public class DevicePolicyManager extends Object
DeviceAdminReceiver
that the user
has currently enabled.
For more information about managing policies for device adminstration, read the Device Administration developer guide.
Modifier and Type | Field and Description |
---|---|
static String |
ACTION_ADD_DEVICE_ADMIN
Activity action: ask the user to add a new device administrator to the system.
|
static String |
ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED
Activity action: send when any policy admin changes a policy.
|
static String |
ACTION_SET_NEW_PASSWORD
Activity action: have the user enter a new password.
|
static String |
ACTION_START_ENCRYPTION
Activity action: begin the process of encrypting data on the device.
|
static int |
ENCRYPTION_STATUS_ACTIVATING
Result code for
setStorageEncryption(android.content.ComponentName, boolean) and getStorageEncryptionStatus() :
indicating that encryption is not currently active, but is currently
being activated. |
static int |
ENCRYPTION_STATUS_ACTIVE
Result code for
setStorageEncryption(android.content.ComponentName, boolean) and getStorageEncryptionStatus() :
indicating that encryption is active. |
static int |
ENCRYPTION_STATUS_INACTIVE
Result code for
setStorageEncryption(android.content.ComponentName, boolean) and getStorageEncryptionStatus() :
indicating that encryption is supported, but is not currently active. |
static int |
ENCRYPTION_STATUS_UNSUPPORTED
Result code for
setStorageEncryption(android.content.ComponentName, boolean) and getStorageEncryptionStatus() :
indicating that encryption is not supported. |
static String |
EXTRA_ADD_EXPLANATION
An optional CharSequence providing additional explanation for why the
admin is being added.
|
static String |
EXTRA_DEVICE_ADMIN
The ComponentName of the administrator component.
|
static int |
KEYGUARD_DISABLE_FEATURES_ALL
Disable all current and future keyguard customizations.
|
static int |
KEYGUARD_DISABLE_FEATURES_NONE
Widgets are enabled in keyguard
|
static int |
KEYGUARD_DISABLE_SECURE_CAMERA
Disable the camera on secure keyguard screens (e.g.
|
static int |
KEYGUARD_DISABLE_WIDGETS_ALL
Disable all keyguard widgets
|
static int |
PASSWORD_QUALITY_ALPHABETIC
Constant for
setPasswordQuality(android.content.ComponentName, int) : the user must have entered a
password containing at least alphabetic (or other symbol) characters. |
static int |
PASSWORD_QUALITY_ALPHANUMERIC
Constant for
setPasswordQuality(android.content.ComponentName, int) : the user must have entered a
password containing at least both> numeric and
alphabetic (or other symbol) characters. |
static int |
PASSWORD_QUALITY_BIOMETRIC_WEAK
Constant for
setPasswordQuality(android.content.ComponentName, int) : the policy allows for low-security biometric
recognition technology. |
static int |
PASSWORD_QUALITY_COMPLEX
Constant for
setPasswordQuality(android.content.ComponentName, int) : the user must have entered a
password containing at least a letter, a numerical digit and a special
symbol, by default. |
static int |
PASSWORD_QUALITY_NUMERIC
Constant for
setPasswordQuality(android.content.ComponentName, int) : the user must have entered a
password containing at least numeric characters. |
static int |
PASSWORD_QUALITY_SOMETHING
Constant for
setPasswordQuality(android.content.ComponentName, int) : the policy requires some kind
of password, but doesn't care what it is. |
static int |
PASSWORD_QUALITY_UNSPECIFIED
Constant for
setPasswordQuality(android.content.ComponentName, int) : the policy has no requirements
for the password. |
static int |
RESET_PASSWORD_REQUIRE_ENTRY
Flag for
resetPassword(java.lang.String, int) : don't allow other admins to change
the password again until the user has entered it. |
static int |
WIPE_EXTERNAL_STORAGE
Flag for
wipeData(int) : also erase the device's external
storage. |
Modifier and Type | Method and Description |
---|---|
static DevicePolicyManager |
create(Context context,
Handler handler) |
List<ComponentName> |
getActiveAdmins()
Return a list of all currently active device administrator's component
names.
|
DeviceAdminInfo |
getAdminInfo(ComponentName cn)
Returns the DeviceAdminInfo as defined by the administrator's package info & meta-data
|
boolean |
getCameraDisabled(ComponentName admin)
Determine whether or not the device's cameras have been disabled either by the current
admin, if specified, or all admins.
