/**@class android.app.admin.DevicePolicyManager @extends java.lang.Object Public interface for managing policies enforced on a device. Most clients of this class must be registered with the system as a <a href="{@docRoot}guide/topics/admin/device-admin.html">device administrator</a>. Additionally, a device administrator may be registered as either a profile or device owner. A given method is accessible to all device administrators unless the documentation for that method specifies that it is restricted to either device or profile owners. Any application calling an api may only pass as an argument a device administrator component it owns. Otherwise, a {@link SecurityException} will be thrown. <div class="special reference"> <h3>Developer Guides</h3> <p> For more information about managing policies for device administration, read the <a href= "{@docRoot}guide/topics/admin/device-admin.html">Device Administration</a> developer guide. </div> */ var DevicePolicyManager = { /** Activity action: Starts the provisioning flow which sets up a managed profile. <p>A managed profile allows data separation for example for the usage of a device as a personal and corporate device. The user which provisioning is started from and the managed profile share a launcher. <p>This intent will typically be sent by a mobile device management application (MDM). Provisioning adds a managed profile and sets the MDM as the profile owner who has full control over the profile. <p>It is possible to check if provisioning is allowed or not by querying the method {@link #isProvisioningAllowed}(String). <p>In version {@link android.os.Build.VERSION_CODES#LOLLIPOP}, this intent must contain the extra {@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME}. As of {@link android.os.Build.VERSION_CODES#M}, it should contain the extra {@link #EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME} instead, although specifying only {@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME} is still supported. <p>The intent may also contain the following extras: <ul> <li>{@link #EXTRA_PROVISIONING_ACCOUNT_TO_MIGRATE}, optional </li> <li>{@link #EXTRA_PROVISIONING_SKIP_ENCRYPTION}, optional, supported from {@link android.os.Build.VERSION_CODES#N}</li> <li>{@link #EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE}, optional</li> <li>{@link #EXTRA_PROVISIONING_LOGO_URI}, optional</li> <li>{@link #EXTRA_PROVISIONING_MAIN_COLOR}, optional</li> <li>{@link #EXTRA_PROVISIONING_SKIP_USER_CONSENT}, optional</li> <li>{@link #EXTRA_PROVISIONING_KEEP_ACCOUNT_ON_MIGRATION}, optional</li> <li>{@link #EXTRA_PROVISIONING_DISCLAIMERS}, optional</li> </ul> <p>When managed provisioning has completed, broadcasts are sent to the application specified in the provisioning intent. The {@link android.app.admin.DeviceAdminReceiver#ACTION_PROFILE_PROVISIONING_COMPLETE} broadcast is sent in the managed profile and the {@link #ACTION_MANAGED_PROFILE_PROVISIONED} broadcast is sent in the primary profile. <p>From version {@link android.os.Build.VERSION_CODES#O}, when managed provisioning has completed, along with the above broadcast, activity intent {@link #ACTION_PROVISIONING_SUCCESSFUL} will also be sent to the profile owner. <p>If provisioning fails, the managedProfile is removed so the device returns to its previous state. <p>If launched with {@link android.app.Activity#startActivityForResult(Intent, int)} a result code of {@link android.app.Activity#RESULT_OK} implies that the synchronous part of the provisioning flow was successful, although this doesn't guarantee the full flow will succeed. Conversely a result code of {@link android.app.Activity#RESULT_CANCELED} implies that the user backed-out of provisioning, or some precondition for provisioning wasn't met. */ ACTION_PROVISION_MANAGED_PROFILE : "android.app.action.PROVISION_MANAGED_PROFILE", /** Activity action: Starts the provisioning flow which sets up a managed user. <p>This intent will typically be sent by a mobile device management application (MDM). Provisioning configures the user as managed user and sets the MDM as the profile owner who has full control over the user. Provisioning can only happen before user setup has been completed. Use {@link #isProvisioningAllowed}(String) to check if provisioning is allowed. <p>The intent contains the following extras: <ul> <li>{@link #EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME}</li> <li>{@link #EXTRA_PROVISIONING_SKIP_ENCRYPTION}, optional</li> <li>{@link #EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE}, optional</li> <li>{@link #EXTRA_PROVISIONING_LOGO_URI}, optional</li> <li>{@link #EXTRA_PROVISIONING_MAIN_COLOR}, optional</li> </ul> <p>If provisioning fails, the device returns to its previous state. <p>If launched with {@link android.app.Activity#startActivityForResult(Intent, int)} a result code of {@link android.app.Activity#RESULT_OK} implies that the synchronous part of the provisioning flow was successful, although this doesn't guarantee the full flow will succeed. Conversely a result code of {@link android.app.Activity#RESULT_CANCELED} implies that the user backed-out of provisioning, or some precondition for provisioning wasn't met. @hide */ ACTION_PROVISION_MANAGED_USER : "android.app.action.PROVISION_MANAGED_USER", /** Activity action: Starts the provisioning flow which sets up a managed device. Must be started with {@link android.app.Activity#startActivityForResult(Intent, int)}. <p> During device owner provisioning a device admin app is set as the owner of the device. A device owner has full control over the device. The device owner can not be modified by the user. <p> A typical use case would be a device that is owned by a company, but used by either an employee or client. <p> An intent with this action can be sent only on an unprovisioned device. It is possible to check if provisioning is allowed or not by querying the method {@link #isProvisioningAllowed}(String). <p>The intent contains the following extras: <ul> <li>{@link #EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME}</li> <li>{@link #EXTRA_PROVISIONING_SKIP_ENCRYPTION}, optional</li> <li>{@link #EXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED}, optional</li> <li>{@link #EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE}, optional</li> <li>{@link #EXTRA_PROVISIONING_LOGO_URI}, optional</li> <li>{@link #EXTRA_PROVISIONING_MAIN_COLOR}, optional</li> <li>{@link #EXTRA_PROVISIONING_DISCLAIMERS}, optional</li> <li>{@link #EXTRA_PROVISIONING_SKIP_EDUCATION_SCREENS}, optional</li> </ul> <p>When device owner provisioning has completed, an intent of the type {@link android.app.admin.DeviceAdminReceiver#ACTION_PROFILE_PROVISIONING_COMPLETE} is broadcast to the device owner. <p>From version {@link android.os.Build.VERSION_CODES#O}, when device owner provisioning has completed, along with the above broadcast, activity intent {@link #ACTION_PROVISIONING_SUCCESSFUL} will also be sent to the device owner. <p>If provisioning fails, the device is factory reset. <p>A result code of {@link android.app.Activity#RESULT_OK} implies that the synchronous part of the provisioning flow was successful, although this doesn't guarantee the full flow will succeed. Conversely a result code of {@link android.app.Activity#RESULT_CANCELED} implies that the user backed-out of provisioning, or some precondition for provisioning wasn't met. */ ACTION_PROVISION_MANAGED_DEVICE : "android.app.action.PROVISION_MANAGED_DEVICE", /** Activity action: launch when user provisioning completed, i.e. {@link #getUserProvisioningState}() returns one of the complete state. <p> Please note that the API behavior is not necessarily consistent across various releases, and devices, as it's contract between SetupWizard and ManagedProvisioning. The default implementation is that ManagedProvisioning launches SetupWizard in NFC provisioning only. <p> The activity must be protected by permission {@link android.Manifest.permission#BIND_DEVICE_ADMIN}, and the process must hold {@link android.Manifest.permission#DISPATCH_PROVISIONING_MESSAGE} to be launched. Only one {@link ComponentName} in the entire system should be enabled, and the rest of the components are not started by this intent. @hide */ ACTION_STATE_USER_SETUP_COMPLETE : "android.app.action.STATE_USER_SETUP_COMPLETE", /** Activity action: Starts the provisioning flow which sets up a managed device. <p>During device owner provisioning, a device admin app is downloaded and set as the owner of the device. A device owner has full control over the device. The device owner can not be modified by the user and the only way of resetting the device is via factory reset. <p>From version {@link android.os.Build.VERSION_CODES#Q}, the admin app can choose whether to set up a fully managed device or a work profile. For the admin app to support this, it must have an activity with intent filter {@link #ACTION_GET_PROVISIONING_MODE} and another one with intent filter {@link #ACTION_ADMIN_POLICY_COMPLIANCE}. For example: <pre> <activity android:name=".GetProvisioningModeActivity" android:label="@string/app_name" android:permission="android.permission.BIND_DEVICE_ADMIN"> <intent-filter> <action