES.UPSIDE_DOWN_CAKE, the returned policy will be the current resolved policy rather than the policy set by the calling admin.

          Parameters
          admin ComponentName?: Which DeviceAdminReceiver this request is associated with. Null if the caller is not a device admin. This value may be null.
          Return
          Int bitfield of flags. See setLockTaskFeatures(android.content.ComponentName,int) for a list. Value is either 0 or a combination of android.app.admin.DevicePolicyManager#LOCK_TASK_FEATURE_NONE, android.app.admin.DevicePolicyManager#LOCK_TASK_FEATURE_SYSTEM_INFO, android.app.admin.DevicePolicyManager#LOCK_TASK_FEATURE_NOTIFICATIONS, android.app.admin.DevicePolicyManager#LOCK_TASK_FEATURE_HOME, android.app.admin.DevicePolicyManager#LOCK_TASK_FEATURE_OVERVIEW, android.app.admin.DevicePolicyManager#LOCK_TASK_FEATURE_GLOBAL_ACTIONS, android.app.admin.DevicePolicyManager#LOCK_TASK_FEATURE_KEYGUARD, and android.app.admin.DevicePolicyManager#LOCK_TASK_FEATURE_BLOCK_ACTIVITY_START_IN_TASK
          Exceptions
          java.lang.SecurityException if admin is not the device owner, the profile owner of an affiliated user or profile, or the profile owner when no device owner is set or holder of the permission android.Manifest.permission#MANAGE_DEVICE_POLICY_LOCK_TASK.

          getLockTaskPackages

          Added in API level 26
          open fun getLockTaskPackages(admin: ComponentName?): Array<String!>

          Returns the list of packages allowed to start the lock task mode.

          Starting from Build.VERSION_CODES.UPSIDE_DOWN_CAKE, the returned policy will be the current resolved policy rather than the policy set by the calling admin.

          Parameters
          admin ComponentName?: Which DeviceAdminReceiver this request is associated with. Null if the caller is not a device admin. This value may be null.
          Return
          Array<String!> This value cannot be null.
          Exceptions
          java.lang.SecurityException if admin is not the device owner, the profile owner of an affiliated user or profile, or the profile owner when no device owner is set or holder of the permission android.Manifest.permission#MANAGE_DEVICE_POLICY_LOCK_TASK.

          getLongSupportMessage

          Added in API level 24
          open fun getLongSupportMessage(admin: ComponentName): CharSequence?

          Called by a device admin to get the long support message.

          Parameters
          admin ComponentName: Which DeviceAdminReceiver this request is associated with. This value cannot be null.
          Return
          CharSequence? The message set by setLongSupportMessage(android.content.ComponentName,java.lang.CharSequence) or null if no message has been set.
          Exceptions
          java.lang.SecurityException if admin is not an active administrator.

          getManagedProfileCallerIdAccessPolicy

          Added in API level 34
          open fun getManagedProfileCallerIdAccessPolicy(): PackagePolicy?

          Called by a profile owner of a managed profile to retrieve the caller id policy.

          The calling device admin must be a profile owner of a managed profile. If it is not, a SecurityException will be thrown.

          Return
          PackagePolicy? the current caller id policy This value may be null.
          Exceptions
          java.lang.SecurityException if caller is not a profile owner of a managed profile.

          getManagedProfileContactsAccessPolicy

          Added in API level 34
          open fun getManagedProfileContactsAccessPolicy(): PackagePolicy?

          Called by a profile owner of a managed profile to determine the current policy applied to managed profile contacts.

          The calling device admin must be a profile owner of a managed profile. If it is not, a SecurityException will be thrown.

          Return
          PackagePolicy? the current contacts search policy This value may be null.
          Exceptions
          java.lang.SecurityException if caller is not a profile owner of a managed profile.

          getManagedProfileMaximumTimeOff

          Added in API level 30
          open fun getManagedProfileMaximumTimeOff(admin: ComponentName): Long

          Called by a profile owner of an organization-owned managed profile to get maximum time the profile is allowed to be turned off.

          Parameters
          admin ComponentName: Which DeviceAdminReceiver this request is associated with This value cannot be null.
          Return
          Long Maximum time the profile is allowed to be off in milliseconds or 0 if not limited.

          getManagedSubscriptionsPolicy

          Added in API level 34
          open fun getManagedSubscriptionsPolicy(): ManagedSubscriptionsPolicy

          Returns the current ManagedSubscriptionsPolicy. If the policy has not been set, it will return a default policy of Type android.app.admin.ManagedSubscriptionsPolicy#TYPE_ALL_PERSONAL_SUBSCRIPTIONS.

