Android APIs
public class

DevicePolicyManager

extends Object
java.lang.Object
   ↳ android.app.admin.DevicePolicyManager

Class Overview

Public interface for managing policies enforced on a device. Most clients of this class must be registered with the system as a device administrator. Additionally, a device administrator may be registered as either a profile or device owner. A given method is accessible to all device administrators unless the documentation for that method specifies that it is restricted to either device or profile owners.

Developer Guides

For more information about managing policies for device administration, read the Device Administration developer guide.

Summary

Constants
String ACTION_ADD_DEVICE_ADMIN Activity action: ask the user to add a new device administrator to the system.
String ACTION_PROVISION_MANAGED_PROFILE Activity action: Starts the provisioning flow which sets up a managed profile.
String ACTION_SET_NEW_PASSWORD Activity action: have the user enter a new password.
String ACTION_START_ENCRYPTION Activity action: begin the process of encrypting data on the device.
int ENCRYPTION_STATUS_ACTIVATING Result code for setStorageEncryption(ComponentName, boolean) and getStorageEncryptionStatus(): indicating that encryption is not currently active, but is currently being activated.
int ENCRYPTION_STATUS_ACTIVE Result code for setStorageEncryption(ComponentName, boolean) and getStorageEncryptionStatus(): indicating that encryption is active.
int ENCRYPTION_STATUS_INACTIVE Result code for setStorageEncryption(ComponentName, boolean) and getStorageEncryptionStatus(): indicating that encryption is supported, but is not currently active.
int ENCRYPTION_STATUS_UNSUPPORTED Result code for setStorageEncryption(ComponentName, boolean) and getStorageEncryptionStatus(): indicating that encryption is not supported.
String EXTRA_ADD_EXPLANATION An optional CharSequence providing additional explanation for why the admin is being added.
String EXTRA_DEVICE_ADMIN The ComponentName of the administrator component.
String EXTRA_PROVISIONING_ACCOUNT_TO_MIGRATE An Account extra holding the account to migrate during managed profile provisioning.
String EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE A Parcelable extra of type PersistableBundle that allows a mobile device management application that starts managed profile provisioning to pass data to itself on the managed profile when provisioning completes.
String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM A String extra holding the SHA-1 checksum of the file at download location specified in EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION.
String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_COOKIE_HEADER A String extra holding a http cookie header which should be used in the http request to the url specified in EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION.
String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION A String extra holding a url that specifies the download location of the device admin package.
String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME A String extra holding the package name of the mobile device management application that will be set as the profile owner or device owner.
String EXTRA_PROVISIONING_EMAIL_ADDRESS A String extra that, holds the email address of the account which a managed profile is created for.
String EXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED A Boolean extra that can be used by the mobile device management application to skip the disabling of system apps during provisioning when set to true.
String EXTRA_PROVISIONING_LOCALE A String extra holding the Locale that the device will be set to.
String EXTRA_PROVISIONING_LOCAL_TIME A Long extra holding the wall clock time (in milliseconds) to be set on the device's AlarmManager.
String EXTRA_PROVISIONING_TIME_ZONE A String extra holding the time zone AlarmManager that the device will be set to.
String EXTRA_PROVISIONING_WIFI_HIDDEN A boolean extra indicating whether the wifi network in EXTRA_PROVISIONING_WIFI_SSID is hidden or not.
String EXTRA_PROVISIONING_WIFI_PAC_URL A String extra holding the proxy auto-config (PAC) URL for the wifi network in EXTRA_PROVISIONING_WIFI_SSID.
String EXTRA_PROVISIONING_WIFI_PASSWORD A String extra holding the password of the wifi network in EXTRA_PROVISIONING_WIFI_SSID.
String EXTRA_PROVISIONING_WIFI_PROXY_BYPASS A String extra holding the proxy bypass for the wifi network in EXTRA_PROVISIONING_WIFI_SSID.
String EXTRA_PROVISIONING_WIFI_PROXY_HOST A String extra holding the proxy host for the wifi network in EXTRA_PROVISIONING_WIFI_SSID.
String EXTRA_PROVISIONING_WIFI_PROXY_PORT An int extra holding the proxy port for the wifi network in EXTRA_PROVISIONING_WIFI_SSID.
String EXTRA_PROVISIONING_WIFI_SECURITY_TYPE A String extra indicating the security type of the wifi network in EXTRA_PROVISIONING_WIFI_SSID.
String EXTRA_PROVISIONING_WIFI_SSID A String extra holding the ssid of the wifi network that should be used during nfc device owner provisioning for downloading the mobile device management application.
int FLAG_MANAGED_CAN_ACCESS_PARENT Flag used by addCrossProfileIntentFilter(ComponentName, IntentFilter, int) to allow activities in the managed profile to access intents sent from the parent profile.
int FLAG_PARENT_CAN_ACCESS_MANAGED Flag used by addCrossProfileIntentFilter(ComponentName, IntentFilter, int) to allow activities in the parent profile to access intents sent from the managed profile.
int KEYGUARD_DISABLE_FEATURES_ALL Disable all current and future keyguard customizations.
int KEYGUARD_DISABLE_FEATURES_NONE Widgets are enabled in keyguard
int KEYGUARD_DISABLE_FINGERPRINT Disable fingerprint sensor on keyguard secure screens (e.g.
int KEYGUARD_DISABLE_SECURE_CAMERA Disable the camera on secure keyguard screens (e.g.
int KEYGUARD_DISABLE_SECURE_NOTIFICATIONS Disable showing all notifications on secure keyguard screens (e.g.
int KEYGUARD_DISABLE_TRUST_AGENTS Ignore trust agent state on secure keyguard screens (e.g.
int KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS Only allow redacted notifications on secure keyguard screens (e.g.
int KEYGUARD_DISABLE_WIDGETS_ALL Disable all keyguard widgets.
String MIME_TYPE_PROVISIONING_NFC This MIME type is used for starting the Device Owner provisioning.
int PASSWORD_QUALITY_ALPHABETIC Constant for setPasswordQuality(ComponentName, int): the user must have entered a password containing at least alphabetic (or other symbol) characters.
int PASSWORD_QUALITY_ALPHANUMERIC Constant for setPasswordQuality(ComponentName, int): the user must have entered a password containing at least both> numeric and alphabetic (or other symbol) characters.
int PASSWORD_QUALITY_BIOMETRIC_WEAK Constant for setPasswordQuality(ComponentName, int): the policy allows for low-security biometric recognition technology.
int PASSWORD_QUALITY_COMPLEX Constant for setPasswordQuality(ComponentName, int): the user must have entered a password containing at least a letter, a numerical digit and a special symbol, by default.
int PASSWORD_QUALITY_NUMERIC Constant for setPasswordQuality(ComponentName, int): the user must have entered a password containing at least numeric characters.
int PASSWORD_QUALITY_NUMERIC_COMPLEX Constant for setPasswordQuality(ComponentName, int): the user must have entered a password containing at least numeric characters with no repeating (4444) or ordered (1234, 4321, 2468) sequences.
int PASSWORD_QUALITY_SOMETHING Constant for setPasswordQuality(ComponentName, int): the policy requires some kind of password, but doesn't care what it is.
int PASSWORD_QUALITY_UNSPECIFIED Constant for setPasswordQuality(ComponentName, int): the policy has no requirements for the password.
int RESET_PASSWORD_REQUIRE_ENTRY Flag for resetPassword(String, int): don't allow other admins to change the password again until the user has entered it.
int WIPE_EXTERNAL_STORAGE Flag for wipeData(int): also erase the device's external storage (such as SD cards).
int WIPE_RESET_PROTECTION_DATA Flag for wipeData(int): also erase the factory reset protection data.
Public Methods
void addCrossProfileIntentFilter(ComponentName admin, IntentFilter filter, int flags)
Called by the profile owner of a managed profile so that some intents sent in the managed profile can also be resolved in the parent, or vice versa.
boolean addCrossProfileWidgetProvider(ComponentName admin, String packageName)
Called by the profile owner of a managed profile to enable widget providers from a given package to be available in the parent profile.
void addPersistentPreferredActivity(ComponentName admin, IntentFilter filter, ComponentName activity)
Called by a profile owner or device owner to add a default intent handler activity for intents that match a certain intent filter.
void addUserRestriction(ComponentName admin, String key)
Called by a profile or device owner to set a user restriction specified by the key.
void clearCrossProfileIntentFilters(ComponentName admin)
Called by a profile owner of a managed profile to remove the cross-profile intent filters that go from the managed profile to the parent, or from the parent to the managed profile.
void clearDeviceOwnerApp(String packageName)
Clears the current device owner.
void clearPackagePersistentPreferredActivities(ComponentName admin, String packageName)
Called by a profile owner or device owner to remove all persistent intent handler preferences associated with the given package that were set by addPersistentPreferredActivity(ComponentName, IntentFilter, ComponentName).
void clearUserRestriction(ComponentName admin, String key)
Called by a profile or device owner to clear a user restriction specified by the key.
UserHandle createAndInitializeUser(ComponentName admin, String name, String ownerName, ComponentName profileOwnerComponent, Bundle adminExtras)
Called by a device owner to create a user with the specified name.
UserHandle createUser(ComponentName admin, String name)
Called by a device owner to create a user with the specified name.
void enableSystemApp(ComponentName admin, String packageName)
Called by profile or device owner to re-enable a system app that was disabled by default when the user was initialized.
int enableSystemApp(ComponentName admin, Intent intent)
Called by profile or device owner to re-enable system apps by intent that were disabled by default when the user was initialized.
String[] getAccountTypesWithManagementDisabled()
Gets the array of accounts for which account management is disabled by the profile owner.
List<ComponentName> getActiveAdmins()
Return a list of all currently active device administrator's component names.
Bundle getApplicationRestrictions(ComponentName admin, String packageName)
Called by a profile or device owner to get the application restrictions for a given target application running in the profile.
boolean getAutoTimeRequired()
boolean getCameraDisabled(ComponentName admin)
Determine whether or not the device's cameras have been disabled for this user, either by the current admin, if specified, or all admins.
boolean getCrossProfileCallerIdDisabled(ComponentName who)
Called by a profile owner of a managed profile to determine whether or not caller-Id information has been disabled.
List<String> getCrossProfileWidgetProviders(ComponentName admin)
Called by the profile owner of a managed profile to query providers from which packages are available in the parent profile.
int getCurrentFailedPasswordAttempts()
Retrieve the number of times the user has failed at entering a password since that last successful password entry.
List<byte[]> getInstalledCaCerts(ComponentName admin)
Returns all CA certificates that are currently trusted, excluding system CA certificates.
int getKeyguardDisabledFeatures(ComponentName admin)
Determine whether or not features have been disabled in keyguard either by the current admin, if specified, or all admins.