android:name="android.app.action.GET_PROVISIONING_MODE" /> <category android:name="android.intent.category.DEFAULT" /> </intent-filter> </activity> <activity android:name=".PolicyComplianceActivity" android:label="@string/app_name" android:permission="android.permission.BIND_DEVICE_ADMIN"> <intent-filter> <action android:name="android.app.action.ADMIN_POLICY_COMPLIANCE" /> <category android:name="android.intent.category.DEFAULT" /> </intent-filter> </activity></pre> <p>A typical use case would be a device that is owned by a company, but used by either an employee or client. <p>The provisioning message should be sent to an unprovisioned device. <p>Unlike {@link #ACTION_PROVISION_MANAGED_DEVICE}, the provisioning message can only be sent by a privileged app with the permission {@link android.Manifest.permission#DISPATCH_PROVISIONING_MESSAGE}. <p>The provisioning intent contains the following properties: <ul> <li>{@link #EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME}</li> <li>{@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION}, optional</li> <li>{@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_COOKIE_HEADER}, optional</li> <li>{@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM}, optional</li> <li>{@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_LABEL}, optional</li> <li>{@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_ICON_URI}, optional</li> <li>{@link #EXTRA_PROVISIONING_LOCAL_TIME} (convert to String), optional</li> <li>{@link #EXTRA_PROVISIONING_TIME_ZONE}, optional</li> <li>{@link #EXTRA_PROVISIONING_LOCALE}, optional</li> <li>{@link #EXTRA_PROVISIONING_WIFI_SSID}, optional</li> <li>{@link #EXTRA_PROVISIONING_WIFI_HIDDEN} (convert to String), optional</li> <li>{@link #EXTRA_PROVISIONING_WIFI_SECURITY_TYPE}, optional</li> <li>{@link #EXTRA_PROVISIONING_WIFI_PASSWORD}, optional</li> <li>{@link #EXTRA_PROVISIONING_WIFI_PROXY_HOST}, optional</li> <li>{@link #EXTRA_PROVISIONING_WIFI_PROXY_PORT} (convert to String), optional</li> <li>{@link #EXTRA_PROVISIONING_WIFI_PROXY_BYPASS}, optional</li> <li>{@link #EXTRA_PROVISIONING_WIFI_PAC_URL}, optional</li> <li>{@link #EXTRA_PROVISIONING_SUPPORT_URL}, optional</li> <li>{@link #EXTRA_PROVISIONING_ORGANIZATION_NAME}, optional</li> <li>{@link #EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE}, optional</li> <li>{@link #EXTRA_PROVISIONING_USE_MOBILE_DATA}, optional </li> <li>{@link #EXTRA_PROVISIONING_SKIP_EDUCATION_SCREENS}, optional - when not used for cloud enrollment, NFC or QR provisioning</li> </ul> @hide */ ACTION_PROVISION_MANAGED_DEVICE_FROM_TRUSTED_SOURCE : "android.app.action.PROVISION_MANAGED_DEVICE_FROM_TRUSTED_SOURCE", /** Activity action: Starts the provisioning flow which sets up a managed device. Must be started with {@link android.app.Activity#startActivityForResult(Intent, int)}. <p>NOTE: This is only supported on split system user devices, and puts the device into a management state that is distinct from that reached by {@link #ACTION_PROVISION_MANAGED_DEVICE} - specifically the device owner runs on the system user, and only has control over device-wide policies, not individual users and their data. The primary benefit is that multiple non-system users are supported when provisioning using this form of device management. <p>During device owner provisioning a device admin app is set as the owner of the device. A device owner has full control over the device. The device owner can not be modified by the user. <p>A typical use case would be a device that is owned by a company, but used by either an employee or client. <p>An intent with this action can be sent only on an unprovisioned device. It is possible to check if provisioning is allowed or not by querying the method {@link #isProvisioningAllowed}(String). <p>The intent contains the following extras: <ul> <li>{@link #EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME}</li> <li>{@link #EXTRA_PROVISIONING_SKIP_ENCRYPTION}, optional</li> <li>{@link #EXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED}, optional</li> <li>{@link #EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE}, optional</li> <li>{@link #EXTRA_PROVISIONING_LOGO_URI}, optional</li> <li>{@link #EXTRA_PROVISIONING_MAIN_COLOR}, optional</li> </ul> <p>When device owner provisioning has completed, an intent of the type {@link android.app.admin.DeviceAdminReceiver#ACTION_PROFILE_PROVISIONING_COMPLETE} is broadcast to the device owner. <p>From version {@link android.os.Build.VERSION_CODES#O}, when device owner provisioning has completed, along with the above broadcast, activity intent {@link #ACTION_PROVISIONING_SUCCESSFUL} will also be sent to the device owner. <p>If provisioning fails, the device is factory reset. <p>A result code of {@link android.app.Activity#RESULT_OK} implies that the synchronous part of the provisioning flow was successful, although this doesn't guarantee the full flow will succeed. Conversely a result code of {@link android.app.Activity#RESULT_CANCELED} implies that the user backed-out of provisioning, or some precondition for provisioning wasn't met. @hide */ ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE : "android.app.action.PROVISION_MANAGED_SHAREABLE_DEVICE", /** Activity action: Finalizes management provisioning, should be used after user-setup has been completed and {@link #getUserProvisioningState}() returns one of: <ul> <li>{@link #STATE_USER_SETUP_INCOMPLETE}</li> <li>{@link #STATE_USER_SETUP_COMPLETE}</li> <li>{@link #STATE_USER_PROFILE_COMPLETE}</li> </ul> @hide */ ACTION_PROVISION_FINALIZATION : "android.app.action.PROVISION_FINALIZATION", /** Action: Bugreport sharing with device owner has been accepted by the user. @hide */ ACTION_BUGREPORT_SHARING_ACCEPTED : "com.android.server.action.REMOTE_BUGREPORT_SHARING_ACCEPTED", /** Action: Bugreport sharing with device owner has been declined by the user. @hide */ ACTION_BUGREPORT_SHARING_DECLINED : "com.android.server.action.REMOTE_BUGREPORT_SHARING_DECLINED", /** Action: Bugreport has been collected and is dispatched to {@code DevicePolicyManagerService}. @hide */ ACTION_REMOTE_BUGREPORT_DISPATCH : "android.intent.action.REMOTE_BUGREPORT_DISPATCH", /** Extra for shared bugreport's SHA-256 hash. @hide */ EXTRA_REMOTE_BUGREPORT_HASH : "android.intent.extra.REMOTE_BUGREPORT_HASH", /** Extra for remote bugreport notification shown type. @hide */ EXTRA_BUGREPORT_NOTIFICATION_TYPE : "android.app.extra.bugreport_notification_type", /** Notification type for a started remote bugreport flow. @hide */ NOTIFICATION_BUGREPORT_STARTED : "1", /** Notification type for a bugreport that has already been accepted to be shared, but is still being taken. @hide */ NOTIFICATION_BUGREPORT_ACCEPTED_NOT_FINISHED : "2", /** Notification type for a bugreport that has been taken and can be shared or declined. @hide */ NOTIFICATION_BUGREPORT_FINISHED_NOT_ACCEPTED : "3", /** Default and maximum timeout in milliseconds after which unlocking with weak auth times out, i.e. the user has to use a strong authentication method like password, PIN or pattern. @hide */ DEFAULT_STRONG_AUTH_TIMEOUT_MS : "259200000", /** A {@link android.os.Parcelable} extra of type {@link android.os.PersistableBundle} that allows a mobile device management application or NFC programmer application which starts managed provisioning to pass data to the management application instance after provisioning. <p> If used with {@link #ACTION_PROVISION_MANAGED_PROFILE} it can be used by the application that sends the intent to pass data to itself on the newly created profile. If used with {@link #ACTION_PROVISION_MANAGED_DEVICE} it allows passing data to the same instance of the app on the primary user. Starting from {@link android.os.Build.VERSION_CODES#M}, if used with {@link #MIME_TYPE_PROVISIONING_NFC} as part of NFC managed device provisioning, the NFC message should contain a stringified {@link java.util.Properties} instance, whose string properties will be converted into a {@link android.os.PersistableBundle} and passed to the management application after provisioning. <p> In both cases the application receives the data in {@link android.app.admin.DeviceAdminReceiver#onProfileProvisioningComplete} via an intent with the action {@link android.app.admin.DeviceAdminReceiver#ACTION_PROFILE_PROVISIONING_COMPLETE}. The bundle is not changed during the managed provisioning. */ EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE : "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE", /** A String extra holding the package name of the mobile device management application that will be set as the profile owner or device owner. <p>If an application starts provisioning directly via an intent with action {@link #ACTION_PROVISION_MANAGED_PROFILE} this package has to match the package name of the application that started provisioning. The package will be set as profile owner in that case. <p>This package is set as device owner when device owner provisioning is started by an NFC message containing an NFC record with MIME type {@link #MIME_TYPE_PROVISIONING_NFC}. <p> When this extra is set, the application must have exactly one device admin receiver. This receiver will be set as the profile or device owner and active admin. @see DeviceAdminReceiver @deprecated Use {@link #EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME}. This extra is still supported, but only if there is only one device admin receiver in the package that requires the permission {@link android.Manifest.permission#BIND_DEVICE_ADMIN}. */ EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME : "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME", /** A ComponentName extra indicating the device admin receiver of the mobile device management application that will be set as the profile owner or device owner and active admin. <p>If an application starts provisioning directly via an intent with action {@link #ACTION_PROVISION_MANAGED_PROFILE} or {@link #ACTION_PROVISION_MANAGED_DEVICE} the package name of this component has to match the package name of the application that started provisioning. <p>This component is set as device owner and active admin when device owner provisioning is started by an intent with action {@link #ACTION_PROVISION_MANAGED_DEVICE} or by an NFC message containing an NFC record with MIME type {@link #MIME_TYPE_PROVISIONING_NFC}. For the NFC record, the component name must be flattened to a string, via {@link ComponentName#flattenToShortString()}. @see DeviceAdminReceiver */ EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME : "android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME", /** An {@link android.accounts.Account} extra holding the account to migrate during managed profile provisioning. If the account supplied is present in the primary user, it will be copied, along with its credentials to the managed profile and removed from the primary user. Use with {@link #ACTION_PROVISION_MANAGED_PROFILE}. */ EXTRA_PROVISIONING_ACCOUNT_TO_MIGRATE : "android.app.extra.PROVISIONING_ACCOUNT_TO_MIGRATE", /** Boolean extra to indicate that the migrated account should be kept. This is used in conjunction with {@link #EXTRA_PROVISIONING_ACCOUNT_TO_MIGRATE}. If it's set to {@code true}, the account will not be removed from the primary user after it is migrated to the newly created user or profile. <p> Defaults to {@code false} <p> Use with {@link #ACTION_PROVISION_MANAGED_PROFILE} and {@link #EXTRA_PROVISIONING_ACCOUNT_TO_MIGRATE} */ EXTRA_PROVISIONING_KEEP_ACCOUNT_ON_MIGRATION : "android.app.extra.PROVISIONING_KEEP_ACCOUNT_ON_MIGRATION", /** @deprecated From {@link android.os.Build.VERSION_CODES#O}, never used while provisioning the device. */ EXTRA_PROVISIONING_EMAIL_ADDRESS : "android.app.extra.PROVISIONING_EMAIL_ADDRESS", /** A integer extra indicating the predominant color to show during the provisioning. Refer to {@link android.graphics.Color} for how the color is represented. <p>Use with {@link #ACTION_PROVISION_MANAGED_PROFILE} or {@link #ACTION_PROVISION_MANAGED_DEVICE}. */ EXTRA_PROVISIONING_MAIN_COLOR : "android.app.extra.PROVISIONING_MAIN_COLOR", /** A Boolean extra that can be used by the mobile device management application to skip the disabling of system apps during provisioning when set to {@code true}. <p>Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} or an intent with action {@link #ACTION_PROVISION_MANAGED_DEVICE} that starts device owner provisioning. */ EXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED : "android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED", /** A String extra holding the time zone {@link android.app.AlarmManager} that the device will be set to. <p>Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner provisioning via an NFC bump. */ EXTRA_PROVISIONING_TIME_ZONE : "android.app.extra.PROVISIONING_TIME_ZONE", /** A Long extra holding the wall clock time (in milliseconds) to be set on the device's {@link android.app.AlarmManager}. <p>Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner provisioning via an NFC bump. */ EXTRA_PROVISIONING_LOCAL_TIME : "android.app.extra.PROVISIONING_LOCAL_TIME", /** A String extra holding the {@link java.util.Locale} that the device will be set to. Format: xx_yy, where xx is the language code, and yy the country code. <p>Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner provisioning via an NFC bump. */ EXTRA_PROVISIONING_LOCALE : "android.app.extra.PROVISIONING_LOCALE", /** A String extra holding the ssid of the wifi network that should be used during nfc device owner provisioning for downloading the mobile device management application. <p>Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner provisioning via an NFC bump. */ EXTRA_PROVISIONING_WIFI_SSID : "android.app.extra.PROVISIONING_WIFI_SSID", /** A boolean extra indicating whether the wifi network in {@link #EXTRA_PROVISIONING_WIFI_SSID} is hidden or not. <p>Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner provisioning via an NFC bump. */ EXTRA_PROVISIONING_WIFI_HIDDEN : "android.app.extra.PROVISIONING_WIFI_HIDDEN", /** A String extra indicating the security type of the wifi network in {@link #EXTRA_PROVISIONING_WIFI_SSID} and could be one of {@code NONE}, {@code WPA}, {@code WEP} or {@code EAP}. <p>Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner provisioning via an NFC bump. */ EXTRA_PROVISIONING_WIFI_SECURITY_TYPE : "android.app.extra.PROVISIONING_WIFI_SECURITY_TYPE", /** A String extra holding the password of the wifi network in {@link #EXTRA_PROVISIONING_WIFI_SSID}. <p>Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner provisioning via an NFC bump. */ EXTRA_PROVISIONING_WIFI_PASSWORD : "android.app.extra.PROVISIONING_WIFI_PASSWORD", /** The EAP method of the wifi network in {@link #EXTRA_PROVISIONING_WIFI_SSID} and could be one of {@code PEAP}, {@code TLS}, {@code TTLS}, {@code PWD}, {@code SIM}, {@code AKA} or {@code AKA_PRIME}. This is only used if the {@link #EXTRA_PROVISIONING_WIFI_SECURITY_TYPE} is {@code EAP}. <p>Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner provisioning via an NFC bump. It can also be used for QR code provisioning. */ EXTRA_PROVISIONING_WIFI_EAP_METHOD : "android.app.extra.PROVISIONING_WIFI_EAP_METHOD", /** The phase 2 authentication of the wifi network in {@link #EXTRA_PROVISIONING_WIFI_SSID} and could be one of {@code NONE}, {@code PAP}, {@code MSCHAP}, {@code MSCHAPV2}, {@code GTC}, {@code SIM}, {@code AKA} or {@code AKA_PRIME}. This is only used if the {@link #EXTRA_PROVISIONING_WIFI_SECURITY_TYPE} is {@code EAP}. <p>Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner provisioning via an NFC bump. It can also be used for QR code provisioning. */ EXTRA_PROVISIONING_WIFI_PHASE2_AUTH : "android.app.extra.PROVISIONING_WIFI_PHASE2_AUTH", /** The CA certificate of the wifi network in {@link #EXTRA_PROVISIONING_WIFI_SSID}. This should be an X.509 certificate Base64 encoded DER format, ie. PEM representation of a certificate without header, footer and line breaks. <a href= "https://tools.ietf.org/html/rfc7468"> More information</a> This is only used if the {@link #EXTRA_PROVISIONING_WIFI_SECURITY_TYPE} is {@code EAP}. <p>Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner provisioning via an NFC bump. It can also be used for QR code provisioning. */ EXTRA_PROVISIONING_WIFI_CA_CERTIFICATE : "android.app.extra.PROVISIONING_WIFI_CA_CERTIFICATE", /** The user certificate of the wifi network in {@link #EXTRA_PROVISIONING_WIFI_SSID}. This should be an X.509 certificate and private key Base64 encoded DER format, ie. PEM representation of a certificate and key without header, footer and line breaks. <a href= "https://tools.ietf.org/html/rfc7468"> More information</a> This is only used if the {@link #EXTRA_PROVISIONING_WIFI_SECURITY_TYPE} is {@code EAP}. <p>Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner provisioning via an NFC bump. It can also be used for QR code provisioning. */ EXTRA_PROVISIONING_WIFI_USER_CERTIFICATE : "android.app.extra.PROVISIONING_WIFI_USER_CERTIFICATE", /** The identity of the wifi network in {@link #EXTRA_PROVISIONING_WIFI_SSID}. This is only used if the {@link #EXTRA_PROVISIONING_WIFI_SECURITY_TYPE} is {@code EAP}. <p>Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner provisioning via an NFC bump. It can also be used for QR code provisioning. */ EXTRA_PROVISIONING_WIFI_IDENTITY : "android.app.extra.PROVISIONING_WIFI_IDENTITY", /** The anonymous identity of the wifi network in {@link #EXTRA_PROVISIONING_WIFI_SSID}. This is only used if the {@link #EXTRA_PROVISIONING_WIFI_SECURITY_TYPE} is {@code EAP}. <p>Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner provisioning via an NFC bump. It can also be used for QR code provisioning. */ EXTRA_PROVISIONING_WIFI_ANONYMOUS_IDENTITY : "android.app.extra.PROVISIONING_WIFI_ANONYMOUS_IDENTITY", /** The domain of the wifi network in {@link #EXTRA_PROVISIONING_WIFI_SSID}. This is only used if the {@link #EXTRA_PROVISIONING_WIFI_SECURITY_TYPE} is {@code EAP}. <p>Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner provisioning via an NFC bump. It can also be used for QR code provisioning. */ EXTRA_PROVISIONING_WIFI_DOMAIN : "android.app.extra.PROVISIONING_WIFI_DOMAIN", /** A String extra holding the proxy host for the wifi network in {@link #EXTRA_PROVISIONING_WIFI_SSID}. <p>Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner provisioning via an NFC bump. */ EXTRA_PROVISIONING_WIFI_PROXY_HOST : "android.app.extra.PROVISIONING_WIFI_PROXY_HOST", /** An int extra holding the proxy port for the wifi network in {@link #EXTRA_PROVISIONING_WIFI_SSID}. <p>Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner provisioning via an NFC bump. */ EXTRA_PROVISIONING_WIFI_PROXY_PORT : "android.app.extra.PROVISIONING_WIFI_PROXY_PORT", /** A String extra holding the proxy bypass for the wifi network in {@link #EXTRA_PROVISIONING_WIFI_SSID}. <p>Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner provisioning via an NFC bump. */ EXTRA_PROVISIONING_WIFI_PROXY_BYPASS : "android.app.extra.PROVISIONING_WIFI_PROXY_BYPASS", /** A String extra holding the proxy auto-config (PAC) URL for the wifi network in {@link #EXTRA_PROVISIONING_WIFI_SSID}. <p>Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner provisioning via an NFC bump. */ EXTRA_PROVISIONING_WIFI_PAC_URL : "android.app.extra.PROVISIONING_WIFI_PAC_URL", /** A String extra holding a url that specifies the download location of the device admin package. When not provided it is assumed that the device admin package is already installed. <p>Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner provisioning via an NFC bump. */ EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION : "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION", /** A String extra holding the localized name of the organization under management. The name is displayed only during provisioning. <p>Use in an intent with action {@link #ACTION_PROVISION_MANAGED_DEVICE_FROM_TRUSTED_SOURCE} @hide */ EXTRA_PROVISIONING_ORGANIZATION_NAME : "android.app.extra.PROVISIONING_ORGANIZATION_NAME", /** A String extra holding a url to the website of the device provider so the user can open it during provisioning. If the url is not HTTPS, an error will be shown. <p>Use in an intent with action {@link #ACTION_PROVISION_MANAGED_DEVICE_FROM_TRUSTED_SOURCE} @hide */ EXTRA_PROVISIONING_SUPPORT_URL : "android.app.extra.PROVISIONING_SUPPORT_URL", /** A String extra holding the localized name of the device admin package. It should be the same as the app label of the package. <p>Use in an intent with action {@link #ACTION_PROVISION_MANAGED_DEVICE_FROM_TRUSTED_SOURCE} @hide */ EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_LABEL : "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_LABEL", /** A {@link Uri} extra pointing to the app icon of device admin package. This image will be shown during the provisioning. <h5>The following URI schemes are accepted:</h5> <ul> <li>content ({@link android.content.ContentResolver#SCHEME_CONTENT})</li> <li>android.resource ({@link android.content.ContentResolver#SCHEME_ANDROID_RESOURCE})</li> </ul> <p> It is the responsibility of the caller to provide an image with a reasonable pixel density for the device. <p> If a content: URI is passed, the intent should have the flag {@link Intent#FLAG_GRANT_READ_URI_PERMISSION} and the uri should be added to the {@link android.content.ClipData} of the intent too. <p>Use in an intent with action {@link #ACTION_PROVISION_MANAGED_DEVICE_FROM_TRUSTED_SOURCE} @hide */ EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_ICON_URI : "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_ICON_URI", /** An int extra holding a minimum required version code for the device admin package. If the device admin is already installed on the device, it will only be re-downloaded from {@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION} if the version of the installed package is less than this version code. <p>Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner provisioning via an NFC bump. */ EXTRA_PROVISIONING_DEVICE_ADMIN_MINIMUM_VERSION_CODE : "android.app.extra.PROVISIONING_DEVICE_ADMIN_MINIMUM_VERSION_CODE", /** A String extra holding a http cookie header which should be used in the http request to the url specified in {@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION}. <p>Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner provisioning via an NFC bump. */ EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_COOKIE_HEADER : "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_COOKIE_HEADER", /** A String extra holding the URL-safe base64 encoded SHA-256 hash of the file at download location specified in {@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION}. <p>Either this extra or {@link #EXTRA_PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM} must be present. The provided checksum must match the checksum of the file at the download location. If the checksum doesn't match an error will be shown to the user and the user will be asked to factory reset the device. <p>Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner provisioning via an NFC bump. <p><strong>Note:</strong> for devices running {@link android.os.Build.VERSION_CODES#LOLLIPOP} and {@link android.os.Build.VERSION_CODES#LOLLIPOP_MR1} only SHA-1 hash is supported. Starting from {@link android.os.Build.VERSION_CODES#M}, this parameter accepts SHA-256 in addition to SHA-1. From {@link android.os.Build.VERSION_CODES#Q}, only SHA-256 hash is supported. */ EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM : "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM", /** A String extra holding the URL-safe base64 encoded SHA-256 checksum of any signature of the android package archive at the download location specified in {@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION}. <p>The signatures of an android package archive can be obtained using {@link android.content.pm.PackageManager#getPackageArchiveInfo} with flag {@link android.content.pm.PackageManager#GET_SIGNATURES}. <p>Either this extra or {@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM} must be present. The provided checksum must match the checksum of any signature of the file at the download location. If the checksum does not match an error will be shown to the user and the user will be asked to factory reset the device. <p>Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner provisioning via an NFC bump. */ EXTRA_PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM : "android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM", /** Broadcast Action: This broadcast is sent to indicate that provisioning of a managed profile has completed successfully. <p>The broadcast is limited to the primary profile, to the app specified in the provisioning intent with action {@link #ACTION_PROVISION_MANAGED_PROFILE}. <p>This intent will contain the following extras <ul> <li>{@link Intent#EXTRA_USER}, corresponds to the {@link UserHandle} of the managed profile.</li> <li>{@link #EXTRA_PROVISIONING_ACCOUNT_TO_MIGRATE}, corresponds to the account requested to be migrated at provisioning time, if any.</li> </ul> */ ACTION_MANAGED_PROFILE_PROVISIONED : "android.app.action.MANAGED_PROFILE_PROVISIONED", /** Activity action: This activity action is sent to indicate that provisioning of a managed profile or managed device has completed successfully. It'll be sent at the same time as {@link android.app.admin.DeviceAdminReceiver#ACTION_PROFILE_PROVISIONING_COMPLETE} broadcast but this will be delivered faster as it's an activity intent. <p>The intent is only sent to the new device or profile owner. @see #ACTION_PROVISION_MANAGED_PROFILE @see #ACTION_PROVISION_MANAGED_DEVICE */ ACTION_PROVISIONING_SUCCESSFUL : "android.app.action.PROVISIONING_SUCCESSFUL", /** A boolean extra indicating whether device encryption can be skipped as part of device owner or managed profile provisioning. <p>Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} or an intent with action {@link #ACTION_PROVISION_MANAGED_DEVICE} that starts device owner provisioning. <p>From {@link android.os.Build.VERSION_CODES#N} onwards, this is also supported for an intent with action {@link #ACTION_PROVISION_MANAGED_PROFILE}. */ EXTRA_PROVISIONING_SKIP_ENCRYPTION : "android.app.extra.PROVISIONING_SKIP_ENCRYPTION", /** A {@link Uri} extra pointing to a logo image. This image will be shown during the provisioning. If this extra is not passed, a default image will be shown. <h5>The following URI schemes are accepted:</h5> <ul> <li>content ({@link android.content.ContentResolver#SCHEME_CONTENT})</li> <li>android.resource ({@link android.content.ContentResolver#SCHEME_ANDROID_RESOURCE})</li> </ul> <p> It is the responsibility of the caller to provide an image with a reasonable pixel density for the device. <p> If a content: URI is passed, the intent should have the flag {@link Intent#FLAG_GRANT_READ_URI_PERMISSION} and the uri should be added to the {@link android.content.ClipData} of the intent too. <p>Use in an intent with action {@link #ACTION_PROVISION_MANAGED_PROFILE} or {@link #ACTION_PROVISION_MANAGED_DEVICE} */ EXTRA_PROVISIONING_LOGO_URI : "android.app.extra.PROVISIONING_LOGO_URI", /** A {@link Bundle}[] extra consisting of list of disclaimer headers and disclaimer contents. Each {@link Bundle} must have both {@link #EXTRA_PROVISIONING_DISCLAIMER_HEADER} as disclaimer header, and {@link #EXTRA_PROVISIONING_DISCLAIMER_CONTENT} as disclaimer content. <p> The extra typically contains one disclaimer from the company of mobile device management application (MDM), and one disclaimer from the organization. <p> Call {@link Bundle#putParcelableArray(String, Parcelable[])} to put the {@link Bundle}[] <p> Maximum 3 key-value pairs can be specified. The rest will be ignored. <p> Use in an intent with action {@link #ACTION_PROVISION_MANAGED_PROFILE} or {@link #ACTION_PROVISION_MANAGED_DEVICE} */ EXTRA_PROVISIONING_DISCLAIMERS : "android.app.extra.PROVISIONING_DISCLAIMERS", /** A String extra of localized disclaimer header. <p> The extra is typically the company name of mobile device management application (MDM) or the organization name. <p> Use in Bundle {@link #EXTRA_PROVISIONING_DISCLAIMERS} <p> System app, i.e. application with {@link ApplicationInfo#FLAG_SYSTEM}, can also insert a disclaimer by declaring an application-level meta-data in {@code AndroidManifest.xml}. Must use it with {@link #EXTRA_PROVISIONING_DISCLAIMER_CONTENT}. Here is the example: <pre> <meta-data android:name="android.app.extra.PROVISIONING_DISCLAIMER_HEADER" android:resource="@string/disclaimer_header" /></pre> */ EXTRA_PROVISIONING_DISCLAIMER_HEADER : "android.app.extra.PROVISIONING_DISCLAIMER_HEADER", /** A {@link Uri} extra pointing to disclaimer content. <h5>The following URI schemes are accepted:</h5> <ul> <li>content ({@link android.content.ContentResolver#SCHEME_CONTENT})</li> <li>android.resource ({@link android.content.ContentResolver#SCHEME_ANDROID_RESOURCE})</li> </ul> <p> Styled text is supported in the disclaimer content. The content is parsed by {@link android.text.Html#fromHtml(String)} and displayed in a {@link android.widget.TextView}. <p> If a <code>content:</code> URI is passed, URI is passed, the intent should have the flag {@link Intent#FLAG_GRANT_READ_URI_PERMISSION} and the uri should be added to the {@link android.content.ClipData} of the intent too. <p> Use in Bundle {@link #EXTRA_PROVISIONING_DISCLAIMERS} <p> System app, i.e. application with {@link ApplicationInfo#FLAG_SYSTEM}, can also insert a disclaimer by declaring an application-level meta-data in {@code AndroidManifest.xml}. Must use it with {@link #EXTRA_PROVISIONING_DISCLAIMER_HEADER}. Here is the example: <pre> <meta-data android:name="android.app.extra.PROVISIONING_DISCLAIMER_CONTENT" android:resource="@string/disclaimer_content" /></pre> */ EXTRA_PROVISIONING_DISCLAIMER_CONTENT : "android.app.extra.PROVISIONING_DISCLAIMER_CONTENT", /** A boolean extra indicating if user setup should be skipped, for when provisioning is started during setup-wizard. <p>If unspecified, defaults to {@code true} to match the behavior in {@link android.os.Build.VERSION_CODES#M} and earlier. <p>Use in an intent with action {@link #ACTION_PROVISION_MANAGED_DEVICE} or {@link #ACTION_PROVISION_MANAGED_USER}. @hide */ EXTRA_PROVISIONING_SKIP_USER_SETUP : "android.app.extra.PROVISIONING_SKIP_USER_SETUP", /** A boolean extra indicating if the user consent steps from the provisioning flow should be skipped. If unspecified, defaults to {@code false}. It can only be used by an existing device owner trying to create a managed profile via {@link #ACTION_PROVISION_MANAGED_PROFILE}. Otherwise it is ignored. */ EXTRA_PROVISIONING_SKIP_USER_CONSENT : "android.app.extra.PROVISIONING_SKIP_USER_CONSENT", /** A boolean extra indicating if the education screens from the provisioning flow should be skipped. If unspecified, defaults to {@code false}. <p>This extra can be set in the following ways: <ul> <li>By the admin app when performing the admin-integrated provisioning flow as a result of the {@link #ACTION_GET_PROVISIONING_MODE} activity</li> <li>With intent action {@link #ACTION_PROVISION_MANAGED_DEVICE}</li> </ul> <p>If the education screens are skipped, it is the admin application's responsibility to display its own user education screens. */ EXTRA_PROVISIONING_SKIP_EDUCATION_SCREENS : "android.app.extra.PROVISIONING_SKIP_EDUCATION_SCREENS", /** A boolean extra indicating if mobile data should be used during NFC device owner provisioning for downloading the mobile device management application. If {@link #EXTRA_PROVISIONING_WIFI_SSID} is also specified, wifi network will be used instead. <p>Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC} that starts device owner provisioning via an NFC bump. @hide */ EXTRA_PROVISIONING_USE_MOBILE_DATA : "android.app.extra.PROVISIONING_USE_MOBILE_DATA", /** A String extra holding the provisioning trigger. It could be one of {@link #PROVISIONING_TRIGGER_CLOUD_ENROLLMENT}, {@link #PROVISIONING_TRIGGER_QR_CODE}, {@link #PROVISIONING_TRIGGER_PERSISTENT_DEVICE_OWNER} or {@link #PROVISIONING_TRIGGER_UNSPECIFIED}. <p>Use in an intent with action {@link #ACTION_PROVISION_MANAGED_DEVICE_FROM_TRUSTED_SOURCE}. @hide */ EXTRA_PROVISIONING_TRIGGER : "android.app.extra.PROVISIONING_TRIGGER", /** A value for {@link #EXTRA_PROVISIONING_TRIGGER} indicating that the provisioning trigger has not been specified. @see #PROVISIONING_TRIGGER_CLOUD_ENROLLMENT @see #PROVISIONING_TRIGGER_QR_CODE @see #PROVISIONING_TRIGGER_PERSISTENT_DEVICE_OWNER @hide */ PROVISIONING_TRIGGER_UNSPECIFIED : "0", /** A value for {@link #EXTRA_PROVISIONING_TRIGGER} indicating that the provisioning trigger is cloud enrollment. @see #PROVISIONING_TRIGGER_QR_CODE @see #PROVISIONING_TRIGGER_PERSISTENT_DEVICE_OWNER @see #PROVISIONING_TRIGGER_UNSPECIFIED @hide */ PROVISIONING_TRIGGER_CLOUD_ENROLLMENT : "1", /** A value for {@link #EXTRA_PROVISIONING_TRIGGER} indicating that the provisioning trigger is the QR code scanner. @see #PROVISIONING_TRIGGER_CLOUD_ENROLLMENT @see #PROVISIONING_TRIGGER_PERSISTENT_DEVICE_OWNER @see #PROVISIONING_TRIGGER_UNSPECIFIED @hide */ PROVISIONING_TRIGGER_QR_CODE : "2", /** A value for {@link #EXTRA_PROVISIONING_TRIGGER} indicating that the provisioning trigger is persistent device owner enrollment. @see #PROVISIONING_TRIGGER_CLOUD_ENROLLMENT @see #PROVISIONING_TRIGGER_QR_CODE @see #PROVISIONING_TRIGGER_UNSPECIFIED @hide */ PROVISIONING_TRIGGER_PERSISTENT_DEVICE_OWNER : "3", /** This MIME type is used for starting the device owner provisioning. <p>During device owner provisioning a device admin app is set as the owner of the device. A device owner has full control over the device. The device owner can not be modified by the user and the only way of resetting the device is if the device owner app calls a factory reset. <p> A typical use case would be a device that is owned by a company, but used by either an employee or client. <p> The NFC message must be sent to an unprovisioned device. <p>The NFC record must contain a serialized {@link java.util.Properties} object which contains the following properties: <ul> <li>{@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME}</li> <li>{@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION}, optional</li> <li>{@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_COOKIE_HEADER}, optional</li> <li>{@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM}, optional</li> <li>{@link #EXTRA_PROVISIONING_LOCAL_TIME} (convert to String), optional</li> <li>{@link #EXTRA_PROVISIONING_TIME_ZONE}, optional</li> <li>{@link #EXTRA_PROVISIONING_LOCALE}, optional</li> <li>{@link #EXTRA_PROVISIONING_WIFI_SSID}, optional</li> <li>{@link #EXTRA_PROVISIONING_WIFI_HIDDEN} (convert to String), optional</li> <li>{@link #EXTRA_PROVISIONING_WIFI_SECURITY_TYPE}, optional</li> <li>{@link #EXTRA_PROVISIONING_WIFI_PASSWORD}, optional</li> <li>{@link #EXTRA_PROVISIONING_WIFI_PROXY_HOST}, optional</li> <li>{@link #EXTRA_PROVISIONING_WIFI_PROXY_PORT} (convert to String), optional</li> <li>{@link #EXTRA_PROVISIONING_WIFI_PROXY_BYPASS}, optional</li> <li>{@link #EXTRA_PROVISIONING_WIFI_PAC_URL}, optional</li> <li>{@link #EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE}, optional, supported from {@link android.os.Build.VERSION_CODES#M} </li> <li>{@link #EXTRA_PROVISIONING_WIFI_EAP_METHOD}, optional, supported from {@link android.os.Build.VERSION_CODES#Q}</li> <li>{@link #EXTRA_PROVISIONING_WIFI_PHASE2_AUTH}, optional, supported from {@link android.os.Build.VERSION_CODES#Q}</li> <li>{@link #EXTRA_PROVISIONING_WIFI_CA_CERTIFICATE}, optional, supported from {@link android.os.Build.VERSION_CODES#Q}</li> <li>{@link #EXTRA_PROVISIONING_WIFI_USER_CERTIFICATE}, optional, supported from {@link android.os.Build.VERSION_CODES#Q}</li> <li>{@link #EXTRA_PROVISIONING_WIFI_IDENTITY}, optional, supported from {@link android.os.Build.VERSION_CODES#Q}</li> <li>{@link #EXTRA_PROVISIONING_WIFI_ANONYMOUS_IDENTITY}, optional, supported from {@link android.os.Build.VERSION_CODES#Q}</li> <li>{@link #EXTRA_PROVISIONING_WIFI_DOMAIN}, optional, supported from {@link android.os.Build.VERSION_CODES#Q}</li></ul> <p> As of {@link android.os.Build.VERSION_CODES#M}, the properties should contain {@link #EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME} instead of {@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME}, (although specifying only {@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME} is still supported). */ MIME_TYPE_PROVISIONING_NFC : "application/com.android.managedprovisioning", /** Activity action: ask the user to add a new device administrator to the system. The desired policy is the ComponentName of the policy in the {@link #EXTRA_DEVICE_ADMIN} extra field. This will invoke a UI to bring the user through adding the device administrator to the system (or allowing them to reject it). <p>You can optionally include the {@link #EXTRA_ADD_EXPLANATION} field to provide the user with additional explanation (in addition to your component's description) about what is being added. <p>If your administrator is already active, this will ordinarily return immediately (without user intervention). However, if your administrator has been updated and is requesting additional uses-policy flags, the user will be presented with the new list. New policies will not be available to the updated administrator until the user has accepted the new list. */ ACTION_ADD_DEVICE_ADMIN : "android.app.action.ADD_DEVICE_ADMIN", /** @hide Activity action: ask the user to add a new device administrator as the profile owner for this user. Only system apps can launch this intent. <p>The ComponentName of the profile owner admin is passed in the {@link #EXTRA_DEVICE_ADMIN} extra field. This will invoke a UI to bring the user through adding the profile owner admin to remotely control restrictions on the user. <p>The intent must be invoked via {@link Activity#startActivityForResult} to receive the result of whether or not the user approved the action. If approved, the result will be {@link Activity#RESULT_OK} and the component will be set as an active admin as well as a profile owner. <p>You can optionally include the {@link #EXTRA_ADD_EXPLANATION} field to provide the user with additional explanation (in addition to your component's description) about what is being added. <p>If there is already a profile owner active or the caller is not a system app, the operation will return a failure result. */ ACTION_SET_PROFILE_OWNER : "android.app.action.SET_PROFILE_OWNER", /** @hide Name of the profile owner admin that controls the user. */ EXTRA_PROFILE_OWNER_NAME : "android.app.extra.PROFILE_OWNER_NAME", /** Broadcast action: send when any policy admin changes a policy. This is generally used to find out when a new policy is in effect. @hide */ ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED : "android.app.action.DEVICE_POLICY_MANAGER_STATE_CHANGED", /** Broadcast action: sent when the device owner is set, changed or cleared. This broadcast is sent only to the primary user. @see #ACTION_PROVISION_MANAGED_DEVICE @see DevicePolicyManager#transferOwnership(ComponentName, ComponentName, PersistableBundle) */ ACTION_DEVICE_OWNER_CHANGED : "android.app.action.DEVICE_OWNER_CHANGED", /** The ComponentName of the administrator component. @see #ACTION_ADD_DEVICE_ADMIN */ EXTRA_DEVICE_ADMIN : "android.app.extra.DEVICE_ADMIN", /** An optional CharSequence providing additional explanation for why the admin is being added. @see #ACTION_ADD_DEVICE_ADMIN */ EXTRA_ADD_EXPLANATION : "android.app.extra.ADD_EXPLANATION", /** Constant to indicate the feature of disabling the camera. Used as argument to {@link #createAdminSupportIntent}(String). @see #setCameraDisabled(ComponentName, boolean) */ POLICY_DISABLE_CAMERA : "policy_disable_camera", /** Constant to indicate the feature of disabling screen captures. Used as argument to {@link #createAdminSupportIntent}(String). @see #setScreenCaptureDisabled(ComponentName, boolean) */ POLICY_DISABLE_SCREEN_CAPTURE : "policy_disable_screen_capture", /** Constant to indicate the feature of suspending app. Use it as the value of {@link #EXTRA_RESTRICTION}. @hide */ POLICY_SUSPEND_PACKAGES : "policy_suspend_packages", /** A String indicating a specific restricted feature. Can be a user restriction from the {@link UserManager}, e.g. {@link UserManager#DISALLOW_ADJUST_VOLUME}, or one of the values {@link #POLICY_DISABLE_CAMERA} or {@link #POLICY_DISABLE_SCREEN_CAPTURE}. @see #createAdminSupportIntent(String) @hide */ EXTRA_RESTRICTION : "android.app.extra.RESTRICTION", /** Activity action: have the user enter a new password. <p>For admin apps, this activity should be launched after using {@link #setPasswordQuality(ComponentName, int)}, or {@link #setPasswordMinimumLength(ComponentName, int)} to have the user enter a new password that meets the current requirements. You can use {@link #isActivePasswordSufficient}() to determine whether you need to have the user select a new password in order to meet the current constraints. Upon being resumed from this activity, you can check the new password characteristics to see if they are sufficient. <p>Non-admin apps can use {@link #getPasswordComplexity}() to check the current screen lock complexity, and use this activity with extra {@link #EXTRA_PASSWORD_COMPLEXITY} to suggest to users how complex the app wants the new screen lock to be. Note that both {@link #getPasswordComplexity}() and the extra {@link #EXTRA_PASSWORD_COMPLEXITY} require the calling app to have the permission {@link permission#REQUEST_PASSWORD_COMPLEXITY}. <p>If the intent is launched from within a managed profile with a profile owner built against {@link android.os.Build.VERSION_CODES#M} or before, this will trigger entering a new password for the parent of the profile. For all other cases it will trigger entering a new password for the user or profile it is launched from. @see #ACTION_SET_NEW_PARENT_PROFILE_PASSWORD */ ACTION_SET_NEW_PASSWORD : "android.app.action.SET_NEW_PASSWORD", /** An integer indicating the complexity level of the new password an app would like the user to set when launching the action {@link #ACTION_SET_NEW_PASSWORD}. <p>Must be one of <ul> <li>{@link #PASSWORD_COMPLEXITY_HIGH} <li>{@link #PASSWORD_COMPLEXITY_MEDIUM} <li>{@link #PASSWORD_COMPLEXITY_LOW} <li>{@link #PASSWORD_COMPLEXITY_NONE} </ul> <p>If an invalid value is used, it will be treated as {@link #PASSWORD_COMPLEXITY_NONE}. */ EXTRA_PASSWORD_COMPLEXITY : "android.app.extra.PASSWORD_COMPLEXITY", /** Constant for {@link #getPasswordComplexity}(): no password. <p>Note that these complexity constants are ordered so that higher values are more complex. */ PASSWORD_COMPLEXITY_NONE : "0", /** Constant for {@link #getPasswordComplexity}(): password satisfies one of the following: <ul> <li>pattern <li>PIN with repeating (4444) or ordered (1234, 4321, 2468) sequences </ul> <p>Note that these complexity constants are ordered so that higher values are more complex. @see #PASSWORD_QUALITY_SOMETHING @see #PASSWORD_QUALITY_NUMERIC */ PASSWORD_COMPLEXITY_LOW : "65536", /** Constant for {@link #getPasswordComplexity}(): password satisfies one of the following: <ul> <li>PIN with <b>no</b> repeating (4444) or ordered (1234, 4321, 2468) sequences, length at least 4 <li>alphabetic, length at least 4 <li>alphanumeric, length at least 4 </ul> <p>Note that these complexity constants are ordered so that higher values are more complex. @see #PASSWORD_QUALITY_NUMERIC_COMPLEX @see #PASSWORD_QUALITY_ALPHABETIC @see #PASSWORD_QUALITY_ALPHANUMERIC */ PASSWORD_COMPLEXITY_MEDIUM : "196608", /** Constant for {@link #getPasswordComplexity}(): password satisfies one of the following: <ul> <li>PIN with <b>no</b> repeating (4444) or ordered (1234, 4321, 2468) sequences, length at least 8 <li>alphabetic, length at least 6 <li>alphanumeric, length at least 6 </ul> <p>Note that these complexity constants are ordered so that higher values are more complex. @see #PASSWORD_QUALITY_NUMERIC_COMPLEX @see #PASSWORD_QUALITY_ALPHABETIC @see #PASSWORD_QUALITY_ALPHANUMERIC */ PASSWORD_COMPLEXITY_HIGH : "327680", /** Activity action: have the user enter a new password for the parent profile. If the intent is launched from within a managed profile, this will trigger entering a new password for the parent of the profile. In all other cases the behaviour is identical to {@link #ACTION_SET_NEW_PASSWORD}. */ ACTION_SET_NEW_PARENT_PROFILE_PASSWORD : "android.app.action.SET_NEW_PARENT_PROFILE_PASSWORD", /** Broadcast action: Tell the status bar to open the device monitoring dialog, e.g. when Network logging was enabled and the user tapped the notification. <p class="note">This is a protected intent that can only be sent by the system.</p> @hide */ ACTION_SHOW_DEVICE_MONITORING_DIALOG : "android.app.action.SHOW_DEVICE_MONITORING_DIALOG", /** Broadcast Action: Sent after application delegation scopes are changed. The new delegation scopes will be sent in an {@code ArrayList<String>} extra identified by the {@link #EXTRA_DELEGATION_SCOPES} key. <p class=”note”> Note: This is a protected intent that can only be sent by the system.