          Return
          ManagedSubscriptionsPolicy This value cannot be null.

          getMaximumFailedPasswordsForWipe

          Added in API level 8
          open fun getMaximumFailedPasswordsForWipe(admin: ComponentName?): Int

          Retrieve the current maximum number of login attempts that are allowed before the device or profile is wiped, for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account.

          This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(android.content.ComponentName) in order to retrieve the value for the parent profile.

          On devices not supporting PackageManager.FEATURE_SECURE_LOCK_SCREEN feature, the password is always empty and this method returns a default value (0) indicating that the policy is not set.
          Requires the PackageManager#FEATURE_SECURE_LOCK_SCREEN feature which can be detected using PackageManager.hasSystemFeature(String).

          Parameters
          admin ComponentName?: The name of the admin component to check, or null to aggregate all admins.

          getMaximumTimeToLock

          Added in API level 8
          open fun getMaximumTimeToLock(admin: ComponentName?): Long

          Retrieve the current maximum time to unlock for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account.

          This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(android.content.ComponentName) in order to retrieve restrictions on the parent profile.

          Parameters
          admin ComponentName?: The name of the admin component to check, or null to aggregate all admins.
          Return
          Long time in milliseconds for the given admin or the minimum value (strictest) of all admins if admin is null. Returns 0 if there are no restrictions.

          getMeteredDataDisabledPackages

          Added in API level 28
          open fun getMeteredDataDisabledPackages(admin: ComponentName): MutableList<String!>

          Called by a device or profile owner to retrieve the list of packages which are restricted by the admin from using metered data.

          Parameters
          admin ComponentName: which DeviceAdminReceiver this request is associated with. This value cannot be null.
          Return
          MutableList<String!> the list of restricted package names. This value cannot be null.
          Exceptions
          java.lang.SecurityException if admin is not a device or profile owner.

          getMtePolicy

          Added in API level 34
          open fun getMtePolicy(): Int

          Called by a device owner, profile owner of an organization-owned device to get the Memory Tagging Extension (MTE) policy Learn more about MTE

          Return
          Int the currently set MTE policy Value is android.app.admin.DevicePolicyManager#MTE_ENABLED, android.app.admin.DevicePolicyManager#MTE_DISABLED, or android.app.admin.DevicePolicyManager#MTE_NOT_CONTROLLED_BY_POLICY
          Exceptions
          java.lang.SecurityException if caller is not permitted to set Mte policy

          getNearbyAppStreamingPolicy

          Added in API level 31
          open fun getNearbyAppStreamingPolicy(): Int

          Returns the current runtime nearby app streaming policy set by the device or profile owner.

          The caller must be the target user's device owner/profile owner or hold the READ_NEARBY_STREAMING_POLICY permission.

          Return
          Int Value is android.app.admin.DevicePolicyManager#NEARBY_STREAMING_NOT_CONTROLLED_BY_POLICY, android.app.admin.DevicePolicyManager#NEARBY_STREAMING_DISABLED, android.app.admin.DevicePolicyManager#NEARBY_STREAMING_ENABLED, or android.app.admin.DevicePolicyManager#NEARBY_STREAMING_SAME_MANAGED_ACCOUNT_ONLY

          getNearbyNotificationStreamingPolicy

          Added in API level 31
          open fun getNearbyNotificationStreamingPolicy(): Int

          Returns the current runtime nearby notification streaming policy set by the device or profile owner.

          The caller must be the target user's device owner/profile owner or hold the READ_NEARBY_STREAMING_POLICY permission.

          Return
          Int Value is android.app.admin.DevicePolicyManager#NEARBY_STREAMING_NOT_CONTROLLED_BY_POLICY, android.app.admin.DevicePolicyManager#NEARBY_STREAMING_DISABLED, android.app.admin.DevicePolicyManager#NEARBY_STREAMING_ENABLED, or android.app.admin.DevicePolicyManager#NEARBY_STREAMING_SAME_MANAGED_ACCOUNT_ONLY

          getOrganizationColor

          Added in API level 24
          Deprecated in API level 31
          open fun getOrganizationColor(admin: ComponentName): Int

          Deprecated: From android.os.Build.VERSION_CODES#R, the organization color is never used as the background color of the confirm credentials screen.

          Called by a profile owner of a managed profile to retrieve the color used for customization. This color is used as background color of the confirm credentials screen for that user.

