SecurityLog
open class SecurityLog
kotlin.Any | |
↳ | android.app.admin.SecurityLog |
Definitions for working with security logs.
Device owner apps can control the logging with DevicePolicyManager.setSecurityLoggingEnabled
. When security logs are enabled, device owner apps receive periodic callbacks from DeviceAdminReceiver.onSecurityLogsAvailable
, at which time new batch of logs can be collected via DevicePolicyManager.retrieveSecurityLogs
. SecurityEvent
describes the type and format of security logs being collected.
Summary
Nested classes | |
---|---|
A class representing a security event log entry. |
Constants | |
---|---|
static Int |
Event severity level indicating that the event requires urgent admin action. |
static Int |
Event severity level indicating that the event corresponds to normal workflow. |
static Int |
Event severity level indicating that the event may require admin attention. |
static Int |
Indicates that a shell command was issued over ADB via |
static Int |
Indicates that an ADB interactive shell was opened via "adb shell". |
static Int |
Indicates that an app process was started. |
static Int |
Indicates that an admin has enabled or disabled backup service. |
static Int |
Indicates that the device attempts to connect to a Bluetooth device. |
static Int |
Indicates that the device disconnects from a connected Bluetooth device. |
static Int |
Indicates that the admin has set policy to disable camera. |
static Int |
Indicates that a new root certificate has been installed into system's trusted credential storage. |
static Int |
Indicates that a new root certificate has been removed from system's trusted credential storage. |
static Int |
Indicates a failure to validate X. |
static Int |
Indicates that cryptographic functionality self test has completed. |
static Int |
Indicates that an admin has set disabled keyguard features. |
static Int |
Indicates that keyguard has been dismissed. |
static Int |
Indicates that there has been an authentication attempt to dismiss the keyguard. |
static Int |
Indicates that the device has been locked, either by the user or by a timeout. |
static Int |
Indicates that a cryptographic key was destroyed. |
static Int |
Indicates that a cryptographic key was generated. |
static Int |
Indicates that a cryptographic key was imported. |
static Int |
Indicates a failed cryptographic key integrity check. |
static Int |
Indicates start-up of audit logging. |
static Int |
Indicates shutdown of audit logging. |
static Int |
Indicates that the audit log buffer has reached 90% of its capacity. |
static Int |
Indicates that an admin has set a maximum number of failed password attempts before wiping data. |
static Int |
Indicates that an admin has set a maximum screen lock timeout. |
static Int |
Indicates that removable media has been mounted on the device. |
static Int |
Indicates that removable media was unmounted from the device. |
static Int |
Indicates that NFC service is disabled. |
static Int |
Indicates that NFC service is enabled. |
static Int |
Indicates that the Android OS has shutdown. |
static Int |
Indicates that the Android OS has started. |
static Int |
Indicates that a package is installed. |
static Int |
Indicates that a package is uninstalled. |
static Int |
Indicates that a package is updated. |
static Int |
Indicates that a user has just changed their lockscreen password. |
static Int |
Indicates that an admin has set a password complexity requirement, using the platform's pre-defined complexity levels. |
static Int |
Indicates that an admin has set a requirement for password complexity. |
static Int |
Indicates that an admin has set a password expiration timeout. |
static Int |
Indicates that an admin has set a password history length. |
static Int |
Indicates that an admin remotely locked the device or profile. |
static Int |
Indicates that a file was pulled from the device via the adb daemon, for example via |
static Int |
Indicates that a file was pushed to the device via the adb daemon, for example via |
static Int |
Indicates that an admin has set a user restriction. |
static Int |
Indicates that an admin has removed a user restriction. |
static Int |
Indicates that an event occurred as the device attempted to connect to a managed WiFi network. |
static Int |
Indicates that the device disconnects from a managed WiFi network. |
static Int |
Indicates a failure to wipe device or user data. |
Public constructors | |
---|---|
Constants
LEVEL_ERROR
static val LEVEL_ERROR: Int
Event severity level indicating that the event requires urgent admin action.
Value: 3
LEVEL_INFO
static val LEVEL_INFO: Int
Event severity level indicating that the event corresponds to normal workflow.
Value: 1
LEVEL_WARNING
static val LEVEL_WARNING: Int
Event severity level indicating that the event may require admin attention.