</p> */ ACTION_APPLICATION_DELEGATION_SCOPES_CHANGED : "android.app.action.APPLICATION_DELEGATION_SCOPES_CHANGED", /** An {@code ArrayList<String>} corresponding to the delegation scopes given to an app in the {@link #ACTION_APPLICATION_DELEGATION_SCOPES_CHANGED} broadcast. */ EXTRA_DELEGATION_SCOPES : "android.app.extra.DELEGATION_SCOPES", /** Flag used by {@link #addCrossProfileIntentFilter} to allow activities in the parent profile to access intents sent from the managed profile. That is, when an app in the managed profile calls {@link Activity#startActivity(Intent)}, the intent can be resolved by a matching activity in the parent profile. */ FLAG_PARENT_CAN_ACCESS_MANAGED : "1", /** Flag used by {@link #addCrossProfileIntentFilter} to allow activities in the managed profile to access intents sent from the parent profile. That is, when an app in the parent profile calls {@link Activity#startActivity(Intent)}, the intent can be resolved by a matching activity in the managed profile. */ FLAG_MANAGED_CAN_ACCESS_PARENT : "2", /** Broadcast action: notify that a new local system update policy has been set by the device owner. The new policy can be retrieved by {@link #getSystemUpdatePolicy}(). */ ACTION_SYSTEM_UPDATE_POLICY_CHANGED : "android.app.action.SYSTEM_UPDATE_POLICY_CHANGED", /** Broadcast action to notify ManagedProvisioning that {@link UserManager#DISALLOW_SHARE_INTO_MANAGED_PROFILE} restriction has changed. @hide */ ACTION_DATA_SHARING_RESTRICTION_CHANGED : "android.app.action.DATA_SHARING_RESTRICTION_CHANGED", /** Broadcast action from ManagedProvisioning to notify that the latest change to {@link UserManager#DISALLOW_SHARE_INTO_MANAGED_PROFILE} restriction has been successfully applied (cross profile intent filters updated). Only usesd for CTS tests. @hide */ ACTION_DATA_SHARING_RESTRICTION_APPLIED : "android.app.action.DATA_SHARING_RESTRICTION_APPLIED", /** Permission policy to prompt user for new permission requests for runtime permissions. Already granted or denied permissions are not affected by this. */ PERMISSION_POLICY_PROMPT : "0", /** Permission policy to always grant new permission requests for runtime permissions. Already granted or denied permissions are not affected by this. */ PERMISSION_POLICY_AUTO_GRANT : "1", /** Permission policy to always deny new permission requests for runtime permissions. Already granted or denied permissions are not affected by this. */ PERMISSION_POLICY_AUTO_DENY : "2", /** Runtime permission state: The user can manage the permission through the UI. */ PERMISSION_GRANT_STATE_DEFAULT : "0", /** Runtime permission state: The permission is granted to the app and the user cannot manage the permission through the UI. */ PERMISSION_GRANT_STATE_GRANTED : "1", /** Runtime permission state: The permission is denied to the app and the user cannot manage the permission through the UI. */ PERMISSION_GRANT_STATE_DENIED : "2", /** Delegation of certificate installation and management. This scope grants access to the {@link #getInstalledCaCerts}, {@link #hasCaCertInstalled}, {@link #installCaCert}, {@link #uninstallCaCert}, {@link #uninstallAllUserCaCerts} and {@link #installKeyPair} APIs. */ DELEGATION_CERT_INSTALL : "delegation-cert-install", /** Delegation of application restrictions management. This scope grants access to the {@link #setApplicationRestrictions} and {@link #getApplicationRestrictions} APIs. */ DELEGATION_APP_RESTRICTIONS : "delegation-app-restrictions", /** Delegation of application uninstall block. This scope grants access to the {@link #setUninstallBlocked} API. */ DELEGATION_BLOCK_UNINSTALL : "delegation-block-uninstall", /** Delegation of permission policy and permission grant state. This scope grants access to the {@link #setPermissionPolicy}, {@link #getPermissionGrantState}, and {@link #setPermissionGrantState} APIs. */ DELEGATION_PERMISSION_GRANT : "delegation-permission-grant", /** Delegation of package access state. This scope grants access to the {@link #isApplicationHidden}, {@link #setApplicationHidden}, {@link #isPackageSuspended}, and {@link #setPackagesSuspended} APIs. */ DELEGATION_PACKAGE_ACCESS : "delegation-package-access", /** Delegation for enabling system apps. This scope grants access to the {@link #enableSystemApp} API. */ DELEGATION_ENABLE_SYSTEM_APP : "delegation-enable-system-app", /** Delegation for installing existing packages. This scope grants access to the {@link #installExistingPackage} API. */ DELEGATION_INSTALL_EXISTING_PACKAGE : "delegation-install-existing-package", /** Delegation of management of uninstalled packages. This scope grants access to the {@link #setKeepUninstalledPackages} and {@link #getKeepUninstalledPackages} APIs. */ DELEGATION_KEEP_UNINSTALLED_PACKAGES : "delegation-keep-uninstalled-packages", /** Grants access to {@link #setNetworkLoggingEnabled}, {@link #isNetworkLoggingEnabled} and {@link #retrieveNetworkLogs}. Once granted the delegated app will start receiving DelegatedAdminReceiver.onNetworkLogsAvailable() callback, and Device owner will no longer receive the DeviceAdminReceiver.onNetworkLogsAvailable() callback. There can be at most one app that has this delegation. If another app already had delegated network logging access, it will lose the delegation when a new app is delegated. <p> Can only be granted by Device Owner. */ DELEGATION_NETWORK_LOGGING : "delegation-network-logging", /** Grants access to selection of KeyChain certificates on behalf of requesting apps. Once granted the app will start receiving DelegatedAdminReceiver.onChoosePrivateKeyAlias. The caller (PO/DO) will no longer receive {@link android.app.admin.DeviceAdminReceiver#onChoosePrivateKeyAlias}. There can be at most one app that has this delegation. If another app already had delegated certificate selection access, it will lose the delegation when a new app is delegated. <p> Can be granted by Device Owner or Profile Owner. */ DELEGATION_CERT_SELECTION : "delegation-cert-selection", /** No management for current user in-effect. This is the default. @hide */ STATE_USER_UNMANAGED : "0", /** Management partially setup, user setup needs to be completed. @hide */ STATE_USER_SETUP_INCOMPLETE : "1", /** Management partially setup, user setup completed. @hide */ STATE_USER_SETUP_COMPLETE : "2", /** Management setup and active on current user. @hide */ STATE_USER_SETUP_FINALIZED : "3", /** Management partially setup on a managed profile. @hide */ STATE_USER_PROFILE_COMPLETE : "4", /** Result code for {@link #checkProvisioningPreCondition}. <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE}, {@link #ACTION_PROVISION_MANAGED_PROFILE}, {@link #ACTION_PROVISION_MANAGED_USER} and {@link #ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE} when provisioning is allowed. @hide */ CODE_OK : "0", /** Result code for {@link #checkProvisioningPreCondition}. <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE} and {@link #ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE} when the device already has a device owner. @hide */ CODE_HAS_DEVICE_OWNER : "1", /** Result code for {@link #checkProvisioningPreCondition}. <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE}, {@link #ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE} when the user has a profile owner and for {@link #ACTION_PROVISION_MANAGED_PROFILE} when the profile owner is already set. @hide */ CODE_USER_HAS_PROFILE_OWNER : "2", /** Result code for {@link #checkProvisioningPreCondition}. <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE} and {@link #ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE} when the user isn't running. @hide */ CODE_USER_NOT_RUNNING : "3", /** Result code for {@link #checkProvisioningPreCondition}. <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE}, {@link #ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE} if the device has already been setup and for {@link #ACTION_PROVISION_MANAGED_USER} if the user has already been setup. @hide */ CODE_USER_SETUP_COMPLETED : "4", /** Code used to indicate that the device also has a user other than the system user. @hide */ CODE_NONSYSTEM_USER_EXISTS : "5", /** Code used to indicate that device has an account that prevents provisioning. @hide */ CODE_ACCOUNTS_NOT_EMPTY : "6", /** Result code for {@link #checkProvisioningPreCondition}. <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE} and {@link #ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE} if the user is not a system user. @hide */ CODE_NOT_SYSTEM_USER : "7", /** Result code for {@link #checkProvisioningPreCondition}. <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE}, {@link #ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE} and {@link #ACTION_PROVISION_MANAGED_USER} when the device is a watch and is already paired. @hide */ CODE_HAS_PAIRED : "8", /** Result code for {@link #checkProvisioningPreCondition}. <p>Returned for {@link #ACTION_PROVISION_MANAGED_PROFILE} and {@link #ACTION_PROVISION_MANAGED_USER} on devices which do not support managed users. @see {@link PackageManager#FEATURE_MANAGED_USERS} @hide */ CODE_MANAGED_USERS_NOT_SUPPORTED : "9", /** Result code for {@link #checkProvisioningPreCondition}. <p>Returned for {@link #ACTION_PROVISION_MANAGED_USER} if the user is a system user. @hide */ CODE_SYSTEM_USER : "10", /** Result code for {@link #checkProvisioningPreCondition}. <p>Returned