|
boolean |
getCameraDisabled(ComponentName admin,
int userHandle) |
int |
getCurrentFailedPasswordAttempts()
Retrieve the number of times the user has failed at entering a
password since that last successful password entry.
|
ComponentName |
getGlobalProxyAdmin()
Returns the component name setting the global proxy.
|
int |
getKeyguardDisabledFeatures(ComponentName admin)
Determine whether or not features have been disabled in keyguard either by the current
admin, if specified, or all admins.
|
int |
getKeyguardDisabledFeatures(ComponentName admin,
int userHandle) |
int |
getMaximumFailedPasswordsForWipe(ComponentName admin)
Retrieve the current maximum number of login attempts that are allowed
before the device wipes itself, for all admins
or a particular one.
|
int |
getMaximumFailedPasswordsForWipe(ComponentName admin,
int userHandle) |
long |
getMaximumTimeToLock(ComponentName admin)
Retrieve the current maximum time to unlock for all admins
or a particular one.
|
long |
getMaximumTimeToLock(ComponentName admin,
int userHandle) |
long |
getPasswordExpiration(ComponentName admin)
Get the current password expiration time for the given admin or an aggregate of
all admins if admin is null.
|
long |
getPasswordExpirationTimeout(ComponentName admin)
Get the password expiration timeout for the given admin.
|
int |
getPasswordHistoryLength(ComponentName admin)
Retrieve the current password history length for all admins
or a particular one.
|
int |
getPasswordHistoryLength(ComponentName admin,
int userHandle) |
int |
getPasswordMaximumLength(int quality)
Return the maximum password length that the device supports for a
particular password quality.
|
int |
getPasswordMinimumLength(ComponentName admin)
Retrieve the current minimum password length for all admins
or a particular one.
|
int |
getPasswordMinimumLength(ComponentName admin,
int userHandle) |
int |
getPasswordMinimumLetters(ComponentName admin)
Retrieve the current number of letters required in the password for all
admins or a particular one.
|
int |
getPasswordMinimumLetters(ComponentName admin,
int userHandle) |
int |
getPasswordMinimumLowerCase(ComponentName admin)
Retrieve the current number of lower case letters required in the
password for all admins or a particular one.
|
int |
getPasswordMinimumLowerCase(ComponentName admin,
int userHandle) |
int |
getPasswordMinimumNonLetter(ComponentName admin)
Retrieve the current number of non-letter characters required in the
password for all admins or a particular one.
|
int |
getPasswordMinimumNonLetter(ComponentName admin,
int userHandle) |
int |
getPasswordMinimumNumeric(ComponentName admin)
Retrieve the current number of numerical digits required in the password
for all admins or a particular one.
|
int |
getPasswordMinimumNumeric(ComponentName admin,
int userHandle) |
int |
getPasswordMinimumSymbols(ComponentName admin)
Retrieve the current number of symbols required in the password for all
admins or a particular one.
|
int |
getPasswordMinimumSymbols(ComponentName admin,
int userHandle) |
int |
getPasswordMinimumUpperCase(ComponentName admin)
Retrieve the current number of upper case letters required in the
password for all admins or a particular one.
|
int |
getPasswordMinimumUpperCase(ComponentName admin,
int userHandle) |
int |
getPasswordQuality(ComponentName admin)
Retrieve the current minimum password quality for all admins
or a particular one.
|
int |
getPasswordQuality(ComponentName admin,
int userHandle) |
void |
getRemoveWarning(ComponentName admin,
RemoteCallback result) |
boolean |
getStorageEncryption(ComponentName admin)
Called by an application that is administering the device to
determine the requested setting for secure storage.
|
int |
getStorageEncryptionStatus()
Called by an application that is administering the device to
determine the current encryption status of the device.
|
int |
getStorageEncryptionStatus(int userHandle) |
boolean |
hasGrantedPolicy(ComponentName admin,
int usesPolicy)
Returns true if an administrator has been granted a particular device policy.
|
boolean |
isActivePasswordSufficient()
Determine whether the current password the user has set is sufficient
to meet the policy requirements (quality, minimum length) that have been
requested.
|
boolean |
isAdminActive(ComponentName who)
Return true if the given administrator component is currently
active (enabled) in the system.
|
void |
lockNow()
Make the device lock immediately, as if the lock screen timeout has
expired at the point of this call.
|
boolean |
packageHasActiveAdmins(String packageName)
Used by package administration code to determine if a package can be stopped
or uninstalled.