int getMaximumFailedPasswordsForWipe(ComponentName admin)
Retrieve the current maximum number of login attempts that are allowed before the device wipes itself, for all admins of this user and its profiles or a particular one.
long getMaximumTimeToLock(ComponentName admin)
Retrieve the current maximum time to unlock for all admins of this user and its profiles or a particular one.
long getPasswordExpiration(ComponentName admin)
Get the current password expiration time for the given admin or an aggregate of all admins of this user and its profiles if admin is null.
long getPasswordExpirationTimeout(ComponentName admin)
Get the password expiration timeout for the given admin.
int getPasswordHistoryLength(ComponentName admin)
Retrieve the current password history length for all admins of this user and its profiles or a particular one.
int getPasswordMaximumLength(int quality)
Return the maximum password length that the device supports for a particular password quality.
int getPasswordMinimumLength(ComponentName admin)
Retrieve the current minimum password length for all admins of this user and its profiles or a particular one.
int getPasswordMinimumLetters(ComponentName admin)
Retrieve the current number of letters required in the password for all admins or a particular one.
int getPasswordMinimumLowerCase(ComponentName admin)
Retrieve the current number of lower case letters required in the password for all admins of this user and its profiles or a particular one.
int getPasswordMinimumNonLetter(ComponentName admin)
Retrieve the current number of non-letter characters required in the password for all admins of this user and its profiles or a particular one.
int getPasswordMinimumNumeric(ComponentName admin)
Retrieve the current number of numerical digits required in the password for all admins of this user and its profiles or a particular one.
int getPasswordMinimumSymbols(ComponentName admin)
Retrieve the current number of symbols required in the password for all admins or a particular one.
int getPasswordMinimumUpperCase(ComponentName admin)
Retrieve the current number of upper case letters required in the password for all admins of this user and its profiles or a particular one.
int getPasswordQuality(ComponentName admin)
Retrieve the current minimum password quality for all admins of this user and its profiles or a particular one.
List<String> getPermittedAccessibilityServices(ComponentName admin)
Returns the list of permitted accessibility services set by this device or profile owner.
List<String> getPermittedInputMethods(ComponentName admin)
Returns the list of permitted input methods set by this device or profile owner.
boolean getScreenCaptureDisabled(ComponentName admin)
Determine whether or not screen capture has been disabled by the current admin, if specified, or all admins.
boolean getStorageEncryption(ComponentName admin)
Called by an application that is administering the device to determine the requested setting for secure storage.
int getStorageEncryptionStatus()
Called by an application that is administering the device to determine the current encryption status of the device.
List<PersistableBundle> getTrustAgentConfiguration(ComponentName admin, ComponentName agent)
Gets configuration for the given trust agent based on aggregating all calls to setTrustAgentConfiguration(ComponentName, ComponentName, PersistableBundle) for all device admins.
boolean hasCaCertInstalled(ComponentName admin, byte[] certBuffer)
Returns whether this certificate is installed as a trusted CA.
boolean hasGrantedPolicy(ComponentName admin, int usesPolicy)
Returns true if an administrator has been granted a particular device policy.
boolean installCaCert(ComponentName admin, byte[] certBuffer)
Installs the given certificate as a user CA.
boolean installKeyPair(ComponentName who, PrivateKey privKey, Certificate cert, String alias)
Called by a device or profile owner to install a certificate and private key pair.
boolean isActivePasswordSufficient()
Determine whether the current password the user has set is sufficient to meet the policy requirements (quality, minimum length) that have been requested by the admins of this user and its profiles.
boolean isAdminActive(ComponentName who)
Return true if the given administrator component is currently active (enabled) in the system.
boolean isApplicationHidden(ComponentName admin, String packageName)
Called by device or profile owner to determine if a package is hidden.
boolean isDeviceOwnerApp(String packageName)
Used to determine if a particular package has been registered as a Device Owner app.
boolean isLockTaskPermitted(String pkg)
This function lets the caller know whether the given component is allowed to start the lock task mode.
boolean isMasterVolumeMuted(ComponentName admin)
Called by profile or device owners to check whether the master volume mute is on or off.
boolean isProfileOwnerApp(String packageName)
Used to determine if a particular package is registered as the profile owner for the current user.
boolean isUninstallBlocked(ComponentName admin, String packageName)
Check whether the current user has been blocked by device policy from uninstalling a package.
void lockNow()
Make the device lock immediately, as if the lock screen timeout has expired at the point of this call.
void removeActiveAdmin(ComponentName who)
Remove a current administration component.
boolean removeCrossProfileWidgetProvider(ComponentName admin, String packageName)
Called by the profile owner of a managed profile to disable widget providers from a given package to be available in the parent profile.
boolean removeUser(ComponentName admin, UserHandle userHandle)
Called by a device owner to remove a user and all associated data.
boolean resetPassword(String password, int flags)
Force a new device unlock password (the password needed to access the entire device, not for individual accounts) on the user.
void setAccountManagementDisabled(ComponentName admin, String accountType, boolean disabled)
Called by a device owner or profile owner to disable account management for a specific type of account.
boolean setApplicationHidden(ComponentName admin, String packageName, boolean hidden)
Called by device or profile owner to hide or unhide packages.
void setApplicationRestrictions(ComponentName admin, String packageName, Bundle settings)
Called by a profile or device owner to set the application restrictions for a given target application running in the profile.
void setAutoTimeRequired(ComponentName admin, boolean required)
Called by a device owner to set whether auto time is required.
void setCameraDisabled(ComponentName admin, boolean disabled)
Called by an application that is administering the device to disable all cameras on the device, for this user.
void setCrossProfileCallerIdDisabled(ComponentName who, boolean disabled)
Called by a profile owner of a managed profile to set whether caller-Id information from the managed profile will be shown in the parent profile, for incoming calls.
void setGlobalSetting(ComponentName admin, String setting, String value)
Called by device owners to update Settings.Global settings.
void setKeyguardDisabledFeatures(ComponentName admin, int which)
Called by an application that is administering the device to disable keyguard customizations, such as widgets.
void setLockTaskPackages(ComponentName admin, String[] packages)
Sets which packages may enter lock task mode.
void setMasterVolumeMuted(ComponentName admin, boolean on)
Called by profile or device owners to set the master volume mute on or off.
void setMaximumFailedPasswordsForWipe(ComponentName admin, int num)
Setting this to a value greater than zero enables a built-in policy that will perform a device wipe after too many incorrect device-unlock passwords have been entered.
void setMaximumTimeToLock(ComponentName admin, long timeMs)
Called by an application that is administering the device to set the maximum time for user activity until the device will lock.
void setPasswordExpirationTimeout(ComponentName admin, long timeout)
Called by a device admin to set the password expiration timeout.
void setPasswordHistoryLength(ComponentName admin, int length)
Called by an application that is administering the device to set the length of the password history.
void setPasswordMinimumLength(ComponentName admin, int length)
Called by an application that is administering the device to set the minimum allowed password length.
void setPasswordMinimumLetters(ComponentName admin, int length)
Called by an application that is administering the device to set the minimum number of letters required in the password.
void setPasswordMinimumLowerCase(ComponentName admin, int length)
Called by an application that is administering the device to set the minimum number of lower case letters required in the password.
void setPasswordMinimumNonLetter(ComponentName admin, int length)
Called by an application that is administering the device to set the minimum number of non-letter characters (numerical digits or symbols) required in the password.
void setPasswordMinimumNumeric(ComponentName admin, int length)
Called by an application that is administering the device to set the minimum number of numerical digits required in the password.
void setPasswordMinimumSymbols(ComponentName admin, int length)
Called by an application that is administering the device to set the minimum number of symbols required in the password.
void setPasswordMinimumUpperCase(ComponentName admin, int length)
Called by an application that is administering the device to set the minimum number of upper case letters required in the password.
void setPasswordQuality(ComponentName admin, int quality)
Called by an application that is administering the device to set the password restrictions it is imposing.
boolean setPermittedAccessibilityServices(ComponentName admin, List<String> packageNames)
Called by a profile or device owner to set the permitted accessibility services.
boolean setPermittedInputMethods(ComponentName admin, List<String> packageNames)
Called by a profile or device owner to set the permitted input methods services.
void setProfileEnabled(ComponentName admin)
Sets the enabled state of the profile.
void setProfileName(ComponentName who, String profileName)
Sets the name of the profile.
void setRecommendedGlobalProxy(ComponentName admin, ProxyInfo proxyInfo)
Set a network-independent global HTTP proxy.
void setRestrictionsProvider(ComponentName admin, ComponentName provider)
Designates a specific service component as the provider for making permission requests of a local or remote administrator of the user.
void setScreenCaptureDisabled(ComponentName admin, boolean disabled)
Called by a device/profile owner to set whether the screen capture is disabled.
void setSecureSetting(ComponentName admin, String setting, String value)
Called by profile or device owners to update Settings.Secure settings.
int setStorageEncryption(ComponentName admin, boolean encrypt)
Called by an application that is administering the device to request that the storage system be encrypted.
void setTrustAgentConfiguration(ComponentName admin, ComponentName target, PersistableBundle configuration)
Sets a list of configuration features to enable for a TrustAgent component.
void setUninstallBlocked(ComponentName admin, String packageName, boolean uninstallBlocked)
Called by profile or device owners to change whether a user can uninstall a package.
boolean switchUser(ComponentName admin, UserHandle userHandle)
Called by a device owner to switch the specified user to the foreground.
void uninstallAllUserCaCerts(ComponentName admin)
Uninstalls all custom trusted CA certificates from the profile.
void uninstallCaCert(ComponentName admin, byte[] certBuffer)
Uninstalls the given certificate from trusted user CAs, if present.
void wipeData(int flags)
Ask the user data be wiped.
[Expand]
Inherited Methods
From class java.lang.Object