          Parameters
          admin ComponentName: Which DeviceAdminReceiver this request is associated with. This value cannot be null.
          Return
          Int The 24bit (0xRRGGBB) representation of the color to be used.
          Exceptions
          java.lang.SecurityException if admin is not a profile owner.

          getOrganizationName

          open fun getOrganizationName(admin: ComponentName?): CharSequence?

          Called by the device owner (since API 26) or profile owner (since API 24) or holders of the permission to retrieve the name of the organization under management.

          getOverrideApns

          Added in API level 28
          open fun getOverrideApns(admin: ComponentName): MutableList<ApnSetting!>!

          Called by device owner or managed profile owner to get all override APNs inserted by device owner or managed profile owner previously using addOverrideApn.

          Parameters
          admin ComponentName: which DeviceAdminReceiver this request is associated with This value cannot be null.
          Return
          MutableList<ApnSetting!>! A list of override APNs inserted by device owner.
          Exceptions
          java.lang.SecurityException if admin is not a device owner.

          getParentProfileInstance

          Added in API level 24
          open fun getParentProfileInstance(admin: ComponentName?): DevicePolicyManager

          Called by the profile owner of a managed profile or other apps in a managed profile to obtain a DevicePolicyManager whose calls act on the parent profile.

          The following methods are supported for the parent instance, all other methods will throw a SecurityException when called on the parent instance:

          The following methods are supported for the parent instance but can only be called by the profile owner on an organization owned managed profile:

          Parameters
          admin ComponentName?: Which DeviceAdminReceiver this request is associated with or null if the caller is not a profile owner.
          Return
          DevicePolicyManager a new instance of DevicePolicyManager that acts on the parent profile. This value cannot be null.
          Exceptions
          java.lang.SecurityException if the current user is not a managed profile.

          getPasswordComplexity

          Added in API level 29
          open fun getPasswordComplexity(): Int

          Returns how complex the current user's screen lock is.

          Note that when called from a profile which uses an unified challenge with its parent, the screen lock complexity of the parent will be returned.

          Apps need the permission.REQUEST_PASSWORD_COMPLEXITY permission to call this method. On Android android.os.Build.VERSION_CODES#S and above, the calling application does not need this permission if it is a device owner or a profile owner.

          This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(android.content.ComponentName) in order to retrieve restrictions on the parent profile.

          Return
          Int Value is android.app.admin.DevicePolicyManager#PASSWORD_COMPLEXITY_NONE, android.app.admin.DevicePolicyManager#PASSWORD_COMPLEXITY_LOW, android.app.admin.DevicePolicyManager#PASSWORD_COMPLEXITY_MEDIUM, or android.app.admin.DevicePolicyManager#PASSWORD_COMPLEXITY_HIGH
          Exceptions
          java.lang.IllegalStateException if the user is not unlocked.
          java.lang.SecurityException if the calling application does not have the permission permission.REQUEST_PASSWORD_COMPLEXITY, and is not a device owner or a profile owner.

          getPasswordExpiration

          Added in API level 11
          open fun getPasswordExpiration(admin: ComponentName?): Long

          Get the current password expiration time for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. If admin is null, then a composite of all expiration times is returned - which will be the minimum of all of them.

          This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(android.content.ComponentName) in order to retrieve the password expiration for the parent profile.

          On devices not supporting PackageManager.FEATURE_SECURE_LOCK_SCREEN feature, the password expiration is always disabled and this method always returns 0.
          Requires the PackageManager#FEATURE_SECURE_LOCK_SCREEN feature which can be detected using PackageManager.hasSystemFeature(String).

          Parameters
          admin ComponentName?: The name of the admin component to check, or null to aggregate all admins.
          Return
          Long The password expiration time, in milliseconds since epoch.

          getPasswordExpirationTimeout

          Added in API level 11
          open fun getPasswordExpirationTimeout(admin: ComponentName?): Long

          Get the password expiration timeout for the given admin. The expiration timeout is the recurring expiration timeout provided in the call to setPasswordExpirationTimeout(android.content.ComponentName,long) for the given admin or the aggregate of all participating policy administrators if admin is null. Admins that have set restrictions on profiles that have a separate challenge are not taken into account.

          This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(android.content.ComponentName) in order to retrieve restrictions on the parent profile.

          On devices not supporting PackageManager.FEATURE_SECURE_LOCK_SCREEN feature, the password expiration is always disabled and this method always returns 0.
          Requires the PackageManager#FEATURE_SECURE_LOCK_SCREEN feature which can be detected using PackageManager.hasSystemFeature(String).