|
void |
removeActiveAdmin(ComponentName who)
Remove a current administration component.
|
void |
reportFailedPasswordAttempt(int userHandle) |
void |
reportSuccessfulPasswordAttempt(int userHandle) |
boolean |
resetPassword(String password,
int flags)
Force a new device unlock password (the password needed to access the
entire device, not for individual accounts) on the user.
|
void |
setActiveAdmin(ComponentName policyReceiver,
boolean refreshing) |
void |
setActivePasswordState(int quality,
int length,
int letters,
int uppercase,
int lowercase,
int numbers,
int symbols,
int nonletter,
int userHandle) |
void |
setCameraDisabled(ComponentName admin,
boolean disabled)
Called by an application that is administering the device to disable all cameras
on the device.
|
ComponentName |
setGlobalProxy(ComponentName admin,
Proxy proxySpec,
List<String> exclusionList)
Called by an application that is administering the device to set the
global proxy and exclusion list.
|
void |
setKeyguardDisabledFeatures(ComponentName admin,
int which)
Called by an application that is administering the device to disable keyguard customizations,
such as widgets.
|
void |
setMaximumFailedPasswordsForWipe(ComponentName admin,
int num)
Setting this to a value greater than zero enables a built-in policy
that will perform a device wipe after too many incorrect
device-unlock passwords have been entered.
|
void |
setMaximumTimeToLock(ComponentName admin,
long timeMs)
Called by an application that is administering the device to set the
maximum time for user activity until the device will lock.
|
void |
setPasswordExpirationTimeout(ComponentName admin,
long timeout)
Called by a device admin to set the password expiration timeout.
|
void |
setPasswordHistoryLength(ComponentName admin,
int length)
Called by an application that is administering the device to set the length
of the password history.
|
void |
setPasswordMinimumLength(ComponentName admin,
int length)
Called by an application that is administering the device to set the
minimum allowed password length.
|
void |
setPasswordMinimumLetters(ComponentName admin,
int length)
Called by an application that is administering the device to set the
minimum number of letters required in the password.
|
void |
setPasswordMinimumLowerCase(ComponentName admin,
int length)
Called by an application that is administering the device to set the
minimum number of lower case letters required in the password.
|
void |
setPasswordMinimumNonLetter(ComponentName admin,
int length)
Called by an application that is administering the device to set the
minimum number of non-letter characters (numerical digits or symbols)
required in the password.
|
void |
setPasswordMinimumNumeric(ComponentName admin,
int length)
Called by an application that is administering the device to set the
minimum number of numerical digits required in the password.
|
void |
setPasswordMinimumSymbols(ComponentName admin,
int length)
Called by an application that is administering the device to set the
minimum number of symbols required in the password.
|
void |
setPasswordMinimumUpperCase(ComponentName admin,
int length)
Called by an application that is administering the device to set the
minimum number of upper case letters required in the password.
|
void |
setPasswordQuality(ComponentName admin,
int quality)
Called by an application that is administering the device to set the
password restrictions it is imposing.
|
int |
setStorageEncryption(ComponentName admin,
boolean encrypt)
Called by an application that is administering the device to
request that the storage system be encrypted.
|
void |
wipeData(int flags)
Ask the user date be wiped.
|
public static final String ACTION_ADD_DEVICE_ADMIN
EXTRA_DEVICE_ADMIN
extra field. This will invoke a UI to
bring the user through adding the device administrator to the system (or
allowing them to reject it).
You can optionally include the EXTRA_ADD_EXPLANATION
field to provide the user with additional explanation (in addition
to your component's description) about what is being added.
If your administrator is already active, this will ordinarily return immediately (without user intervention). However, if your administrator has been updated and is requesting additional uses-policy flags, the user will be presented with the new list. New policies will not be available to the updated administrator until the user has accepted the new list.
public static final String ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED
public static final String EXTRA_DEVICE_ADMIN
ACTION_ADD_DEVICE_ADMIN
,
Constant Field Valuespublic static final String EXTRA_ADD_EXPLANATION
ACTION_ADD_DEVICE_ADMIN
,
Constant Field Valuespublic static final String ACTION_SET_NEW_PASSWORD
setPasswordQuality(ComponentName, int)
,
or setPasswordMinimumLength(ComponentName, int)
to have the user
enter a new password that meets the current requirements. You can use
isActivePasswordSufficient()
to determine whether you need to
have the user select a new password in order to meet the current
constraints. Upon being resumed from this activity, you can check the new
password characteristics to see if they are sufficient.public static final int PASSWORD_QUALITY_UNSPECIFIED
setPasswordQuality(android.content.ComponentName, int)
: the policy has no requirements
for the password. Note that quality constants are ordered so that higher
values are more restrictive.public static final int PASSWORD_QUALITY_BIOMETRIC_WEAK
setPasswordQuality(android.content.ComponentName, int)
: the policy allows for low-security biometric
recognition technology. This implies technologies that can recognize the identity of
an individual to about a 3 digit PIN (false detection is less than 1 in 1,000).