Constants

public static final String ACTION_ADD_DEVICE_ADMIN

Added in API level 8

Activity action: ask the user to add a new device administrator to the system. The desired policy is the ComponentName of the policy in the EXTRA_DEVICE_ADMIN extra field. This will invoke a UI to bring the user through adding the device administrator to the system (or allowing them to reject it).

You can optionally include the EXTRA_ADD_EXPLANATION field to provide the user with additional explanation (in addition to your component's description) about what is being added.

If your administrator is already active, this will ordinarily return immediately (without user intervention). However, if your administrator has been updated and is requesting additional uses-policy flags, the user will be presented with the new list. New policies will not be available to the updated administrator until the user has accepted the new list.

Constant Value: "android.app.action.ADD_DEVICE_ADMIN"

public static final String ACTION_PROVISION_MANAGED_PROFILE

Added in API level 21

Activity action: Starts the provisioning flow which sets up a managed profile.

A managed profile allows data separation for example for the usage of a device as a personal and corporate device. The user which provisioning is started from and the managed profile share a launcher.

This intent will typically be sent by a mobile device management application (mdm). Provisioning adds a managed profile and sets the mdm as the profile owner who has full control over the profile

This intent must contain the extra EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME.

When managed provisioning has completed, an intent of the type ACTION_PROFILE_PROVISIONING_COMPLETE is broadcasted to the managed profile.

If provisioning fails, the managedProfile is removed so the device returns to its previous state.

Input: Nothing.

Output: Nothing

Constant Value: "android.app.action.PROVISION_MANAGED_PROFILE"

public static final String ACTION_SET_NEW_PASSWORD

Added in API level 8

Activity action: have the user enter a new password. This activity should be launched after using setPasswordQuality(ComponentName, int), or setPasswordMinimumLength(ComponentName, int) to have the user enter a new password that meets the current requirements. You can use isActivePasswordSufficient() to determine whether you need to have the user select a new password in order to meet the current constraints. Upon being resumed from this activity, you can check the new password characteristics to see if they are sufficient.

Constant Value: "android.app.action.SET_NEW_PASSWORD"

public static final String ACTION_START_ENCRYPTION

Added in API level 11

Activity action: begin the process of encrypting data on the device. This activity should be launched after using setStorageEncryption(ComponentName, boolean) to request encryption be activated. After resuming from this activity, use getStorageEncryption(ComponentName) to check encryption status. However, on some devices this activity may never return, as it may trigger a reboot and in some cases a complete data wipe of the device.

Constant Value: "android.app.action.START_ENCRYPTION"

public static final int ENCRYPTION_STATUS_ACTIVATING

Added in API level 11

Result code for setStorageEncryption(ComponentName, boolean) and getStorageEncryptionStatus(): indicating that encryption is not currently active, but is currently being activated. This is only reported by devices that support encryption of data and only when the storage is currently undergoing a process of becoming encrypted. A device that must reboot and/or wipe data to become encrypted will never return this value.

Constant Value: 2 (0x00000002)

public static final int ENCRYPTION_STATUS_ACTIVE

Added in API level 11

Result code for setStorageEncryption(ComponentName, boolean) and getStorageEncryptionStatus(): indicating that encryption is active.

Constant Value: 3 (0x00000003)

public static final int ENCRYPTION_STATUS_INACTIVE

Added in API level 11

Result code for setStorageEncryption(ComponentName, boolean) and getStorageEncryptionStatus(): indicating that encryption is supported, but is not currently active.

Constant Value: 1 (0x00000001)

public static final int ENCRYPTION_STATUS_UNSUPPORTED

Added in API level 11

Result code for setStorageEncryption(ComponentName, boolean) and getStorageEncryptionStatus(): indicating that encryption is not supported.

Constant Value: 0 (0x00000000)

public static final String EXTRA_ADD_EXPLANATION

Added in API level 8

An optional CharSequence providing additional explanation for why the admin is being added.

Constant Value: "android.app.extra.ADD_EXPLANATION"

public static final String EXTRA_DEVICE_ADMIN

Added in API level 8

The ComponentName of the administrator component.

Constant Value: "android.app.extra.DEVICE_ADMIN"

public static final String EXTRA_PROVISIONING_ACCOUNT_TO_MIGRATE

An Account extra holding the account to migrate during managed profile provisioning. If the account supplied is present in the primary user, it will be copied, along with its credentials to the managed profile and removed from the primary user. Use with ACTION_PROVISION_MANAGED_PROFILE.

Constant Value: "android.app.extra.PROVISIONING_ACCOUNT_TO_MIGRATE"

public static final String EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE

Added in API level 21

A Parcelable extra of type PersistableBundle that allows a mobile device management application that starts managed profile provisioning to pass data to itself on the managed profile when provisioning completes. The mobile device management application sends this extra in an intent with the action ACTION_PROVISION_MANAGED_PROFILE and receives it in onProfileProvisioningComplete(Context, Intent) via an intent with the action ACTION_PROFILE_PROVISIONING_COMPLETE. The bundle is not changed during the managed profile provisioning.

Constant Value: "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE"

public static final String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM

Added in API level 21

A String extra holding the SHA-1 checksum of the file at download location specified in EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION. If this doesn't match the file at the download location an error will be shown to the user and the user will be asked to factory reset the device.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM"

public static final String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_COOKIE_HEADER

Added in API level 21

A String extra holding a http cookie header which should be used in the http request to the url specified in EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_COOKIE_HEADER"

public static final String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION

Added in API level 21

A String extra holding a url that specifies the download location of the device admin package. When not provided it is assumed that the device admin package is already installed.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION"

public static final String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME

Added in API level 21

A String extra holding the package name of the mobile device management application that will be set as the profile owner or device owner.

If an application starts provisioning directly via an intent with action ACTION_PROVISION_MANAGED_PROFILE this package has to match the package name of the application that started provisioning. The package will be set as profile owner in that case.

This package is set as device owner when device owner provisioning is started by an NFC message containing an NFC record with MIME type MIME_TYPE_PROVISIONING_NFC.

Constant Value: "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME"

public static final String EXTRA_PROVISIONING_EMAIL_ADDRESS

Added in API level 21

A String extra that, holds the email address of the account which a managed profile is created for. Used with ACTION_PROVISION_MANAGED_PROFILE and ACTION_PROFILE_PROVISIONING_COMPLETE.

This extra is part of the EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE.

If the ACTION_PROVISION_MANAGED_PROFILE intent that starts managed provisioning contains this extra, it is forwarded in the ACTION_PROFILE_PROVISIONING_COMPLETE intent to the mobile device management application that was set as the profile owner during provisioning. It is usually used to avoid that the user has to enter their email address twice.