          Parameters
          admin ComponentName?: The name of the admin component to check, or null to aggregate all admins.
          Return
          Long The timeout for the given admin or the minimum of all timeouts

          getPasswordHistoryLength

          Added in API level 11
          open fun getPasswordHistoryLength(admin: ComponentName?): Int

          Retrieve the current password history length for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account.

          This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(android.content.ComponentName) in order to retrieve restrictions on the parent profile.

          On devices not supporting PackageManager.FEATURE_SECURE_LOCK_SCREEN feature, the password history length is always 0.
          Requires the PackageManager#FEATURE_SECURE_LOCK_SCREEN feature which can be detected using PackageManager.hasSystemFeature(String).

          Parameters
          admin ComponentName?: The name of the admin component to check, or null to aggregate all admins.
          Return
          Int The length of the password history

          getPasswordMaximumLength

          Added in API level 8
          open fun getPasswordMaximumLength(quality: Int): Int

          Return the maximum password length that the device supports for a particular password quality.

          On devices not supporting PackageManager.FEATURE_SECURE_LOCK_SCREEN feature, the password is always empty and this method always returns 0.

          Parameters
          quality Int: The quality being interrogated.
          Return
          Int Returns the maximum length that the user can enter.

          getPasswordMinimumLength

          Added in API level 8
          Deprecated in API level 31
          open fun getPasswordMinimumLength(admin: ComponentName?): Int

          Deprecated: see setPasswordQuality(android.content.ComponentName,int) for details.

          Retrieve the current minimum password length for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account.

          On devices not supporting PackageManager.FEATURE_SECURE_LOCK_SCREEN feature, the password is always treated as empty.

          This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(android.content.ComponentName) in order to retrieve restrictions on the parent profile.

          Parameters
          admin ComponentName?: The name of the admin component to check, or null to aggregate all admins.

          getPasswordMinimumLetters

          Added in API level 11
          Deprecated in API level 31
          open fun getPasswordMinimumLetters(admin: ComponentName?): Int

          Deprecated: see setPasswordQuality(android.content.ComponentName,int) for details.

          Retrieve the current number of letters required in the password for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. This is the same value as set by setPasswordMinimumLetters(android.content.ComponentName,int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX.

          On devices not supporting PackageManager.FEATURE_SECURE_LOCK_SCREEN feature, the password is always treated as empty.

          This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(android.content.ComponentName) in order to retrieve restrictions on the parent profile.

          Parameters
          admin ComponentName?: The name of the admin component to check, or null to aggregate all admins.
          Return
          Int The minimum number of letters required in the password.

          getPasswordMinimumLowerCase

          Added in API level 11
          Deprecated in API level 31
          open fun getPasswordMinimumLowerCase(admin: ComponentName?): Int

          Deprecated: see setPasswordQuality(android.content.ComponentName,int) for details.

          Retrieve the current number of lower case letters required in the password for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. This is the same value as set by setPasswordMinimumLowerCase(android.content.ComponentName,int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX.

          On devices not supporting PackageManager.FEATURE_SECURE_LOCK_SCREEN feature, the password is always treated as empty.

          This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(android.content.ComponentName) in order to retrieve restrictions on the parent profile.

          Parameters
          admin ComponentName?: The name of the admin component to check, or null to aggregate all admins.
          Return
          Int The minimum number of lower case letters required in the password.

          getPasswordMinimumNonLetter

          Added in API level 11
          Deprecated in API level 31
          open fun getPasswordMinimumNonLetter(admin: ComponentName?): Int

          Deprecated: see setPasswordQuality(android.content.ComponentName,int) for details.

          Retrieve the current number of non-letter characters required in the password for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. This is the same value as set by setPasswordMinimumNonLetter(android.content.ComponentName,int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX.

          On devices not supporting PackageManager.FEATURE_SECURE_LOCK_SCREEN feature, the password is always treated as empty.

          This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(android.content.ComponentName) in order to retrieve restrictions on the parent profile.

          Parameters
          admin ComponentName?: The name of the admin component to check, or null to aggregate all admins.
          Return
          Int The minimum number of letters required in the password.

          getPasswordMinimumNumeric

          Added in API level 11
          Deprecated in API level 31
          open fun getPasswordMinimumNumeric(admin: ComponentName?): Int

          Deprecated: see setPasswordQuality(android.content.ComponentName,int) for details.

          Retrieve the current number of numerical digits required in the password for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. This is the same value as set by setPasswordMinimumNumeric(android.content.ComponentName,int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX.