Value: 2
TAG_ADB_SHELL_CMD
static val TAG_ADB_SHELL_CMD: Int
Indicates that a shell command was issued over ADB via adb shell <command>
The log entry contains a String
payload containing the shell command, accessible via SecurityEvent.getData()
. If security logging is enabled on organization-owned managed profile devices, the shell command will be redacted to an empty string.
Value: 210002
TAG_ADB_SHELL_INTERACTIVE
static val TAG_ADB_SHELL_INTERACTIVE: Int
Indicates that an ADB interactive shell was opened via "adb shell". There is no extra payload in the log event.
Value: 210001
TAG_APP_PROCESS_START
static val TAG_APP_PROCESS_START: Int
Indicates that an app process was started. The log entry contains the following information about the process encapsulated in an Object
array, accessible via SecurityEvent.getData()
:
String
) System.currentTimeMillis()
(Long
) Integer
) Integer
) String
) String
) If security logging is enabled on organization-owned managed profile devices, only events happening inside the managed profile will be visible.Value: 210005
TAG_BACKUP_SERVICE_TOGGLED
static val TAG_BACKUP_SERVICE_TOGGLED: Int
Indicates that an admin has enabled or disabled backup service. The log entry contains the following information about the event encapsulated in an Object
array, accessible via SecurityEvent.getData()
:
String
) Integer
) Integer
, 1 for enabled, 0 for disabled)Value: 210044
TAG_BLUETOOTH_CONNECTION
static val TAG_BLUETOOTH_CONNECTION: Int
Indicates that the device attempts to connect to a Bluetooth device. The log entry contains the following information about the event, encapsulated in an Object
array and accessible via SecurityEvent.getData()
:
String
) Integer
, 1 if successful, 0 otherwise) String
)Value: 210039
TAG_BLUETOOTH_DISCONNECTION
static val TAG_BLUETOOTH_DISCONNECTION: Int
Indicates that the device disconnects from a connected Bluetooth device. The log entry contains the following information about the event, encapsulated in an Object
array and accessible via SecurityEvent.getData()
:
String
) String
)Value: 210040
TAG_CAMERA_POLICY_SET
static val TAG_CAMERA_POLICY_SET: Int
Indicates that the admin has set policy to disable camera. The log entry contains the following information about the event, encapsulated in an Object
array and accessible via SecurityEvent.getData()
:
String
) Integer
) Integer
) Integer
, 1 if it's disabled, 0 if enabled)Value: 210034
TAG_CERT_AUTHORITY_INSTALLED
static val TAG_CERT_AUTHORITY_INSTALLED: Int
Indicates that a new root certificate has been installed into system's trusted credential storage. The log entry contains the following information about the event, encapsulated in an Object
array and accessible via SecurityEvent.getData()
:
Integer
, 0 if operation failed, 1 if succeeded) String
). Integer
), only available from version android.os.Build.VERSION_CODES#R
. If security logging is enabled on organization-owned managed profile devices, only events happening inside the managed profile will be visible.Value: 210029
TAG_CERT_AUTHORITY_REMOVED
static val TAG_CERT_AUTHORITY_REMOVED: Int
Indicates that a new root certificate has been removed from system's trusted credential storage. The log entry contains the following information about the event, encapsulated in an Object
array and accessible via SecurityEvent.getData()
:
Integer
, 0 if operation failed, 1 if succeeded) String
). Integer
), only available from version android.os.Build.VERSION_CODES#R
. If security logging is enabled on organization-owned managed profile devices, only events happening inside the managed profile will be visible.Value: 210030
TAG_CERT_VALIDATION_FAILURE
static val TAG_CERT_VALIDATION_FAILURE: Int
Indicates a failure to validate X.509v3 certificate. The log entry contains a String
payload indicating the failure reason, accessible via SecurityEvent.getData()
.
Value: 210033
TAG_CRYPTO_SELF_TEST_COMPLETED
static val TAG_CRYPTO_SELF_TEST_COMPLETED: Int
Indicates that cryptographic functionality self test has completed. The log entry contains an Integer
payload, indicating the result of the test (0 if the test failed, 1 if succeeded) and accessible via SecurityEvent.getData()
.