Constant Value: "android.app.extra.PROVISIONING_EMAIL_ADDRESS"

public static final String EXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED

A Boolean extra that can be used by the mobile device management application to skip the disabling of system apps during provisioning when set to true.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED"

public static final String EXTRA_PROVISIONING_LOCALE

Added in API level 21

A String extra holding the Locale that the device will be set to. Format: xx_yy, where xx is the language code, and yy the country code.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_LOCALE"

public static final String EXTRA_PROVISIONING_LOCAL_TIME

Added in API level 21

A Long extra holding the wall clock time (in milliseconds) to be set on the device's AlarmManager.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_LOCAL_TIME"

public static final String EXTRA_PROVISIONING_TIME_ZONE

Added in API level 21

A String extra holding the time zone AlarmManager that the device will be set to.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_TIME_ZONE"

public static final String EXTRA_PROVISIONING_WIFI_HIDDEN

Added in API level 21

A boolean extra indicating whether the wifi network in EXTRA_PROVISIONING_WIFI_SSID is hidden or not.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_WIFI_HIDDEN"

public static final String EXTRA_PROVISIONING_WIFI_PAC_URL

Added in API level 21

A String extra holding the proxy auto-config (PAC) URL for the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_WIFI_PAC_URL"

public static final String EXTRA_PROVISIONING_WIFI_PASSWORD

Added in API level 21

A String extra holding the password of the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_WIFI_PASSWORD"

public static final String EXTRA_PROVISIONING_WIFI_PROXY_BYPASS

Added in API level 21

A String extra holding the proxy bypass for the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_WIFI_PROXY_BYPASS"

public static final String EXTRA_PROVISIONING_WIFI_PROXY_HOST

Added in API level 21

A String extra holding the proxy host for the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_WIFI_PROXY_HOST"

public static final String EXTRA_PROVISIONING_WIFI_PROXY_PORT

Added in API level 21

An int extra holding the proxy port for the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_WIFI_PROXY_PORT"

public static final String EXTRA_PROVISIONING_WIFI_SECURITY_TYPE

Added in API level 21

A String extra indicating the security type of the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_WIFI_SECURITY_TYPE"

public static final String EXTRA_PROVISIONING_WIFI_SSID

Added in API level 21

A String extra holding the ssid of the wifi network that should be used during nfc device owner provisioning for downloading the mobile device management application.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_WIFI_SSID"

public static final int FLAG_MANAGED_CAN_ACCESS_PARENT

Added in API level 21

Flag used by addCrossProfileIntentFilter(ComponentName, IntentFilter, int) to allow activities in the managed profile to access intents sent from the parent profile. That is, when an app in the parent profile calls startActivity(Intent), the intent can be resolved by a matching activity in the managed profile.

Constant Value: 2 (0x00000002)

public static final int FLAG_PARENT_CAN_ACCESS_MANAGED

Added in API level 21

Flag used by addCrossProfileIntentFilter(ComponentName, IntentFilter, int) to allow activities in the parent profile to access intents sent from the managed profile. That is, when an app in the managed profile calls startActivity(Intent), the intent can be resolved by a matching activity in the parent profile.

Constant Value: 1 (0x00000001)

public static final int KEYGUARD_DISABLE_FEATURES_ALL

Added in API level 17

Disable all current and future keyguard customizations.

Constant Value: 2147483647 (0x7fffffff)

public static final int KEYGUARD_DISABLE_FEATURES_NONE

Added in API level 17

Widgets are enabled in keyguard

Constant Value: 0 (0x00000000)

public static final int KEYGUARD_DISABLE_FINGERPRINT

Added in API level 21

Disable fingerprint sensor on keyguard secure screens (e.g. PIN/Pattern/Password).

Constant Value: 32 (0x00000020)

public static final int KEYGUARD_DISABLE_SECURE_CAMERA

Added in API level 17

Disable the camera on secure keyguard screens (e.g. PIN/Pattern/Password)

Constant Value: 2 (0x00000002)

public static final int KEYGUARD_DISABLE_SECURE_NOTIFICATIONS

Added in API level 21

Disable showing all notifications on secure keyguard screens (e.g. PIN/Pattern/Password)

Constant Value: 4 (0x00000004)

public static final int KEYGUARD_DISABLE_TRUST_AGENTS

Added in API level 21

Ignore trust agent state on secure keyguard screens (e.g. PIN/Pattern/Password).

Constant Value: 16 (0x00000010)

public static final int KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS

Added in API level 21

Only allow redacted notifications on secure keyguard screens (e.g. PIN/Pattern/Password)

Constant Value: 8 (0x00000008)

public static final int KEYGUARD_DISABLE_WIDGETS_ALL

Added in API level 17

Disable all keyguard widgets. Has no effect.

Constant Value: 1 (0x00000001)

public static final String MIME_TYPE_PROVISIONING_NFC

Added in API level 21

This MIME type is used for starting the Device Owner provisioning.

During device owner provisioning a device admin app is set as the owner of the device. A device owner has full control over the device. The device owner can not be modified by the user and the only way of resetting the device is if the device owner app calls a factory reset.

A typical use case would be a device that is owned by a company, but used by either an employee or client.

The NFC message should be send to an unprovisioned device.

The NFC record must contain a serialized Properties object which contains the following properties:

When device owner provisioning has completed, an intent of the type ACTION_PROFILE_PROVISIONING_COMPLETE is broadcasted to the device owner.

If provisioning fails, the device is factory reset.

Input: Nothing.

Output: Nothing

Constant Value: "application/com.android.managedprovisioning"

public static final int PASSWORD_QUALITY_ALPHABETIC

Added in API level 8

Constant for setPasswordQuality(ComponentName, int): the user must have entered a password containing at least alphabetic (or other symbol) characters. Note that quality constants are ordered so that higher values are more restrictive.

Constant Value: 262144 (0x00040000)

public static final int PASSWORD_QUALITY_ALPHANUMERIC

Added in API level 8

Constant for setPasswordQuality(ComponentName, int): the user must have entered a password containing at least both> numeric and alphabetic (or other symbol) characters. Note that quality constants are ordered so that higher values are more restrictive.

Constant Value: 327680 (0x00050000)

public static final int PASSWORD_QUALITY_BIOMETRIC_WEAK

Added in API level 14

Constant for setPasswordQuality(ComponentName, int): the policy allows for low-security biometric recognition technology. This implies technologies that can recognize the identity of an individual to about a 3 digit PIN (false detection is less than 1 in 1,000). Note that quality constants are ordered so that higher values are more restrictive.

Constant Value: 32768 (0x00008000)

public static final int PASSWORD_QUALITY_COMPLEX

Added in API level 11

Constant for setPasswordQuality(ComponentName, int): the user must have entered a password containing at least a letter, a numerical digit and a special symbol, by default. With this password quality, passwords can be restricted to contain various sets of characters, like at least an uppercase letter, etc. These are specified using various methods, like setPasswordMinimumLowerCase(ComponentName, int). Note that quality constants are ordered so that higher values are more restrictive.

Constant Value: 393216 (0x00060000)

public static final int PASSWORD_QUALITY_NUMERIC

Added in API level 8

Constant for setPasswordQuality(ComponentName, int): the user must have entered a password containing at least numeric characters. Note that quality constants are ordered so that higher values are more restrictive.

Constant Value: 131072 (0x00020000)

public static final int PASSWORD_QUALITY_NUMERIC_COMPLEX

Added in API level 21

Constant for setPasswordQuality(ComponentName, int): the user must have entered a password containing at least numeric characters with no repeating (4444) or ordered (1234, 4321, 2468) sequences. Note that quality constants are ordered so that higher values are more restrictive.

Constant Value: 196608 (0x00030000)

public static final int PASSWORD_QUALITY_SOMETHING

Added in API level 8

Constant for setPasswordQuality(ComponentName, int): the policy requires some kind of password, but doesn't care what it is. Note that quality constants are ordered so that higher values are more restrictive.

Constant Value: 65536 (0x00010000)

public static final int PASSWORD_QUALITY_UNSPECIFIED

Added in API level 8

Constant for setPasswordQuality(ComponentName, int): the policy has no requirements for the password. Note that quality constants are ordered so that higher values are more restrictive.

Constant Value: 0 (0x00000000)

public static final int RESET_PASSWORD_REQUIRE_ENTRY

Added in API level 8

Flag for resetPassword(String, int): don't allow other admins to change the password again until the user has entered it.

Constant Value: 1 (0x00000001)

public static final int WIPE_EXTERNAL_STORAGE

Added in API level 9

Flag for wipeData(int): also erase the device's external storage (such as SD cards).

Constant Value: 1 (0x00000001)

public static final int WIPE_RESET_PROTECTION_DATA

Flag for wipeData(int): also erase the factory reset protection data.

This flag may only be set by device owner admins; if it is set by other admins a SecurityException will be thrown.

Constant Value: 2 (0x00000002)

Public Methods

public void addCrossProfileIntentFilter (ComponentName admin, IntentFilter filter, int flags)

Added in API level 21

Called by the profile owner of a managed profile so that some intents sent in the managed profile can also be resolved in the parent, or vice versa. Only activity intents are supported.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
filter The IntentFilter the intent has to match to be also resolved in the other profile
flags FLAG_MANAGED_CAN_ACCESS_PARENT and FLAG_PARENT_CAN_ACCESS_MANAGED are supported.

public boolean addCrossProfileWidgetProvider (ComponentName admin, String packageName)

Added in API level 21

Called by the profile owner of a managed profile to enable widget providers from a given package to be available in the parent profile. As a result the user will be able to add widgets from the white-listed package running under the profile to a widget host which runs under the parent profile, for example the home screen. Note that a package may have zero or more provider components, where each component provides a different widget type.