          On devices not supporting PackageManager.FEATURE_SECURE_LOCK_SCREEN feature, the password is always treated as empty.

          This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(android.content.ComponentName) in order to retrieve restrictions on the parent profile.

          Parameters
          admin ComponentName?: The name of the admin component to check, or null to aggregate all admins.
          Return
          Int The minimum number of numerical digits required in the password.

          getPasswordMinimumSymbols

          Added in API level 11
          Deprecated in API level 31
          open fun getPasswordMinimumSymbols(admin: ComponentName?): Int

          Deprecated: see setPasswordQuality(android.content.ComponentName,int) for details.

          Retrieve the current number of symbols required in the password for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. This is the same value as set by setPasswordMinimumSymbols(android.content.ComponentName,int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX.

          On devices not supporting PackageManager.FEATURE_SECURE_LOCK_SCREEN feature, the password is always treated as empty.

          This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(android.content.ComponentName) in order to retrieve restrictions on the parent profile.

          Parameters
          admin ComponentName?: The name of the admin component to check, or null to aggregate all admins.
          Return
          Int The minimum number of symbols required in the password.

          getPasswordMinimumUpperCase

          Added in API level 11
          Deprecated in API level 31
          open fun getPasswordMinimumUpperCase(admin: ComponentName?): Int

          Deprecated: see setPasswordQuality(android.content.ComponentName,int) for details.

          Retrieve the current number of upper case letters required in the password for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. This is the same value as set by setPasswordMinimumUpperCase(android.content.ComponentName,int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX.

          On devices not supporting PackageManager.FEATURE_SECURE_LOCK_SCREEN feature, the password is always treated as empty.

          This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(android.content.ComponentName) in order to retrieve restrictions on the parent profile.

          Parameters
          admin ComponentName?: The name of the admin component to check, or null to aggregate all admins.
          Return
          Int The minimum number of upper case letters required in the password.

          getPasswordQuality

          Added in API level 8
          Deprecated in API level 31
          open fun getPasswordQuality(admin: ComponentName?): Int

          Deprecated: see setPasswordQuality(android.content.ComponentName,int) for details.

          Retrieve the current minimum password quality for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account.

          This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(android.content.ComponentName) in order to retrieve restrictions on the parent profile.

          Note: on devices not supporting PackageManager.FEATURE_SECURE_LOCK_SCREEN feature, the password is always treated as empty.

          Parameters
          admin ComponentName?: The name of the admin component to check, or null to aggregate all admins.

          getPendingSystemUpdate

          Added in API level 26
          open fun getPendingSystemUpdate(admin: ComponentName?): SystemUpdateInfo?

          Get information about a pending system update. Can be called by device or profile owners, and starting from Android android.os.Build.VERSION_CODES#VANILLA_ICE_CREAM, holders of the permission android.Manifest.permission#MANAGE_DEVICE_POLICY_QUERY_SYSTEM_UPDATES.

          Parameters
          admin ComponentName?: Which profile or device owner this request is associated with. This value may be null.
          Return
          SystemUpdateInfo? Information about a pending system update or null if no update pending.
          Exceptions
          java.lang.SecurityException if admin is not a device, profile owner or holders of android.Manifest.permission#MANAGE_DEVICE_POLICY_QUERY_SYSTEM_UPDATES.

          getPermissionGrantState

          Added in API level 23
          open fun getPermissionGrantState(
              admin: ComponentName?,
              packageName: String,
              permission: String
          ): Int

          Returns the current grant state of a runtime permission for a specific application. This function can be called by a device owner, profile owner, or by a delegate given the DELEGATION_PERMISSION_GRANT scope via setDelegatedScopes.

          Parameters
          admin ComponentName?: Which DeviceAdminReceiver this request is associated with. Null if the caller is not a device admin. This value may be null.
          packageName String: The application to check the grant state for. This value cannot be null.
          permission String: The permission to check for. This value cannot be null.
          Return
          Int the current grant state specified by device policy. If admins have not set a grant has not set a grant state, the return value is PERMISSION_GRANT_STATE_DEFAULT. This does not indicate whether or not the permission is currently granted for the package.

          If a grant state was set by the profile or device owner, then the return value will be one of PERMISSION_GRANT_STATE_DENIED or PERMISSION_GRANT_STATE_GRANTED, which indicates if the permission is currently denied or granted. Value is android.app.admin.DevicePolicyManager#PERMISSION_GRANT_STATE_DEFAULT, android.app.admin.DevicePolicyManager#PERMISSION_GRANT_STATE_GRANTED, or android.app.admin.DevicePolicyManager#PERMISSION_GRANT_STATE_DENIED
          Exceptions
          java.lang.SecurityException if admin is not a device or profile owner.

          getPermissionPolicy

          Added in API level 23
          open fun getPermissionPolicy(admin: ComponentName!): Int

          Returns the current runtime permission policy set by the device or profile owner. The default is PERMISSION_POLICY_PROMPT.