Value: 210031
TAG_KEYGUARD_DISABLED_FEATURES_SET
static val TAG_KEYGUARD_DISABLED_FEATURES_SET: Int
Indicates that an admin has set disabled keyguard features. The log entry contains the following information about the event encapsulated in an Object
array, accessible via SecurityEvent.getData()
:
String
) Integer
) Integer
) Integer
).Value: 210021
TAG_KEYGUARD_DISMISSED
static val TAG_KEYGUARD_DISMISSED: Int
Indicates that keyguard has been dismissed. This event is only logged if the device has a secure keyguard. It is logged regardless of how keyguard is dismissed, including via PIN/pattern/password, biometrics or via a trust agent. There is no extra payload in the log event.
Value: 210006
See Also
TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT
static val TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT: Int
Indicates that there has been an authentication attempt to dismiss the keyguard. The log entry contains the following information about the attempt encapsulated in an Object
array, accessible via SecurityEvent.getData()
:
Integer
, 1 for successful, 0 for unsuccessful) Integer
, 1 if strong authentication method was used, 0 otherwise)Value: 210007
TAG_KEYGUARD_SECURED
static val TAG_KEYGUARD_SECURED: Int
Indicates that the device has been locked, either by the user or by a timeout. There is no extra payload in the log event.
Value: 210008
TAG_KEY_DESTRUCTION
static val TAG_KEY_DESTRUCTION: Int
Indicates that a cryptographic key was destroyed. The log entry contains the following information about the event, encapsulated in an Object
array and accessible via SecurityEvent.getData()
:
Integer
, 0 if operation failed, 1 if succeeded) String
) Integer
). If security logging is enabled on organization-owned managed profile devices, only events happening inside the managed profile will be visible.Value: 210026
TAG_KEY_GENERATED
static val TAG_KEY_GENERATED: Int
Indicates that a cryptographic key was generated. The log entry contains the following information about the event, encapsulated in an Object
array and accessible via SecurityEvent.getData()
:
Integer
, 0 if operation failed, 1 if succeeded) String
) Integer
). If security logging is enabled on organization-owned managed profile devices, only events happening inside the managed profile will be visible.Value: 210024
TAG_KEY_IMPORT
static val TAG_KEY_IMPORT: Int
Indicates that a cryptographic key was imported. The log entry contains the following information about the event, encapsulated in an Object
array and accessible via SecurityEvent.getData()
:
Integer
, 0 if operation failed, 1 if succeeded) String
) Integer
). If security logging is enabled on organization-owned managed profile devices, only events happening inside the managed profile will be visible.Value: 210025
TAG_KEY_INTEGRITY_VIOLATION
static val TAG_KEY_INTEGRITY_VIOLATION: Int
Indicates a failed cryptographic key integrity check. The log entry contains the following information about the event, encapsulated in an Object
array and accessible via SecurityEvent.getData()
:
String
) Integer
). If security logging is enabled on organization-owned managed profile devices, only events happening inside the managed profile will be visible.Value: 210032
TAG_LOGGING_STARTED
static val TAG_LOGGING_STARTED: Int
Indicates start-up of audit logging. There is no extra payload in the log event.
Value: 210011
TAG_LOGGING_STOPPED
static val TAG_LOGGING_STOPPED: Int
Indicates shutdown of audit logging. There is no extra payload in the log event.
Value: 210012
TAG_LOG_BUFFER_SIZE_CRITICAL
static val TAG_LOG_BUFFER_SIZE_CRITICAL: Int
Indicates that the audit log buffer has reached 90% of its capacity. There is no extra payload in the log event.