Note: By default no widget provider package is white-listed.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
packageName The package from which widget providers are white-listed.
Returns
  • Whether the package was added.

public void addPersistentPreferredActivity (ComponentName admin, IntentFilter filter, ComponentName activity)

Added in API level 21

Called by a profile owner or device owner to add a default intent handler activity for intents that match a certain intent filter. This activity will remain the default intent handler even if the set of potential event handlers for the intent filter changes and if the intent preferences are reset.

The default disambiguation mechanism takes over if the activity is not installed (anymore). When the activity is (re)installed, it is automatically reset as default intent handler for the filter.

The calling device admin must be a profile owner or device owner. If it is not, a security exception will be thrown.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
filter The IntentFilter for which a default handler is added.
activity The Activity that is added as default intent handler.

public void addUserRestriction (ComponentName admin, String key)

Added in API level 21

Called by a profile or device owner to set a user restriction specified by the key.

The calling device admin must be a profile or device owner; if it is not, a security exception will be thrown.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
key The key of the restriction. See the constants in UserManager for the list of keys.

public void clearCrossProfileIntentFilters (ComponentName admin)

Added in API level 21

Called by a profile owner of a managed profile to remove the cross-profile intent filters that go from the managed profile to the parent, or from the parent to the managed profile. Only removes those that have been set by the profile owner.

Parameters
admin Which DeviceAdminReceiver this request is associated with.

public void clearDeviceOwnerApp (String packageName)

Added in API level 21

Clears the current device owner. The caller must be the device owner. This function should be used cautiously as once it is called it cannot be undone. The device owner can only be set as a part of device setup before setup completes.

Parameters
packageName The package name of the device owner.

public void clearPackagePersistentPreferredActivities (ComponentName admin, String packageName)

Added in API level 21

Called by a profile owner or device owner to remove all persistent intent handler preferences associated with the given package that were set by addPersistentPreferredActivity(ComponentName, IntentFilter, ComponentName).

The calling device admin must be a profile owner. If it is not, a security exception will be thrown.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
packageName The name of the package for which preferences are removed.

public void clearUserRestriction (ComponentName admin, String key)

Added in API level 21

Called by a profile or device owner to clear a user restriction specified by the key.

The calling device admin must be a profile or device owner; if it is not, a security exception will be thrown.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
key The key of the restriction. See the constants in UserManager for the list of keys.

public UserHandle createAndInitializeUser (ComponentName admin, String name, String ownerName, ComponentName profileOwnerComponent, Bundle adminExtras)

Added in API level 21

Called by a device owner to create a user with the specified name. The UserHandle returned by this method should not be persisted as user handles are recycled as users are removed and created. If you need to persist an identifier for this user, use getSerialNumberForUser(UserHandle). The new user will be started in the background immediately.

profileOwnerComponent is the DeviceAdminReceiver to be the profile owner as well as registered as an active admin on the new user. The profile owner package will be installed on the new user if it already is installed on the device.

If the optionalInitializeData is not null, then the extras will be passed to the profileOwnerComponent when onEnable is called.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
name the user's name
ownerName the human readable name of the organisation associated with this DPM.
profileOwnerComponent The DeviceAdminReceiver that will be an active admin on the user.
adminExtras Extras that will be passed to onEnable of the admin receiver on the new user.
Returns
  • the UserHandle object for the created user, or null if the user could not be created.
See Also

public UserHandle createUser (ComponentName admin, String name)

Added in API level 21

Called by a device owner to create a user with the specified name. The UserHandle returned by this method should not be persisted as user handles are recycled as users are removed and created. If you need to persist an identifier for this user, use getSerialNumberForUser(UserHandle).

Parameters
admin Which DeviceAdminReceiver this request is associated with.
name the user's name
Returns
  • the UserHandle object for the created user, or null if the user could not be created.
See Also

public void enableSystemApp (ComponentName admin, String packageName)

Added in API level 21

Called by profile or device owner to re-enable a system app that was disabled by default when the user was initialized.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
packageName The package to be re-enabled in the current profile.

public int enableSystemApp (ComponentName admin, Intent intent)

Added in API level 21

Called by profile or device owner to re-enable system apps by intent that were disabled by default when the user was initialized.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
intent An intent matching the app(s) to be installed. All apps that resolve for this intent will be re-enabled in the current profile.
Returns
  • int The number of activities that matched the intent and were installed.

public String[] getAccountTypesWithManagementDisabled ()

Added in API level 21

Gets the array of accounts for which account management is disabled by the profile owner.

Account management can be disabled/enabled by calling setAccountManagementDisabled(ComponentName, String, boolean).

Returns
  • a list of account types for which account management has been disabled.

public List<ComponentName> getActiveAdmins ()

Added in API level 8

Return a list of all currently active device administrator's component names. Note that if there are no administrators than null may be returned.

public Bundle getApplicationRestrictions (ComponentName admin, String packageName)

Added in API level 21

Called by a profile or device owner to get the application restrictions for a given target application running in the profile.

The calling device admin must be a profile or device owner; if it is not, a security exception will be thrown.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
packageName The name of the package to fetch restricted settings of.
Returns

public boolean getAutoTimeRequired ()

Added in API level 21

Returns
  • true if auto time is required.

public boolean getCameraDisabled (ComponentName admin)

Added in API level 14

Determine whether or not the device's cameras have been disabled for this user, either by the current admin, if specified, or all admins.

Parameters
admin The name of the admin component to check, or null to check if any admins have disabled the camera

public boolean getCrossProfileCallerIdDisabled (ComponentName who)

Added in API level 21

Called by a profile owner of a managed profile to determine whether or not caller-Id information has been disabled.

The calling device admin must be a profile owner. If it is not, a security exception will be thrown.

Parameters
who Which DeviceAdminReceiver this request is associated with.

public List<String> getCrossProfileWidgetProviders (ComponentName admin)

Added in API level 21

Called by the profile owner of a managed profile to query providers from which packages are available in the parent profile.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
Returns
  • The white-listed package list.

public int getCurrentFailedPasswordAttempts ()

Added in API level 8

Retrieve the number of times the user has failed at entering a password since that last successful password entry.

The calling device admin must have requested USES_POLICY_WATCH_LOGIN to be able to call this method; if it has not, a security exception will be thrown.

public List<byte[]> getInstalledCaCerts (ComponentName admin)

Added in API level 21

Returns all CA certificates that are currently trusted, excluding system CA certificates. If a user has installed any certificates by other means than device policy these will be included too.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
Returns
  • a List of byte[] arrays, each encoding one user CA certificate.

public int getKeyguardDisabledFeatures (ComponentName admin)

Added in API level 17

Determine whether or not features have been disabled in keyguard either by the current admin, if specified, or all admins.

Parameters
admin The name of the admin component to check, or null to check if any admins have disabled features in keyguard.
Returns

public int getMaximumFailedPasswordsForWipe (ComponentName admin)

Added in API level 8

Retrieve the current maximum number of login attempts that are allowed before the device wipes itself, for all admins of this user and its profiles or a particular one.

Parameters
admin The name of the admin component to check, or null to aggregate all admins.

public long getMaximumTimeToLock (ComponentName admin)

Added in API level 8

Retrieve the current maximum time to unlock for all admins of this user and its profiles or a particular one.

Parameters
admin The name of the admin component to check, or null to aggregate all admins.
Returns
  • time in milliseconds for the given admin or the minimum value (strictest) of all admins if admin is null. Returns 0 if there are no restrictions.

public long getPasswordExpiration (ComponentName admin)

Added in API level 11

Get the current password expiration time for the given admin or an aggregate of all admins of this user and its profiles if admin is null. If the password is expired, this will return the time since the password expired as a negative number. If admin is null, then a composite of all expiration timeouts is returned - which will be the minimum of all timeouts.

Parameters
admin The name of the admin component to check, or null to aggregate all admins.
Returns
  • The password expiration time, in ms.

public long getPasswordExpirationTimeout (ComponentName admin)

Added in API level 11

Get the password expiration timeout for the given admin. The expiration timeout is the recurring expiration timeout provided in the call to setPasswordExpirationTimeout(ComponentName, long) for the given admin or the aggregate of all policy administrators if admin is null.

Parameters
admin The name of the admin component to check, or null to aggregate all admins.
Returns
  • The timeout for the given admin or the minimum of all timeouts

public int getPasswordHistoryLength (ComponentName admin)

Added in API level 11

Retrieve the current password history length for all admins of this user and its profiles or a particular one.

Parameters
admin The name of the admin component to check, or null to aggregate all admins.
Returns
  • The length of the password history

public int getPasswordMaximumLength (int quality)

Added in API level 8

Return the maximum password length that the device supports for a particular password quality.

Parameters
quality The quality being interrogated.
Returns
  • Returns the maximum length that the user can enter.

public int getPasswordMinimumLength (ComponentName admin)

Added in API level 8

Retrieve the current minimum password length for all admins of this user and its profiles or a particular one.

Parameters
admin The name of the admin component to check, or null to aggregate all admins.

public int getPasswordMinimumLetters (ComponentName admin)

Added in API level 11

Retrieve the current number of letters required in the password for all admins or a particular one. This is the same value as set by {#link setPasswordMinimumLetters(ComponentName, int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX.