          Parameters
          admin ComponentName!: Which profile or device owner this request is associated with.
          Return
          Int the current policy for future permission requests.

          getPermittedAccessibilityServices

          Added in API level 21
          open fun getPermittedAccessibilityServices(admin: ComponentName): MutableList<String!>?

          Returns the list of permitted accessibility services set by this device or profile owner.

          An empty list means no accessibility services except system services are allowed. null means all accessibility services are allowed.

          Parameters
          admin ComponentName: Which DeviceAdminReceiver this request is associated with. This value cannot be null.
          Return
          MutableList<String!>? List of accessiblity service package names.
          Exceptions
          java.lang.SecurityException if admin is not a device or profile owner.

          getPermittedCrossProfileNotificationListeners

          Added in API level 26
          open fun getPermittedCrossProfileNotificationListeners(admin: ComponentName): MutableList<String!>?

          Returns the list of packages installed on the primary user that allowed to use a android.service.notification.NotificationListenerService to receive notifications from this managed profile, as set by the profile owner.

          An empty list means no notification listener services except system ones are allowed. A null return value indicates that all notification listeners are allowed.

          Parameters
          admin ComponentName: This value cannot be null.

          getPermittedInputMethods

          Added in API level 21
          open fun getPermittedInputMethods(admin: ComponentName?): MutableList<String!>?

          Returns the list of permitted input methods set by this device or profile owner.

          This method can be called on the DevicePolicyManager instance, returned by getParentProfileInstance(android.content.ComponentName), where the caller must be a profile owner of an organization-owned managed profile. If called on the parent instance, then the returned list of permitted input methods are those which are applied on the personal profile.

          An empty list means no input methods except system input methods are allowed. Null means all input methods are allowed.

          Parameters
          admin ComponentName?: Which DeviceAdminReceiver this request is associated with. Null if the caller is not a device admin This value may be null.
          Return
          MutableList<String!>? List of input method package names. This value may be null.
          Exceptions
          java.lang.SecurityException if admin is not a device, profile owner or if called on the parent profile and the admin is not a profile owner of an organization-owned managed profile.

          getPersonalAppsSuspendedReasons

          Added in API level 30
          open fun getPersonalAppsSuspendedReasons(admin: ComponentName): Int

          Called by profile owner of an organization-owned managed profile to check whether personal apps are suspended.

          Parameters
          admin ComponentName: This value cannot be null.
          Return
          Int a bitmask of reasons for personal apps suspension or PERSONAL_APPS_NOT_SUSPENDED if apps are not suspended. Value is either 0 or a combination of android.app.admin.DevicePolicyManager#PERSONAL_APPS_NOT_SUSPENDED, android.app.admin.DevicePolicyManager#PERSONAL_APPS_SUSPENDED_EXPLICITLY, and android.app.admin.DevicePolicyManager#PERSONAL_APPS_SUSPENDED_PROFILE_TIMEOUT

          getPreferentialNetworkServiceConfigs

          Added in API level 33
          open fun getPreferentialNetworkServiceConfigs(): MutableList<PreferentialNetworkServiceConfig!>

          Get preferential network configuration {@see PreferentialNetworkServiceConfig}

          Return
          MutableList<PreferentialNetworkServiceConfig!> preferential network configuration. This value cannot be null.
          Exceptions
          java.lang.SecurityException if the caller is not the profile owner or device owner.

          getRequiredPasswordComplexity

          Added in API level 31
          open fun getRequiredPasswordComplexity(): Int

          Gets the password complexity requirement set by setRequiredPasswordComplexity(int), for the current user.

          The difference between this method and getPasswordComplexity() is that this method simply returns the value set by setRequiredPasswordComplexity(int) while getPasswordComplexity() returns the complexity of the actual password.

          This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(android.content.ComponentName) in order to get restrictions on the parent profile.