Value: 210015
TAG_MAX_PASSWORD_ATTEMPTS_SET
static val TAG_MAX_PASSWORD_ATTEMPTS_SET: Int
Indicates that an admin has set a maximum number of failed password attempts before wiping data. The log entry contains the following information about the event encapsulated in an Object
array, accessible via SecurityEvent.getData()
:
String
) Integer
) Integer
) Integer
)Value: 210020
TAG_MAX_SCREEN_LOCK_TIMEOUT_SET
static val TAG_MAX_SCREEN_LOCK_TIMEOUT_SET: Int
Indicates that an admin has set a maximum screen lock timeout. The log entry contains the following information about the event encapsulated in an Object
array, accessible via SecurityEvent.getData()
:
String
) Integer
) Integer
) Long
)Value: 210019
TAG_MEDIA_MOUNT
static val TAG_MEDIA_MOUNT: Int
Indicates that removable media has been mounted on the device. The log entry contains the following information about the event, encapsulated in an Object
array and accessible via SecurityEvent.getData()
:
String
) String
). Redacted to empty string on organization-owned managed profile devices.Value: 210013
TAG_MEDIA_UNMOUNT
static val TAG_MEDIA_UNMOUNT: Int
Indicates that removable media was unmounted from the device. The log entry contains the following information about the event, encapsulated in an Object
array and accessible via SecurityEvent.getData()
:
String
) String
). Redacted to empty string on organization-owned managed profile devices.Value: 210014
TAG_NFC_DISABLED
static val TAG_NFC_DISABLED: Int
Indicates that NFC service is disabled. There is no extra payload in the log event.
Value: 210046
TAG_NFC_ENABLED
static val TAG_NFC_ENABLED: Int
Indicates that NFC service is enabled. There is no extra payload in the log event.
Value: 210045
TAG_OS_SHUTDOWN
static val TAG_OS_SHUTDOWN: Int
Indicates that the Android OS has shutdown. There is no extra payload in the log event.
Value: 210010
TAG_OS_STARTUP
static val TAG_OS_STARTUP: Int
Indicates that the Android OS has started. The log entry contains the following information about the startup time software integrity check encapsulated in an Object
array, accessible via SecurityEvent.getData()
:
String
) String
).
Verified Boot state can be one of the following:
green
indicates that there is a full chain of trust extending from the bootloader to verified partitions including the bootloader, boot partition, and all verified partitions. yellow
indicates that the boot partition has been verified using the embedded certificate and the signature is valid. orange
indicates that the device may be freely modified. Device integrity is left to the user to verify out-of-band.
dm-verity mode can be one of the following:
enforcing
indicates that the device will be restarted when corruption is detected. eio
indicates that an I/O error will be returned for an attempt to read corrupted data blocks. disabled
indicates that integrity check is disabled. For details see Verified Boot documentation.Value: 210009
TAG_PACKAGE_INSTALLED
static val TAG_PACKAGE_INSTALLED: Int
Indicates that a package is installed. The log entry contains the following information about the event, encapsulated in an Object
array and accessible via SecurityEvent.getData()
:
String
) Long
) Integer
)Value: 210041
TAG_PACKAGE_UNINSTALLED
static val TAG_PACKAGE_UNINSTALLED: Int
Indicates that a package is uninstalled. The log entry contains the following information about the event, encapsulated in an Object
array and accessible via SecurityEvent.getData()
:
String
) Long
) Integer
)Value: 210043
TAG_PACKAGE_UPDATED
static val TAG_PACKAGE_UPDATED: Int
Indicates that a package is updated. The log entry contains the following information about the event, encapsulated in an Object
array and accessible via SecurityEvent.getData()
:
String
) Long
) Integer
)Value: 210042
TAG_PASSWORD_CHANGED
static val TAG_PASSWORD_CHANGED: Int
Indicates that a user has just changed their lockscreen password. The log entry contains the following information about the event, encapsulated in an Object
array and accessible via SecurityEvent.getData()
:
Integer
) Integer
)
Password complexity levels are defined as in DevicePolicyManager.getPasswordComplexity()
Value: 210036
TAG_PASSWORD_COMPLEXITY_REQUIRED
static val TAG_PASSWORD_COMPLEXITY_REQUIRED: Int
Indicates that an admin has set a password complexity requirement, using the platform's pre-defined complexity levels. The log entry contains the following information about the event, encapsulated in an Object