Parameters
admin The name of the admin component to check, or null to aggregate all admins.
Returns
  • The minimum number of letters required in the password.

public int getPasswordMinimumLowerCase (ComponentName admin)

Added in API level 11

Retrieve the current number of lower case letters required in the password for all admins of this user and its profiles or a particular one. This is the same value as set by {#link setPasswordMinimumLowerCase(ComponentName, int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX.

Parameters
admin The name of the admin component to check, or null to aggregate all admins.
Returns
  • The minimum number of lower case letters required in the password.

public int getPasswordMinimumNonLetter (ComponentName admin)

Added in API level 11

Retrieve the current number of non-letter characters required in the password for all admins of this user and its profiles or a particular one. This is the same value as set by {#link setPasswordMinimumNonLetter(ComponentName, int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX.

Parameters
admin The name of the admin component to check, or null to aggregate all admins.
Returns
  • The minimum number of letters required in the password.

public int getPasswordMinimumNumeric (ComponentName admin)

Added in API level 11

Retrieve the current number of numerical digits required in the password for all admins of this user and its profiles or a particular one. This is the same value as set by {#link setPasswordMinimumNumeric(ComponentName, int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX.

Parameters
admin The name of the admin component to check, or null to aggregate all admins.
Returns
  • The minimum number of numerical digits required in the password.

public int getPasswordMinimumSymbols (ComponentName admin)

Added in API level 11

Retrieve the current number of symbols required in the password for all admins or a particular one. This is the same value as set by {#link setPasswordMinimumSymbols(ComponentName, int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX.

Parameters
admin The name of the admin component to check, or null to aggregate all admins.
Returns
  • The minimum number of symbols required in the password.

public int getPasswordMinimumUpperCase (ComponentName admin)

Added in API level 11

Retrieve the current number of upper case letters required in the password for all admins of this user and its profiles or a particular one. This is the same value as set by {#link setPasswordMinimumUpperCase(ComponentName, int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX.

Parameters
admin The name of the admin component to check, or null to aggregate all admins.
Returns
  • The minimum number of upper case letters required in the password.

public int getPasswordQuality (ComponentName admin)

Added in API level 8

Retrieve the current minimum password quality for all admins of this user and its profiles or a particular one.

Parameters
admin The name of the admin component to check, or null to aggregate all admins.

public List<String> getPermittedAccessibilityServices (ComponentName admin)

Added in API level 21

Returns the list of permitted accessibility services set by this device or profile owner.

An empty list means no accessibility services except system services are allowed. Null means all accessibility services are allowed.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
Returns
  • List of accessiblity service package names.

public List<String> getPermittedInputMethods (ComponentName admin)

Added in API level 21

Returns the list of permitted input methods set by this device or profile owner.

An empty list means no input methods except system input methods are allowed. Null means all input methods are allowed.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
Returns
  • List of input method package names.

public boolean getScreenCaptureDisabled (ComponentName admin)

Added in API level 21

Determine whether or not screen capture has been disabled by the current admin, if specified, or all admins.

Parameters
admin The name of the admin component to check, or null to check if any admins have disabled screen capture.

public boolean getStorageEncryption (ComponentName admin)

Added in API level 11

Called by an application that is administering the device to determine the requested setting for secure storage.

Parameters
admin Which DeviceAdminReceiver this request is associated with. If null, this will return the requested encryption setting as an aggregate of all active administrators.
Returns
  • true if the admin(s) are requesting encryption, false if not.

public int getStorageEncryptionStatus ()

Added in API level 11

Called by an application that is administering the device to determine the current encryption status of the device. Depending on the returned status code, the caller may proceed in different ways. If the result is ENCRYPTION_STATUS_UNSUPPORTED, the storage system does not support encryption. If the result is ENCRYPTION_STATUS_INACTIVE, use ACTION_START_ENCRYPTION to begin the process of encrypting or decrypting the storage. If the result is ENCRYPTION_STATUS_ACTIVATING or ENCRYPTION_STATUS_ACTIVE, no further action is required.

Returns

public List<PersistableBundle> getTrustAgentConfiguration (ComponentName admin, ComponentName agent)

Gets configuration for the given trust agent based on aggregating all calls to setTrustAgentConfiguration(ComponentName, ComponentName, PersistableBundle) for all device admins.

Parameters
admin Which DeviceAdminReceiver this request is associated with. If null, this function returns a list of configurations for all admins that declare KEYGUARD_DISABLE_TRUST_AGENTS. If any admin declares KEYGUARD_DISABLE_TRUST_AGENTS but doesn't call setTrustAgentConfiguration(ComponentName, ComponentName, PersistableBundle) for this or calls it with a null configuration, null is returned.
agent Which component to get enabled features for.
Returns
  • configuration for the given trust agent.

public boolean hasCaCertInstalled (ComponentName admin, byte[] certBuffer)

Added in API level 21

Returns whether this certificate is installed as a trusted CA.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
certBuffer encoded form of the certificate to look up.

public boolean hasGrantedPolicy (ComponentName admin, int usesPolicy)

Added in API level 11

Returns true if an administrator has been granted a particular device policy. This can be used to check if the administrator was activated under an earlier set of policies, but requires additional policies after an upgrade.

Parameters
admin Which DeviceAdminReceiver this request is associated with. Must be an active administrator, or an exception will be thrown.
usesPolicy Which uses-policy to check, as defined in DeviceAdminInfo.

public boolean installCaCert (ComponentName admin, byte[] certBuffer)

Added in API level 21

Installs the given certificate as a user CA.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
certBuffer encoded form of the certificate to install.
Returns
  • false if the certBuffer cannot be parsed or installation is interrupted, true otherwise.

public boolean installKeyPair (ComponentName who, PrivateKey privKey, Certificate cert, String alias)

Added in API level 21

Called by a device or profile owner to install a certificate and private key pair. The keypair will be visible to all apps within the profile.

Parameters
who Which DeviceAdminReceiver this request is associated with.
privKey The private key to install.
cert The certificate to install.
alias The private key alias under which to install the certificate. If a certificate with that alias already exists, it will be overwritten.
Returns
  • true if the keys were installed, false otherwise.

public boolean isActivePasswordSufficient ()

Added in API level 8

Determine whether the current password the user has set is sufficient to meet the policy requirements (quality, minimum length) that have been requested by the admins of this user and its profiles.

The calling device admin must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

Returns
  • Returns true if the password meets the current requirements, else false.

public boolean isAdminActive (ComponentName who)

Added in API level 8

Return true if the given administrator component is currently active (enabled) in the system.

public boolean isApplicationHidden (ComponentName admin, String packageName)

Added in API level 21

Called by device or profile owner to determine if a package is hidden.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
packageName The name of the package to retrieve the hidden status of.
Returns
  • boolean true if the package is hidden, false otherwise.

public boolean isDeviceOwnerApp (String packageName)

Added in API level 18

Used to determine if a particular package has been registered as a Device Owner app. A device owner app is a special device admin that cannot be deactivated by the user, once activated as a device admin. It also cannot be uninstalled. To check if a particular package is currently registered as the device owner app, pass in the package name from getPackageName() to this method.

This is useful for device admin apps that want to check if they are also registered as the device owner app. The exact mechanism by which a device admin app is registered as a device owner app is defined by the setup process.

Parameters
packageName the package name of the app, to compare with the registered device owner app, if any.
Returns
  • whether or not the package is registered as the device owner app.

public boolean isLockTaskPermitted (String pkg)

Added in API level 21

This function lets the caller know whether the given component is allowed to start the lock task mode.

Parameters
pkg The package to check

public boolean isMasterVolumeMuted (ComponentName admin)

Added in API level 21

Called by profile or device owners to check whether the master volume mute is on or off.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
Returns
  • true if master volume is muted, false if it's not.

public boolean isProfileOwnerApp (String packageName)

Added in API level 21

Used to determine if a particular package is registered as the profile owner for the current user. A profile owner is a special device admin that has additional privileges within the profile.

Parameters
packageName The package name of the app to compare with the registered profile owner.
Returns
  • Whether or not the package is registered as the profile owner.

public boolean isUninstallBlocked (ComponentName admin, String packageName)

Added in API level 21

Check whether the current user has been blocked by device policy from uninstalling a package. Requires the caller to be the profile owner if checking a specific admin's policy.

Parameters
admin The name of the admin component whose blocking policy will be checked, or null to check if any admin has blocked the uninstallation.
packageName package to check.
Returns
  • true if uninstallation is blocked.

public void lockNow ()

Added in API level 8

Make the device lock immediately, as if the lock screen timeout has expired at the point of this call.

The calling device admin must have requested USES_POLICY_FORCE_LOCK to be able to call this method; if it has not, a security exception will be thrown.

public void removeActiveAdmin (ComponentName who)

Added in API level 8

Remove a current administration component. This can only be called by the application that owns the administration component; if you try to remove someone else's component, a security exception will be thrown.

public boolean removeCrossProfileWidgetProvider (ComponentName admin, String packageName)

Added in API level 21

Called by the profile owner of a managed profile to disable widget providers from a given package to be available in the parent profile. For this method to take effect the package should have been added via addCrossProfileWidgetProvider(android.content.ComponentName, String).