Note that quality constants are ordered so that higher values are more restrictive.public static final int PASSWORD_QUALITY_SOMETHING
setPasswordQuality(android.content.ComponentName, int)
: the policy requires some kind
of password, but doesn't care what it is. Note that quality constants
are ordered so that higher values are more restrictive.public static final int PASSWORD_QUALITY_NUMERIC
setPasswordQuality(android.content.ComponentName, int)
: the user must have entered a
password containing at least numeric characters. Note that quality
constants are ordered so that higher values are more restrictive.public static final int PASSWORD_QUALITY_ALPHABETIC
setPasswordQuality(android.content.ComponentName, int)
: the user must have entered a
password containing at least alphabetic (or other symbol) characters.
Note that quality constants are ordered so that higher values are more
restrictive.public static final int PASSWORD_QUALITY_ALPHANUMERIC
setPasswordQuality(android.content.ComponentName, int)
: the user must have entered a
password containing at least both> numeric and
alphabetic (or other symbol) characters. Note that quality constants are
ordered so that higher values are more restrictive.public static final int PASSWORD_QUALITY_COMPLEX
setPasswordQuality(android.content.ComponentName, int)
: the user must have entered a
password containing at least a letter, a numerical digit and a special
symbol, by default. With this password quality, passwords can be
restricted to contain various sets of characters, like at least an
uppercase letter, etc. These are specified using various methods,
like setPasswordMinimumLowerCase(ComponentName, int)
. Note
that quality constants are ordered so that higher values are more
restrictive.public static final int RESET_PASSWORD_REQUIRE_ENTRY
resetPassword(java.lang.String, int)
: don't allow other admins to change
the password again until the user has entered it.public static final int WIPE_EXTERNAL_STORAGE
wipeData(int)
: also erase the device's external
storage.public static final int ENCRYPTION_STATUS_UNSUPPORTED
setStorageEncryption(android.content.ComponentName, boolean)
and getStorageEncryptionStatus()
:
indicating that encryption is not supported.public static final int ENCRYPTION_STATUS_INACTIVE
setStorageEncryption(android.content.ComponentName, boolean)
and getStorageEncryptionStatus()
:
indicating that encryption is supported, but is not currently active.public static final int ENCRYPTION_STATUS_ACTIVATING
setStorageEncryption(android.content.ComponentName, boolean)
and getStorageEncryptionStatus()
:
indicating that encryption is not currently active, but is currently
being activated. This is only reported by devices that support
encryption of data and only when the storage is currently
undergoing a process of becoming encrypted. A device that must reboot and/or wipe data
to become encrypted will never return this value.public static final int ENCRYPTION_STATUS_ACTIVE
setStorageEncryption(android.content.ComponentName, boolean)
and getStorageEncryptionStatus()
:
indicating that encryption is active.public static final String ACTION_START_ENCRYPTION
setStorageEncryption(android.content.ComponentName, boolean)
to request encryption be activated.
After resuming from this activity, use getStorageEncryption(android.content.ComponentName)
to check encryption status. However, on some devices this activity may never return, as
it may trigger a reboot and in some cases a complete data wipe of the device.public static final int KEYGUARD_DISABLE_FEATURES_NONE
public static final int KEYGUARD_DISABLE_WIDGETS_ALL
public static final int KEYGUARD_DISABLE_SECURE_CAMERA
public static final int KEYGUARD_DISABLE_FEATURES_ALL
public static DevicePolicyManager create(Context context, Handler handler)
public boolean isAdminActive(ComponentName who)
public List<ComponentName> getActiveAdmins()
public boolean packageHasActiveAdmins(String packageName)
public void removeActiveAdmin(ComponentName who)
public boolean hasGrantedPolicy(ComponentName admin, int usesPolicy)
admin
- Which DeviceAdminReceiver
this request is associated with. Must be
an active administrator, or an exception will be thrown.usesPolicy
- Which uses-policy to check, as defined in DeviceAdminInfo
.public void setPasswordQuality(ComponentName admin, int quality)
ACTION_SET_NEW_PASSWORD
after setting this value.