          Return
          Int Value is android.app.admin.DevicePolicyManager#PASSWORD_COMPLEXITY_NONE, android.app.admin.DevicePolicyManager#PASSWORD_COMPLEXITY_LOW, android.app.admin.DevicePolicyManager#PASSWORD_COMPLEXITY_MEDIUM, or android.app.admin.DevicePolicyManager#PASSWORD_COMPLEXITY_HIGH
          Exceptions
          java.lang.SecurityException if the calling application is not a device owner or a profile owner.

          getRequiredStrongAuthTimeout

          Added in API level 26
          open fun getRequiredStrongAuthTimeout(admin: ComponentName?): Long

          Determine for how long the user will be able to use secondary, non strong auth for authentication, since last strong method authentication (password, pin or pattern) was used. After the returned timeout the user is required to use strong authentication method.

          This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(android.content.ComponentName) in order to retrieve restrictions on the parent profile.

          On devices not supporting PackageManager.FEATURE_SECURE_LOCK_SCREEN feature, 0 is returned to indicate that no timeout is configured.
          Requires the PackageManager#FEATURE_SECURE_LOCK_SCREEN feature which can be detected using PackageManager.hasSystemFeature(String).

          Parameters
          admin ComponentName?: The name of the admin component to check, or null to aggregate across all participating admins.
          Return
          Long The timeout in milliseconds or 0 if not configured for the provided admin.

          getResources

          Added in API level 33
          open fun getResources(): DevicePolicyResourcesManager

          Returns a DevicePolicyResourcesManager containing the required APIs to set, reset, and get device policy related resources.

          Return
          DevicePolicyResourcesManager This value cannot be null.

          getScreenCaptureDisabled

          Added in API level 21
          open fun getScreenCaptureDisabled(admin: ComponentName?): Boolean

          Determine whether or not screen capture has been disabled by the calling admin, if specified, or all admins.

          This method can be called on the DevicePolicyManager instance, returned by getParentProfileInstance(android.content.ComponentName), where the caller must be the profile owner of an organization-owned managed profile (the calling admin must be specified).

          Parameters
          admin ComponentName?: The name of the admin component to check, or null to check whether any admins have disabled screen capture.

          getSecondaryUsers

          Added in API level 28
          open fun getSecondaryUsers(admin: ComponentName): MutableList<UserHandle!>!

          Called by a device owner to list all secondary users on the device. Managed profiles are not considered as secondary users.

          Used for various user management APIs, including switchUser, removeUser and stopUser.

          Parameters
          admin ComponentName: Which DeviceAdminReceiver this request is associated with. This value cannot be null.
          Return
          MutableList<UserHandle!>! list of other UserHandles on the device.
          Exceptions
          java.lang.SecurityException if admin is not a device owner.

          getShortSupportMessage

          Added in API level 24
          open fun getShortSupportMessage(admin: ComponentName?): CharSequence!

          Called by a device admin or holder of the permission android.Manifest.permission#MANAGE_DEVICE_POLICY_SUPPORT_MESSAGE to get the short support message.

          Parameters
          admin ComponentName?: Which DeviceAdminReceiver this request is associated with. Null if the caller is not a device admin. This value may be null.
          Return
          CharSequence! The message set by setShortSupportMessage(android.content.ComponentName,java.lang.CharSequence) or null if no message has been set.
          Exceptions
          java.lang.SecurityException if admin is not an active administrator and not a holder of the permission android.Manifest.permission#MANAGE_DEVICE_POLICY_SUPPORT_MESSAGE..

          getStartUserSessionMessage

          Added in API level 28
          open fun getStartUserSessionMessage(admin: ComponentName): CharSequence!

          Returns the user session start message.

          Parameters
          admin ComponentName: which DeviceAdminReceiver this request is associated with. This value cannot be null.
          Exceptions
          java.lang.SecurityException if admin is not a device owner.

          getStorageEncryption

          Added in API level 11
          Deprecated in API level 30
          open fun getStorageEncryption(admin: ComponentName?): Boolean

          Deprecated: This method only returns the value set by setStorageEncryption. It does not actually reflect the storage encryption status. Use getStorageEncryptionStatus for that. Called by an application that is administering the device to determine the requested setting for secure storage.

          Parameters
          admin ComponentName?: Which DeviceAdminReceiver this request is associated with. If null, this will return the requested encryption setting as an aggregate of all active administrators.
          Return
          Boolean true if the admin(s) are requesting encryption, false if not.

          getStorageEncryptionStatus

          Added in API level 11
          open fun getStorageEncryptionStatus(): Int

          Called by an application that is administering the device to determine the current encryption status of the device.