Note: By default no widget provider package is white-listed.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
packageName The package from which widget providers are no longer white-listed.
Returns
  • Whether the package was removed.

public boolean removeUser (ComponentName admin, UserHandle userHandle)

Added in API level 21

Called by a device owner to remove a user and all associated data. The primary user can not be removed.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
userHandle the user to remove.
Returns
  • true if the user was removed, false otherwise.

public boolean resetPassword (String password, int flags)

Added in API level 8

Force a new device unlock password (the password needed to access the entire device, not for individual accounts) on the user. This takes effect immediately. The given password must be sufficient for the current password quality and length constraints as returned by getPasswordQuality(ComponentName) and getPasswordMinimumLength(ComponentName); if it does not meet these constraints, then it will be rejected and false returned. Note that the password may be a stronger quality (containing alphanumeric characters when the requested quality is only numeric), in which case the currently active quality will be increased to match.

Calling with a null or empty password will clear any existing PIN, pattern or password if the current password constraints allow it.

The calling device admin must have requested USES_POLICY_RESET_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

Calling this from a managed profile will throw a security exception.

Parameters
password The new password for the user. Null or empty clears the password.
flags May be 0 or RESET_PASSWORD_REQUIRE_ENTRY.
Returns
  • Returns true if the password was applied, or false if it is not acceptable for the current constraints.

public void setAccountManagementDisabled (ComponentName admin, String accountType, boolean disabled)

Added in API level 21

Called by a device owner or profile owner to disable account management for a specific type of account.

The calling device admin must be a device owner or profile owner. If it is not, a security exception will be thrown.

When account management is disabled for an account type, adding or removing an account of that type will not be possible.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
accountType For which account management is disabled or enabled.
disabled The boolean indicating that account management will be disabled (true) or enabled (false).

public boolean setApplicationHidden (ComponentName admin, String packageName, boolean hidden)

Added in API level 21

Called by device or profile owner to hide or unhide packages. When a package is hidden it is unavailable for use, but the data and actual package file remain.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
packageName The name of the package to hide or unhide.
hidden true if the package should be hidden, false if it should be unhidden.
Returns
  • boolean Whether the hidden setting of the package was successfully updated.

public void setApplicationRestrictions (ComponentName admin, String packageName, Bundle settings)

Added in API level 21

Called by a profile or device owner to set the application restrictions for a given target application running in the profile.

The provided Bundle consists of key-value pairs, where the types of values may be boolean, int, String, or String[].

The application restrictions are only made visible to the target application and the profile or device owner.

If the restrictions are not available yet, but may be applied in the near future, the admin can notify the target application of that by adding KEY_RESTRICTIONS_PENDING to the settings parameter.

The calling device admin must be a profile or device owner; if it is not, a security exception will be thrown.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
packageName The name of the package to update restricted settings for.
settings A Bundle to be parsed by the receiving application, conveying a new set of active restrictions.

public void setAutoTimeRequired (ComponentName admin, boolean required)

Added in API level 21

Called by a device owner to set whether auto time is required. If auto time is required the user cannot set the date and time, but has to use network date and time.

Note: if auto time is required the user can still manually set the time zone.

The calling device admin must be a device owner. If it is not, a security exception will be thrown.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
required Whether auto time is set required or not.

public void setCameraDisabled (ComponentName admin, boolean disabled)

Added in API level 14

Called by an application that is administering the device to disable all cameras on the device, for this user. After setting this, no applications running as this user will be able to access any cameras on the device.

The calling device admin must have requested USES_POLICY_DISABLE_CAMERA to be able to call this method; if it has not, a security exception will be thrown.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
disabled Whether or not the camera should be disabled.

public void setCrossProfileCallerIdDisabled (ComponentName who, boolean disabled)

Added in API level 21

Called by a profile owner of a managed profile to set whether caller-Id information from the managed profile will be shown in the parent profile, for incoming calls.

The calling device admin must be a profile owner. If it is not, a security exception will be thrown.

Parameters
who Which DeviceAdminReceiver this request is associated with.
disabled If true caller-Id information in the managed profile is not displayed.

public void setGlobalSetting (ComponentName admin, String setting, String value)

Added in API level 21

Called by device owners to update Settings.Global settings. Validation that the value of the setting is in the correct form for the setting type should be performed by the caller.

The settings that can be updated with this method are:

Parameters
admin Which DeviceAdminReceiver this request is associated with.
setting The name of the setting to update.
value The value to update the setting to.

public void setKeyguardDisabledFeatures (ComponentName admin, int which)

Added in API level 17

Called by an application that is administering the device to disable keyguard customizations, such as widgets. After setting this, keyguard features will be disabled according to the provided feature list.

The calling device admin must have requested USES_POLICY_DISABLE_KEYGUARD_FEATURES to be able to call this method; if it has not, a security exception will be thrown.

Calling this from a managed profile will throw a security exception.

public void setLockTaskPackages (ComponentName admin, String[] packages)

Added in API level 21

Sets which packages may enter lock task mode.

Any packages that shares uid with an allowed package will also be allowed to activate lock task. This function can only be called by the device owner.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
packages The list of packages allowed to enter lock task mode

public void setMasterVolumeMuted (ComponentName admin, boolean on)

Added in API level 21

Called by profile or device owners to set the master volume mute on or off.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
on true to mute master volume, false to turn mute off.

public void setMaximumFailedPasswordsForWipe (ComponentName admin, int num)

Added in API level 8

Setting this to a value greater than zero enables a built-in policy that will perform a device wipe after too many incorrect device-unlock passwords have been entered. This built-in policy combines watching for failed passwords and wiping the device, and requires that you request both USES_POLICY_WATCH_LOGIN and USES_POLICY_WIPE_DATA}.

To implement any other policy (e.g. wiping data for a particular application only, erasing or revoking credentials, or reporting the failure to a server), you should implement onPasswordFailed(Context, android.content.Intent) instead. Do not use this API, because if the maximum count is reached, the device will be wiped immediately, and your callback will not be invoked.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
num The number of failed password attempts at which point the device will wipe its data.

public void setMaximumTimeToLock (ComponentName admin, long timeMs)

Added in API level 8

Called by an application that is administering the device to set the maximum time for user activity until the device will lock. This limits the length that the user can set. It takes effect immediately.

The calling device admin must have requested USES_POLICY_FORCE_LOCK to be able to call this method; if it has not, a security exception will be thrown.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
timeMs The new desired maximum time to lock in milliseconds. A value of 0 means there is no restriction.

public void setPasswordExpirationTimeout (ComponentName admin, long timeout)

Added in API level 11

Called by a device admin to set the password expiration timeout. Calling this method will restart the countdown for password expiration for the given admin, as will changing the device password (for all admins).

The provided timeout is the time delta in ms and will be added to the current time. For example, to have the password expire 5 days from now, timeout would be 5 * 86400 * 1000 = 432000000 ms for timeout.

To disable password expiration, a value of 0 may be used for timeout.

The calling device admin must have requested USES_POLICY_EXPIRE_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

Note that setting the password will automatically reset the expiration time for all active admins. Active admins do not need to explicitly call this method in that case.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
timeout The limit (in ms) that a password can remain in effect. A value of 0 means there is no restriction (unlimited).

public void setPasswordHistoryLength (ComponentName admin, int length)

Added in API level 11

Called by an application that is administering the device to set the length of the password history. After setting this, the user will not be able to enter a new password that is the same as any password in the history. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD after setting this value. This constraint is only imposed if the administrator has also requested either PASSWORD_QUALITY_NUMERIC, PASSWORD_QUALITY_NUMERIC_COMPLEX PASSWORD_QUALITY_ALPHABETIC, or PASSWORD_QUALITY_ALPHANUMERIC with setPasswordQuality(ComponentName, int).

The calling device admin must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
length The new desired length of password history. A value of 0 means there is no restriction.

public void setPasswordMinimumLength (ComponentName admin, int length)

Added in API level 8

Called by an application that is administering the device to set the minimum allowed password length. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD after setting this value. This constraint is only imposed if the administrator has also requested either PASSWORD_QUALITY_NUMERIC, PASSWORD_QUALITY_NUMERIC_COMPLEX, PASSWORD_QUALITY_ALPHABETIC, PASSWORD_QUALITY_ALPHANUMERIC, or PASSWORD_QUALITY_COMPLEX with setPasswordQuality(ComponentName, int).

The calling device admin must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
length The new desired minimum password length. A value of 0 means there is no restriction.

public void setPasswordMinimumLetters (ComponentName admin, int length)

Added in API level 11

Called by an application that is administering the device to set the minimum number of letters required in the password. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD after setting this value. This constraint is only imposed if the administrator has also requested PASSWORD_QUALITY_COMPLEX with setPasswordQuality(ComponentName, int). The default value is 1.

The calling device admin must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
length The new desired minimum number of letters required in the password. A value of 0 means there is no restriction.

public void setPasswordMinimumLowerCase (ComponentName admin, int length)

Added in API level 11

Called by an application that is administering the device to set the minimum number of lower case letters required in the password. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD after setting this value. This constraint is only imposed if the administrator has also requested PASSWORD_QUALITY_COMPLEX with setPasswordQuality(ComponentName, int). The default value is 0.