Quality constants are ordered so that higher values are more restrictive; thus the highest requested quality constant (between the policy set here, the user's preference, and any other considerations) is the one that is in effect.
The calling device admin must have requested
DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD
to be able to call
this method; if it has not, a security exception will be thrown.
admin
- Which DeviceAdminReceiver
this request is associated with.quality
- The new desired quality. One of
PASSWORD_QUALITY_UNSPECIFIED
, PASSWORD_QUALITY_SOMETHING
,
PASSWORD_QUALITY_NUMERIC
, PASSWORD_QUALITY_ALPHABETIC
,
PASSWORD_QUALITY_ALPHANUMERIC
or PASSWORD_QUALITY_COMPLEX
.public int getPasswordQuality(ComponentName admin)
admin
- The name of the admin component to check, or null to aggregate
all admins.public int getPasswordQuality(ComponentName admin, int userHandle)
public void setPasswordMinimumLength(ComponentName admin, int length)
ACTION_SET_NEW_PASSWORD
after setting this value. This
constraint is only imposed if the administrator has also requested either
PASSWORD_QUALITY_NUMERIC
, PASSWORD_QUALITY_ALPHABETIC
PASSWORD_QUALITY_ALPHANUMERIC
, or PASSWORD_QUALITY_COMPLEX
with setPasswordQuality(android.content.ComponentName, int)
.
The calling device admin must have requested
DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD
to be able to call
this method; if it has not, a security exception will be thrown.
admin
- Which DeviceAdminReceiver
this request is associated with.length
- The new desired minimum password length. A value of 0
means there is no restriction.public int getPasswordMinimumLength(ComponentName admin)
admin
- The name of the admin component to check, or null to aggregate
all admins.public int getPasswordMinimumLength(ComponentName admin, int userHandle)
public void setPasswordMinimumUpperCase(ComponentName admin, int length)
ACTION_SET_NEW_PASSWORD
after setting this value. This
constraint is only imposed if the administrator has also requested
PASSWORD_QUALITY_COMPLEX
with setPasswordQuality(android.content.ComponentName, int)
. The
default value is 0.
The calling device admin must have requested
DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD
to be able to call
this method; if it has not, a security exception will be thrown.
admin
- Which DeviceAdminReceiver
this request is associated
with.length
- The new desired minimum number of upper case letters
required in the password. A value of 0 means there is no
restriction.public int getPasswordMinimumUpperCase(ComponentName admin)
setPasswordMinimumUpperCase(ComponentName, int)
and only applies when the password quality is
PASSWORD_QUALITY_COMPLEX
.admin
- The name of the admin component to check, or null to
aggregate all admins.public int getPasswordMinimumUpperCase(ComponentName admin, int userHandle)
public void setPasswordMinimumLowerCase(ComponentName admin, int length)
ACTION_SET_NEW_PASSWORD
after setting this value. This
constraint is only imposed if the administrator has also requested
PASSWORD_QUALITY_COMPLEX
with setPasswordQuality(android.content.ComponentName, int)
. The
default value is 0.
The calling device admin must have requested
DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD
to be able to call
this method; if it has not, a security exception will be thrown.
admin
- Which DeviceAdminReceiver
this request is associated
with.length
- The new desired minimum number of lower case letters
required in the password. A value of 0 means there is no
restriction.public int getPasswordMinimumLowerCase(ComponentName admin)
setPasswordMinimumLowerCase(ComponentName, int)
and only applies when the password quality is
PASSWORD_QUALITY_COMPLEX
.admin
- The name of the admin component to check, or null to
aggregate all admins.public int getPasswordMinimumLowerCase(ComponentName admin, int userHandle)
public void setPasswordMinimumLetters(ComponentName admin, int length)
ACTION_SET_NEW_PASSWORD
after setting this value. This
constraint is only imposed if the administrator has also requested
PASSWORD_QUALITY_COMPLEX
with setPasswordQuality(android.content.ComponentName, int)
. The
default value is 1.