          Depending on the returned status code, the caller may proceed in different ways. If the result is ENCRYPTION_STATUS_UNSUPPORTED, the storage system does not support encryption. If the result is ENCRYPTION_STATUS_INACTIVE, use ACTION_START_ENCRYPTION to begin the process of encrypting or decrypting the storage. If the result is ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY, the storage system has enabled encryption but no password is set so further action may be required. If the result is ENCRYPTION_STATUS_ACTIVATING, ENCRYPTION_STATUS_ACTIVE or ENCRYPTION_STATUS_ACTIVE_PER_USER, no further action is required.

          Return
          Int current status of encryption. The value will be one of ENCRYPTION_STATUS_UNSUPPORTED, ENCRYPTION_STATUS_INACTIVE, ENCRYPTION_STATUS_ACTIVATING, ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY, ENCRYPTION_STATUS_ACTIVE, or ENCRYPTION_STATUS_ACTIVE_PER_USER.
          Exceptions
          java.lang.SecurityException if called on a parent instance.

          getSubscriptionIds

          Added in API level 35
          open fun getSubscriptionIds(): MutableSet<Int!>

          Returns the subscription ids of all subscriptions which were downloaded by the calling admin.

          This returns only the subscriptions which were downloaded by the calling admin via android.telephony.euicc.EuiccManager#downloadSubscription. If a subscription is returned by this method then in it subject to management controls and cannot be removed by users.

          Callable by device owners and profile owners.
          Requires android.Manifest.permission#MANAGE_DEVICE_POLICY_MANAGED_SUBSCRIPTIONS

          Return
          MutableSet<Int!> ids of all managed subscriptions currently downloaded by an admin on the device. This value cannot be null.
          Exceptions
          java.lang.SecurityException if the caller is not authorized to call this method.

          getSystemUpdatePolicy

          Added in API level 23
          open fun getSystemUpdatePolicy(): SystemUpdatePolicy?

          Retrieve a local system update policy set previously by setSystemUpdatePolicy.

          Return
          SystemUpdatePolicy? The current policy object, or null if no policy is set.

          getTransferOwnershipBundle

          Added in API level 28
          open fun getTransferOwnershipBundle(): PersistableBundle?

          Returns the data passed from the current administrator to the new administrator during an ownership transfer. This is the same bundle passed in transferOwnership(android.content.ComponentName,android.content.ComponentName,android.os.PersistableBundle). The bundle is persisted until the profile owner or device owner is removed.

          This is the same bundle received in the DeviceAdminReceiver.onTransferOwnershipComplete(Context, PersistableBundle). Use this method to retrieve it after the transfer as long as the new administrator is the active device or profile owner.

          Returns null if no ownership transfer was started for the calling user.

          Exceptions
          java.lang.SecurityException if the caller is not a device or profile owner.

          getTrustAgentConfiguration

          Added in API level 23
          open fun getTrustAgentConfiguration(
              admin: ComponentName?,
              agent: ComponentName
          ): MutableList<PersistableBundle!>?

          Gets configuration for the given trust agent based on aggregating all calls to setTrustAgentConfiguration(android.content.ComponentName,android.content.ComponentName,android.os.PersistableBundle) for all device admins.

          This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(android.content.ComponentName) in order to retrieve the configuration set on the parent profile.

          On devices not supporting PackageManager.FEATURE_SECURE_LOCK_SCREEN feature, null is always returned.
          Requires the PackageManager#FEATURE_SECURE_LOCK_SCREEN feature which can be detected using PackageManager.hasSystemFeature(String).

          Parameters
          admin ComponentName?: Which DeviceAdminReceiver this request is associated with. If null, this function returns a list of configurations for all admins that declare KEYGUARD_DISABLE_TRUST_AGENTS. If any admin declares KEYGUARD_DISABLE_TRUST_AGENTS but doesn't call setTrustAgentConfiguration(android.content.ComponentName,android.content.ComponentName,android.os.PersistableBundle) for this {@param agent} or calls it with a null configuration, null is returned.
          agent ComponentName: Which component to get enabled features for. This value cannot be null.
          Return
          MutableList<PersistableBundle!>? configuration for the given trust agent.

          getUserControlDisabledPackages

          Added in API level 30
          open fun getUserControlDisabledPackages(admin: ComponentName?): MutableList<String!>

          Returns the list of packages over which user control is disabled by a device or profile owner or holders of the permission android.Manifest.permission#MANAGE_DEVICE_POLICY_APPS_CONTROL.

          Starting from Build.VERSION_CODES.UPSIDE_DOWN_CAKE, the returned policy will be the current resolved policy rather than the policy set by the calling admin.

          Parameters
          admin ComponentName?: Which