The calling device admin must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
length The new desired minimum number of lower case letters required in the password. A value of 0 means there is no restriction.

public void setPasswordMinimumNonLetter (ComponentName admin, int length)

Added in API level 11

Called by an application that is administering the device to set the minimum number of non-letter characters (numerical digits or symbols) required in the password. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD after setting this value. This constraint is only imposed if the administrator has also requested PASSWORD_QUALITY_COMPLEX with setPasswordQuality(ComponentName, int). The default value is 0.

The calling device admin must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
length The new desired minimum number of letters required in the password. A value of 0 means there is no restriction.

public void setPasswordMinimumNumeric (ComponentName admin, int length)

Added in API level 11

Called by an application that is administering the device to set the minimum number of numerical digits required in the password. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD after setting this value. This constraint is only imposed if the administrator has also requested PASSWORD_QUALITY_COMPLEX with setPasswordQuality(ComponentName, int). The default value is 1.

The calling device admin must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
length The new desired minimum number of numerical digits required in the password. A value of 0 means there is no restriction.

public void setPasswordMinimumSymbols (ComponentName admin, int length)

Added in API level 11

Called by an application that is administering the device to set the minimum number of symbols required in the password. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD after setting this value. This constraint is only imposed if the administrator has also requested PASSWORD_QUALITY_COMPLEX with setPasswordQuality(ComponentName, int). The default value is 1.

The calling device admin must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
length The new desired minimum number of symbols required in the password. A value of 0 means there is no restriction.

public void setPasswordMinimumUpperCase (ComponentName admin, int length)

Added in API level 11

Called by an application that is administering the device to set the minimum number of upper case letters required in the password. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD after setting this value. This constraint is only imposed if the administrator has also requested PASSWORD_QUALITY_COMPLEX with setPasswordQuality(ComponentName, int). The default value is 0.

The calling device admin must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
length The new desired minimum number of upper case letters required in the password. A value of 0 means there is no restriction.

public void setPasswordQuality (ComponentName admin, int quality)

Added in API level 8

Called by an application that is administering the device to set the password restrictions it is imposing. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD after setting this value.

Quality constants are ordered so that higher values are more restrictive; thus the highest requested quality constant (between the policy set here, the user's preference, and any other considerations) is the one that is in effect.

The calling device admin must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

public boolean setPermittedAccessibilityServices (ComponentName admin, List<String> packageNames)

Added in API level 21

Called by a profile or device owner to set the permitted accessibility services. When set by a device owner or profile owner the restriction applies to all profiles of the user the device owner or profile owner is an admin for. By default the user can use any accessiblity service. When zero or more packages have been added, accessiblity services that are not in the list and not part of the system can not be enabled by the user.

Calling with a null value for the list disables the restriction so that all services can be used, calling with an empty list only allows the builtin system's services.

System accesibility services are always available to the user the list can't modify this.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
packageNames List of accessibility service package names.
Returns
  • true if setting the restriction succeeded. It fail if there is one or more non-system accessibility services enabled, that are not in the list.

public boolean setPermittedInputMethods (ComponentName admin, List<String> packageNames)

Added in API level 21

Called by a profile or device owner to set the permitted input methods services. When set by a device owner or profile owner the restriction applies to all profiles of the user the device owner or profile owner is an admin for. By default the user can use any input method. When zero or more packages have been added, input method that are not in the list and not part of the system can not be enabled by the user. This method will fail if it is called for a admin that is not for the foreground user or a profile of the foreground user.

Calling with a null value for the list disables the restriction so that all input methods can be used, calling with an empty list disables all but the system's own input methods.

System input methods are always available to the user this method can't modify this.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
packageNames List of input method package names.
Returns
  • true if setting the restriction succeeded. It will fail if there are one or more non-system input methods currently enabled that are not in the packageNames list.

public void setProfileEnabled (ComponentName admin)

Added in API level 21

Sets the enabled state of the profile. A profile should be enabled only once it is ready to be used. Only the profile owner can call this.

Parameters
admin Which DeviceAdminReceiver this request is associated with.

public void setProfileName (ComponentName who, String profileName)

Added in API level 21

Sets the name of the profile. In the device owner case it sets the name of the user which it is called from. Only a profile owner or device owner can call this. If this is never called by the profile or device owner, the name will be set to default values.

Parameters
profileName The name of the profile.

public void setRecommendedGlobalProxy (ComponentName admin, ProxyInfo proxyInfo)

Added in API level 21

Set a network-independent global HTTP proxy. This is not normally what you want for typical HTTP proxies - they are generally network dependent. However if you're doing something unusual like general internal filtering this may be useful. On a private network where the proxy is not accessible, you may break HTTP using this.

This method requires the caller to be the device owner.

This proxy is only a recommendation and it is possible that some apps will ignore it.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
proxyInfo The a ProxyInfo object defining the new global HTTP proxy. A null value will clear the global HTTP proxy.
See Also

public void setRestrictionsProvider (ComponentName admin, ComponentName provider)

Added in API level 21

Designates a specific service component as the provider for making permission requests of a local or remote administrator of the user.

Only a profile owner can designate the restrictions provider.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
provider The component name of the service that implements RestrictionsReceiver. If this param is null, it removes the restrictions provider previously assigned.

public void setScreenCaptureDisabled (ComponentName admin, boolean disabled)

Added in API level 21

Called by a device/profile owner to set whether the screen capture is disabled. Disabling screen capture also prevents the content from being shown on display devices that do not have a secure video output. See FLAG_SECURE for more details about secure surfaces and secure displays.

The calling device admin must be a device or profile owner. If it is not, a security exception will be thrown.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
disabled Whether screen capture is disabled or not.

public void setSecureSetting (ComponentName admin, String setting, String value)

Added in API level 21

Called by profile or device owners to update Settings.Secure settings. Validation that the value of the setting is in the correct form for the setting type should be performed by the caller.

The settings that can be updated by a profile or device owner with this method are:

A device owner can additionally update the following settings:

Parameters
admin Which DeviceAdminReceiver this request is associated with.
setting The name of the setting to update.
value The value to update the setting to.

public int setStorageEncryption (ComponentName admin, boolean encrypt)

Added in API level 11

Called by an application that is administering the device to request that the storage system be encrypted.

When multiple device administrators attempt to control device encryption, the most secure, supported setting will always be used. If any device administrator requests device encryption, it will be enabled; Conversely, if a device administrator attempts to disable device encryption while another device administrator has enabled it, the call to disable will fail (most commonly returning ENCRYPTION_STATUS_ACTIVE).

This policy controls encryption of the secure (application data) storage area. Data written to other storage areas may or may not be encrypted, and this policy does not require or control the encryption of any other storage areas. There is one exception: If isExternalStorageEmulated() is true, then the directory returned by getExternalStorageDirectory() must be written to disk within the encrypted storage area.

Important Note: On some devices, it is possible to encrypt storage without requiring the user to create a device PIN or Password. In this case, the storage is encrypted, but the encryption key may not be fully secured. For maximum security, the administrator should also require (and check for) a pattern, PIN, or password.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
encrypt true to request encryption, false to release any previous request
Returns

public void setTrustAgentConfiguration (ComponentName admin, ComponentName target, PersistableBundle configuration)

Sets a list of configuration features to enable for a TrustAgent component. This is meant to be used in conjunction with KEYGUARD_DISABLE_TRUST_AGENTS, which disables all trust agents but those enabled by this function call. If flag KEYGUARD_DISABLE_TRUST_AGENTS is not set, then this call has no effect.

The calling device admin must have requested USES_POLICY_DISABLE_KEYGUARD_FEATURES to be able to call this method; if not, a security exception will be thrown.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
target Component name of the agent to be enabled.
configuration TrustAgent-specific feature bundle. If null for any admin, agent will be strictly disabled according to the state of the KEYGUARD_DISABLE_TRUST_AGENTS flag.

If KEYGUARD_DISABLE_TRUST_AGENTS is set and options is not null for all admins, then it's up to the TrustAgent itself to aggregate the values from all device admins.

Consult documentation for the specific TrustAgent to determine legal options parameters.

public void setUninstallBlocked (ComponentName admin, String packageName, boolean uninstallBlocked)

Added in API level 21

Called by profile or device owners to change whether a user can uninstall a package.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
packageName package to change.
uninstallBlocked true if the user shouldn't be able to uninstall the package.

public boolean switchUser (ComponentName admin, UserHandle userHandle)

Added in API level 21

Called by a device owner to switch the specified user to the foreground.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
userHandle the user to switch to; null will switch to primary.
Returns
  • true if the switch was successful, false otherwise.

public void uninstallAllUserCaCerts (ComponentName admin)

Added in API level 21

Uninstalls all custom trusted CA certificates from the profile. Certificates installed by means other than device policy will also be removed, except for system CA certificates.

Parameters
admin Which DeviceAdminReceiver this request is associated with.

public void uninstallCaCert (ComponentName admin, byte[] certBuffer)

Added in API level 21

Uninstalls the given certificate from trusted user CAs, if present.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
certBuffer encoded form of the certificate to remove.

public void wipeData (int flags)

Added in API level 8

Ask the user data be wiped. This will cause the device to reboot, erasing all user data while next booting up.

The calling device admin must have requested USES_POLICY_WIPE_DATA to be able to call this method; if it has not, a security exception will be thrown.

Parameters
flags Bit mask of additional options: currently supported flags are WIPE_EXTERNAL_STORAGE and WIPE_RESET_PROTECTION_DATA.