The calling device admin must have requested
DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD
to be able to call
this method; if it has not, a security exception will be thrown.
admin
- Which DeviceAdminReceiver
this request is associated
with.length
- The new desired minimum number of letters required in the
password. A value of 0 means there is no restriction.public int getPasswordMinimumLetters(ComponentName admin)
setPasswordMinimumLetters(ComponentName, int)
and only applies when the password quality is
PASSWORD_QUALITY_COMPLEX
.admin
- The name of the admin component to check, or null to
aggregate all admins.public int getPasswordMinimumLetters(ComponentName admin, int userHandle)
public void setPasswordMinimumNumeric(ComponentName admin, int length)
ACTION_SET_NEW_PASSWORD
after setting this value. This
constraint is only imposed if the administrator has also requested
PASSWORD_QUALITY_COMPLEX
with setPasswordQuality(android.content.ComponentName, int)
. The
default value is 1.
The calling device admin must have requested
DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD
to be able to call
this method; if it has not, a security exception will be thrown.
admin
- Which DeviceAdminReceiver
this request is associated
with.length
- The new desired minimum number of numerical digits required
in the password. A value of 0 means there is no restriction.public int getPasswordMinimumNumeric(ComponentName admin)
setPasswordMinimumNumeric(ComponentName, int)
and only applies when the password quality is
PASSWORD_QUALITY_COMPLEX
.admin
- The name of the admin component to check, or null to
aggregate all admins.public int getPasswordMinimumNumeric(ComponentName admin, int userHandle)
public void setPasswordMinimumSymbols(ComponentName admin, int length)
ACTION_SET_NEW_PASSWORD
after setting this value. This
constraint is only imposed if the administrator has also requested
PASSWORD_QUALITY_COMPLEX
with setPasswordQuality(android.content.ComponentName, int)
. The
default value is 1.
The calling device admin must have requested
DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD
to be able to call
this method; if it has not, a security exception will be thrown.
admin
- Which DeviceAdminReceiver
this request is associated
with.length
- The new desired minimum number of symbols required in the
password. A value of 0 means there is no restriction.public int getPasswordMinimumSymbols(ComponentName admin)
setPasswordMinimumSymbols(ComponentName, int)
and only applies when the password quality is
PASSWORD_QUALITY_COMPLEX
.admin
- The name of the admin component to check, or null to
aggregate all admins.public int getPasswordMinimumSymbols(ComponentName admin, int userHandle)
public void setPasswordMinimumNonLetter(ComponentName admin, int length)
ACTION_SET_NEW_PASSWORD
after
setting this value. This constraint is only imposed if the administrator
has also requested PASSWORD_QUALITY_COMPLEX
with
setPasswordQuality(android.content.ComponentName, int)
. The default value is 0.
The calling device admin must have requested
DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD
to be able to call
this method; if it has not, a security exception will be thrown.
admin
- Which DeviceAdminReceiver
this request is associated
with.length
- The new desired minimum number of letters required in the
password. A value of 0 means there is no restriction.public int getPasswordMinimumNonLetter(ComponentName admin)
setPasswordMinimumNonLetter(ComponentName, int)
and only applies when the password quality is
PASSWORD_QUALITY_COMPLEX
.admin
- The name of the admin component to check, or null to
aggregate all admins.public int getPasswordMinimumNonLetter(ComponentName admin, int userHandle)
public void setPasswordHistoryLength(ComponentName admin, int length)
ACTION_SET_NEW_PASSWORD
after setting this value.
This constraint is only imposed if the administrator has also requested
either PASSWORD_QUALITY_NUMERIC
,
PASSWORD_QUALITY_ALPHABETIC
, or
PASSWORD_QUALITY_ALPHANUMERIC
with setPasswordQuality(android.content.ComponentName, int)
.
The calling device admin must have requested
DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD
to be able to call this
method; if it has not, a security exception will be thrown.
admin
- Which DeviceAdminReceiver
this request is associated
with.length
- The new desired length of password history. A value of 0
means there is no restriction.public void setPasswordExpirationTimeout(ComponentName admin, long timeout)
The provided timeout is the time delta in ms and will be added to the current time. For example, to have the password expire 5 days from now, timeout would be 5 * 86400 * 1000 = 432000000 ms for timeout.
To disable password expiration, a value of 0 may be used for timeout.