array and accessible via SecurityEvent.getData()
:
String
) Integer
) Integer
) Integer
)Value: 210035
TAG_PASSWORD_COMPLEXITY_SET
static val TAG_PASSWORD_COMPLEXITY_SET: Int
Indicates that an admin has set a requirement for password complexity. The log entry contains the following information about the event, encapsulated in an Object
array and accessible via SecurityEvent.getData()
:
String
) Integer
) Integer
) Integer
) Integer
) Integer
) Integer
) Integer
) Integer
) Integer
) Integer
)Value: 210017
See Also
android.app.admin.DevicePolicyManager#setPasswordMinimumLength(ComponentName, int)
android.app.admin.DevicePolicyManager#setPasswordQuality(ComponentName, int)
android.app.admin.DevicePolicyManager#setPasswordMinimumLetters(ComponentName, int)
android.app.admin.DevicePolicyManager#setPasswordMinimumNonLetter(ComponentName, int)
android.app.admin.DevicePolicyManager#setPasswordMinimumLowerCase(ComponentName, int)
android.app.admin.DevicePolicyManager#setPasswordMinimumUpperCase(ComponentName, int)
android.app.admin.DevicePolicyManager#setPasswordMinimumNumeric(ComponentName, int)
android.app.admin.DevicePolicyManager#setPasswordMinimumSymbols(ComponentName, int)
TAG_PASSWORD_EXPIRATION_SET
static val TAG_PASSWORD_EXPIRATION_SET: Int
Indicates that an admin has set a password expiration timeout. The log entry contains the following information about the event, encapsulated in an Object
array and accessible via SecurityEvent.getData()
:
String
) Integer
) Integer
) Long
).Value: 210016
TAG_PASSWORD_HISTORY_LENGTH_SET
static val TAG_PASSWORD_HISTORY_LENGTH_SET: Int
Indicates that an admin has set a password history length. The log entry contains the following information about the event encapsulated in an Object
array, accessible via SecurityEvent.getData()
:
String
) Integer
) Integer
) Integer
)Value: 210018
TAG_REMOTE_LOCK
static val TAG_REMOTE_LOCK: Int
Indicates that an admin remotely locked the device or profile. The log entry contains the following information about the event encapsulated in an Object
array, accessible via SecurityEvent.getData()
:
String
), Integer
). Integer
)Value: 210022
TAG_SYNC_RECV_FILE
static val TAG_SYNC_RECV_FILE: Int
Indicates that a file was pulled from the device via the adb daemon, for example via adb pull
. The log entry contains a String
payload containing the path of the pulled file on the device, accessible via SecurityEvent.getData()
.
Value: 210003
TAG_SYNC_SEND_FILE
static val TAG_SYNC_SEND_FILE: Int
Indicates that a file was pushed to the device via the adb daemon, for example via adb push
. The log entry contains a String
payload containing the destination path of the pushed file, accessible via SecurityEvent.getData()
.
Value: 210004
TAG_USER_RESTRICTION_ADDED
static val TAG_USER_RESTRICTION_ADDED: Int
Indicates that an admin has set a user restriction. The log entry contains the following information about the event, encapsulated in an Object
array and accessible via SecurityEvent.getData()
:
String
) Integer
) String
)Value: 210027
TAG_USER_RESTRICTION_REMOVED
static val TAG_USER_RESTRICTION_REMOVED: Int
Indicates that an admin has removed a user restriction. The log entry contains the following information about the event, encapsulated in an Object
array and accessible via SecurityEvent.getData()
:
String
) Integer
) String
)Value: 210028
TAG_WIFI_CONNECTION
static val TAG_WIFI_CONNECTION: Int
Indicates that an event occurred as the device attempted to connect to a managed WiFi network. The log entry contains the following information about the event, encapsulated in an Object
array and accessible via SecurityEvent.getData()
:
String
, in the form "xx:xx:xx:xx:AA:BB") String
). Event types are CONNECTED, DISCONNECTED, ASSOCIATING, ASSOCIATED, EAP_METHOD_SELECTED, EAP_FAILURE, SSID_TEMP_DISABLED, and OPEN_SSL_FAILURE. String
)Value: 210037
TAG_WIFI_DISCONNECTION
static val TAG_WIFI_DISCONNECTION: Int
Indicates that the device disconnects from a managed WiFi network. The log entry contains the following information about the event, encapsulated in an Object
array and accessible via SecurityEvent.getData()
:
String
, in the form "xx:xx:xx:xx:AA:BB") String
)Value: 210038
TAG_WIPE_FAILURE
static val TAG_WIPE_FAILURE: Int
Indicates a failure to wipe device or user data. There is no extra payload in the log event.
Value: 210023
Public constructors
SecurityLog
SecurityLog()