The calling device admin must have requested
DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD
to be able to call this
method; if it has not, a security exception will be thrown.
admin
- Which DeviceAdminReceiver
this request is associated with.timeout
- The limit (in ms) that a password can remain in effect. A value of 0
means there is no restriction (unlimited).public long getPasswordExpirationTimeout(ComponentName admin)
setPasswordExpirationTimeout(ComponentName, long)
for the given admin or the
aggregate of all policy administrators if admin is null.admin
- The name of the admin component to check, or null to aggregate all admins.public long getPasswordExpiration(ComponentName admin)
admin
- The name of the admin component to check, or null to aggregate all admins.public int getPasswordHistoryLength(ComponentName admin)
admin
- The name of the admin component to check, or null to aggregate
all admins.public int getPasswordHistoryLength(ComponentName admin, int userHandle)
public int getPasswordMaximumLength(int quality)
quality
- The quality being interrogated.public boolean isActivePasswordSufficient()
The calling device admin must have requested
DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD
to be able to call
this method; if it has not, a security exception will be thrown.
public int getCurrentFailedPasswordAttempts()
The calling device admin must have requested
DeviceAdminInfo.USES_POLICY_WATCH_LOGIN
to be able to call
this method; if it has not, a security exception will be thrown.
public void setMaximumFailedPasswordsForWipe(ComponentName admin, int num)
DeviceAdminInfo.USES_POLICY_WATCH_LOGIN
and
DeviceAdminInfo.USES_POLICY_WIPE_DATA
}.
To implement any other policy (e.g. wiping data for a particular
application only, erasing or revoking credentials, or reporting the
failure to a server), you should implement
DeviceAdminReceiver.onPasswordFailed(Context, android.content.Intent)
instead. Do not use this API, because if the maximum count is reached,
the device will be wiped immediately, and your callback will not be invoked.
admin
- Which DeviceAdminReceiver
this request is associated with.num
- The number of failed password attempts at which point the
device will wipe its data.public int getMaximumFailedPasswordsForWipe(ComponentName admin)
admin
- The name of the admin component to check, or null to aggregate
all admins.public int getMaximumFailedPasswordsForWipe(ComponentName admin, int userHandle)
public boolean resetPassword(String password, int flags)
getPasswordQuality(ComponentName)
and
getPasswordMinimumLength(ComponentName)
; if it does not meet
these constraints, then it will be rejected and false returned. Note
that the password may be a stronger quality (containing alphanumeric
characters when the requested quality is only numeric), in which case
the currently active quality will be increased to match.
The calling device admin must have requested
DeviceAdminInfo.USES_POLICY_RESET_PASSWORD
to be able to call
this method; if it has not, a security exception will be thrown.
password
- The new password for the user.flags
- May be 0 or RESET_PASSWORD_REQUIRE_ENTRY
.public void setMaximumTimeToLock(ComponentName admin, long timeMs)
The calling device admin must have requested
DeviceAdminInfo.USES_POLICY_FORCE_LOCK
to be able to call
this method; if it has not, a security exception will be thrown.
admin
- Which DeviceAdminReceiver
this request is associated with.timeMs
- The new desired maximum time to lock in milliseconds.
A value of 0 means there is no restriction.public long getMaximumTimeToLock(ComponentName admin)
admin
- The name of the admin component to check, or null to aggregate
all admins.public long getMaximumTimeToLock(ComponentName admin, int userHandle)
public void lockNow()
The calling device admin must have requested
DeviceAdminInfo.USES_POLICY_FORCE_LOCK
to be able to call
this method; if it has not, a security exception will be thrown.
public void wipeData(int flags)
WIPE_EXTERNAL_STORAGE
is set.
The calling device admin must have requested
DeviceAdminInfo.USES_POLICY_WIPE_DATA
to be able to call
this method; if it has not, a security exception will be thrown.
flags
- Bit mask of additional options: currently 0 and
WIPE_EXTERNAL_STORAGE
are supported.public ComponentName setGlobalProxy(ComponentName admin, Proxy proxySpec, List<String> exclusionList)
The calling device admin must have requested
DeviceAdminInfo.USES_POLICY_SETS_GLOBAL_PROXY
to be able to call
this method; if it has not, a security exception will be thrown.
Only the first device admin can set the proxy. If a second admin attempts
to set the proxy, the ComponentName
of the admin originally setting the
proxy will be returned. If successful in setting the proxy, null will
be returned.
The method can be called repeatedly by the device admin alrady setting the
proxy to update the proxy and exclusion list.
admin
- Which DeviceAdminReceiver
this request is associated
with.proxySpec
- the global proxy desired. Must be an HTTP Proxy.
Pass Proxy.NO_PROXY to reset the proxy.exclusionList
- a list of domains to be excluded from the global proxy.ComponentName
of the device admin that sets thew proxy otherwise.public ComponentName getGlobalProxyAdmin()
public int setStorageEncryption(ComponentName admin, boolean encrypt)
When multiple device administrators attempt to control device
encryption, the most secure, supported setting will always be
used. If any device administrator requests device encryption,
it will be enabled; Conversely, if a device administrator
attempts to disable device encryption while another
device administrator has enabled it, the call to disable will
fail (most commonly returning ENCRYPTION_STATUS_ACTIVE
).
This policy controls encryption of the secure (application data) storage area. Data
written to other storage areas may or may not be encrypted, and this policy does not require
or control the encryption of any other storage areas.
There is one exception: If Environment.isExternalStorageEmulated()
is
true
, then the directory returned by
Environment.getExternalStorageDirectory()
must be written to disk
within the encrypted storage area.
Important Note: On some devices, it is possible to encrypt storage without requiring the user to create a device PIN or Password. In this case, the storage is encrypted, but the encryption key may not be fully secured. For maximum security, the administrator should also require (and check for) a pattern, PIN, or password.
admin
- Which DeviceAdminReceiver
this request is associated with.encrypt
- true to request encryption, false to release any previous requestENCRYPTION_STATUS_UNSUPPORTED
, ENCRYPTION_STATUS_INACTIVE
, or
ENCRYPTION_STATUS_ACTIVE
. This is the value of the requests; Use
getStorageEncryptionStatus()
to query the actual device state.public boolean getStorageEncryption(ComponentName admin)
admin
- Which DeviceAdminReceiver
this request is associated with. If null,
this will return the requested encryption setting as an aggregate of all active
administrators.public int getStorageEncryptionStatus()
ENCRYPTION_STATUS_UNSUPPORTED
, the
storage system does not support encryption. If the
result is ENCRYPTION_STATUS_INACTIVE
, use ACTION_START_ENCRYPTION
to begin the process of encrypting or decrypting the
storage. If the result is ENCRYPTION_STATUS_ACTIVATING
or
ENCRYPTION_STATUS_ACTIVE
, no further action is required.ENCRYPTION_STATUS_UNSUPPORTED
, ENCRYPTION_STATUS_INACTIVE
,
ENCRYPTION_STATUS_ACTIVATING
, orENCRYPTION_STATUS_ACTIVE
.public int getStorageEncryptionStatus(int userHandle)
public void setCameraDisabled(ComponentName admin, boolean disabled)
The calling device admin must have requested
DeviceAdminInfo.USES_POLICY_DISABLE_CAMERA
to be able to call
this method; if it has not, a security exception will be thrown.
admin
- Which DeviceAdminReceiver
this request is associated with.disabled
- Whether or not the camera should be disabled.public boolean getCameraDisabled(ComponentName admin)
admin
- The name of the admin component to check, or null to check if any admins
have disabled the camerapublic boolean getCameraDisabled(ComponentName admin, int userHandle)
public void setKeyguardDisabledFeatures(ComponentName admin, int which)
The calling device admin must have requested
DeviceAdminInfo.USES_POLICY_DISABLE_KEYGUARD_FEATURES
to be able to call
this method; if it has not, a security exception will be thrown.
admin
- Which DeviceAdminReceiver
this request is associated with.which
- KEYGUARD_DISABLE_FEATURES_NONE
(default),
KEYGUARD_DISABLE_WIDGETS_ALL
, KEYGUARD_DISABLE_SECURE_CAMERA
,
KEYGUARD_DISABLE_FEATURES_ALL
public int getKeyguardDisabledFeatures(ComponentName admin)
admin
- The name of the admin component to check, or null to check if any admins
have disabled features in keyguard.setKeyguardDisabledFeatures(ComponentName, int)
for a list.public int getKeyguardDisabledFeatures(ComponentName admin, int userHandle)
public void setActiveAdmin(ComponentName policyReceiver, boolean refreshing)
public DeviceAdminInfo getAdminInfo(ComponentName cn)
public void getRemoveWarning(ComponentName admin, RemoteCallback result)
public void setActivePasswordState(int quality, int length, int letters, int uppercase, int lowercase, int numbers, int symbols, int nonletter, int userHandle)
public void reportFailedPasswordAttempt(int userHandle)
public void reportSuccessfulPasswordAttempt(int userHandle)