for {@link #ACTION_PROVISION_MANAGED_PROFILE} when the user cannot have more managed profiles. @hide */ CODE_CANNOT_ADD_MANAGED_PROFILE : "11", /** Result code for {@link #checkProvisioningPreCondition}. <p>Returned for {@link #ACTION_PROVISION_MANAGED_USER} and {@link #ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE} on devices not running with split system user. @hide */ CODE_NOT_SYSTEM_USER_SPLIT : "12", /** Result code for {@link #checkProvisioningPreCondition}. <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE}, {@link #ACTION_PROVISION_MANAGED_PROFILE}, {@link #ACTION_PROVISION_MANAGED_USER} and {@link #ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE} on devices which do no support device admins. @hide */ CODE_DEVICE_ADMIN_NOT_SUPPORTED : "13", /** Result code for {@link #checkProvisioningPreCondition}. <p>Returned for {@link #ACTION_PROVISION_MANAGED_PROFILE} when the device the user is a system user on a split system user device. @hide */ CODE_SPLIT_SYSTEM_USER_DEVICE_SYSTEM_USER : "14", /** Result code for {@link #checkProvisioningPreCondition}. <p>Returned for {@link #ACTION_PROVISION_MANAGED_PROFILE} when adding a managed profile is disallowed by {@link UserManager#DISALLOW_ADD_MANAGED_PROFILE}. @hide */ CODE_ADD_MANAGED_PROFILE_DISALLOWED : "15", /** Disable all configurable SystemUI features during LockTask mode. This includes, <ul> <li>system info area in the status bar (connectivity icons, clock, etc.) <li>notifications (including alerts, icons, and the notification shade) <li>Home button <li>Recents button and UI <li>global actions menu (i.e. power button menu) <li>keyguard </ul> @see #setLockTaskFeatures(ComponentName, int) */ LOCK_TASK_FEATURE_NONE : "0", /** Enable the system info area in the status bar during LockTask mode. The system info area usually occupies the right side of the status bar (although this can differ across OEMs). It includes all system information indicators, such as date and time, connectivity, battery, vibration mode, etc. @see #setLockTaskFeatures(ComponentName, int) */ LOCK_TASK_FEATURE_SYSTEM_INFO : "1", /** Enable notifications during LockTask mode. This includes notification icons on the status bar, heads-up notifications, and the expandable notification shade. Note that the Quick Settings panel remains disabled. This feature flag can only be used in combination with {@link #LOCK_TASK_FEATURE_HOME}. {@link #setLockTaskFeatures(ComponentName, int)} throws an {@link IllegalArgumentException} if this feature flag is defined without {@link #LOCK_TASK_FEATURE_HOME}. @see #setLockTaskFeatures(ComponentName, int) */ LOCK_TASK_FEATURE_NOTIFICATIONS : "2", /** Enable the Home button during LockTask mode. Note that if a custom launcher is used, it has to be registered as the default launcher with {@link #addPersistentPreferredActivity(ComponentName, IntentFilter, ComponentName)}, and its package needs to be whitelisted for LockTask with {@link #setLockTaskPackages(ComponentName, String[])}. @see #setLockTaskFeatures(ComponentName, int) */ LOCK_TASK_FEATURE_HOME : "4", /** Enable the Overview button and the Overview screen during LockTask mode. This feature flag can only be used in combination with {@link #LOCK_TASK_FEATURE_HOME}, and {@link #setLockTaskFeatures(ComponentName, int)} will throw an {@link IllegalArgumentException} if this feature flag is defined without {@link #LOCK_TASK_FEATURE_HOME}. @see #setLockTaskFeatures(ComponentName, int) */ LOCK_TASK_FEATURE_OVERVIEW : "8", /** Enable the global actions dialog during LockTask mode. This is the dialog that shows up when the user long-presses the power button, for example. Note that the user may not be able to power off the device if this flag is not set. <p>This flag is enabled by default until {@link #setLockTaskFeatures(ComponentName, int)} is called for the first time. @see #setLockTaskFeatures(ComponentName, int) */ LOCK_TASK_FEATURE_GLOBAL_ACTIONS : "16", /** Enable the keyguard during LockTask mode. Note that if the keyguard is already disabled with {@link #setKeyguardDisabled(ComponentName, boolean)}, setting this flag will have no effect. If this flag is not set, the keyguard will not be shown even if the user has a lock screen credential. @see #setLockTaskFeatures(ComponentName, int) */ LOCK_TASK_FEATURE_KEYGUARD : "32", /** Service action: Action for a service that device owner and profile owner can optionally own. If a device owner or a profile owner has such a service, the system tries to keep a bound connection to it, in order to keep their process always running. The service must be protected with the {@link android.Manifest.permission#BIND_DEVICE_ADMIN} permission. */ ACTION_DEVICE_ADMIN_SERVICE : "android.app.action.DEVICE_ADMIN_SERVICE", /** Specifies that the device should attest its manufacturer details. For use with {@link #generateKeyPair}. @see #generateKeyPair */ ID_TYPE_BASE_INFO : "1", /** Specifies that the device should attest its serial number. For use with {@link #generateKeyPair}. @see #generateKeyPair */ ID_TYPE_SERIAL : "2", /** Specifies that the device should attest its IMEI. For use with {@link #generateKeyPair}. @see #generateKeyPair */ ID_TYPE_IMEI : "4", /** Specifies that the device should attest its MEID. For use with {@link #generateKeyPair}. @see #generateKeyPair */ ID_TYPE_MEID : "8", /** Service-specific error code for {@link #generateKeyPair}: Indicates the call has failed due to StrongBox unavailability. @hide */ KEY_GEN_STRONGBOX_UNAVAILABLE : "1", /** Specifies that the calling app should be granted access to the installed credentials immediately. Otherwise, access to the credentials will be gated by user approval. For use with {@link #installKeyPair(ComponentName, PrivateKey, Certificate[], String, int)} @see #installKeyPair(ComponentName, PrivateKey, Certificate[], String, int) */ INSTALLKEY_REQUEST_CREDENTIALS_ACCESS : "1", /** Specifies that a user can select the key via the Certificate Selection prompt. If this flag is not set when calling {@link #installKeyPair}, the key can only be granted access by implementing {@link android.app.admin.DeviceAdminReceiver#onChoosePrivateKeyAlias}. For use with {@link #installKeyPair(ComponentName, PrivateKey, Certificate[], String, int)} @see #installKeyPair(ComponentName, PrivateKey, Certificate[], String, int) */ INSTALLKEY_SET_USER_SELECTABLE : "2", /** Broadcast action: sent when the profile owner is set, changed or cleared. This broadcast is sent only to the user managed by the new profile owner. @see DevicePolicyManager#transferOwnership(ComponentName, ComponentName, PersistableBundle) */ ACTION_PROFILE_OWNER_CHANGED : "android.app.action.PROFILE_OWNER_CHANGED", /** Specifies that the Private DNS setting is in an unknown state. */ PRIVATE_DNS_MODE_UNKNOWN : "0", /** Specifies that Private DNS was turned off completely. */ PRIVATE_DNS_MODE_OFF : "1", /** Specifies that the device owner requested opportunistic DNS over TLS */ PRIVATE_DNS_MODE_OPPORTUNISTIC : "2", /** Specifies that the device owner configured a specific host to use for Private DNS. */ PRIVATE_DNS_MODE_PROVIDER_HOSTNAME : "3", /** The selected mode has been set successfully. If the mode is {@code PRIVATE_DNS_MODE_PROVIDER_HOSTNAME} then it implies the supplied host is valid and reachable. */ PRIVATE_DNS_SET_NO_ERROR : "0", /** If the {@code privateDnsHost} provided was of a valid hostname but that host was found to not support DNS-over-TLS. */ PRIVATE_DNS_SET_ERROR_HOST_NOT_SERVING : "1", /** General failure to set the Private DNS mode, not due to one of the reasons listed above. */ PRIVATE_DNS_SET_ERROR_FAILURE_SETTING : "2", /** Activity action: Starts the administrator to get the mode for the provisioning. This intent may contain the following extras: <ul> <li>{@link #EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE}</li> <li>{@link #EXTRA_PROVISIONING_IMEI}</li> <li>{@link #EXTRA_PROVISIONING_SERIAL_NUMBER}</li> </ul> <p>The target activity should return one of the following values in {@link #EXTRA_PROVISIONING_MODE} as result: <ul> <li>{@link #PROVISIONING_MODE_FULLY_MANAGED_DEVICE}</li> <li>{@link #PROVISIONING_MODE_MANAGED_PROFILE}</li> </ul> <p>If performing fully-managed device provisioning and the admin app desires to show its own education screens, the target activity can additionally return {@link #EXTRA_PROVISIONING_SKIP_EDUCATION_SCREENS} set to <code>true</code>. <p>The target activity may also return the account that needs to be migrated from primary user to managed profile in case of a profile owner provisioning in {@link #EXTRA_PROVISIONING_ACCOUNT_TO_MIGRATE} as result. */ ACTION_GET_PROVISIONING_MODE : "android.app.action.GET_PROVISIONING_MODE", /** A string extra holding the IMEI (International Mobile Equipment Identity) of the device. */ EXTRA_PROVISIONING_IMEI : "android.app.extra.PROVISIONING_IMEI", /** A string extra holding the serial number of the device. */ EXTRA_PROVISIONING_SERIAL_NUMBER : "android.app.extra.PROVISIONING_SERIAL_NUMBER", /** An intent extra holding the provisioning mode returned by the administrator. The value for this extra should be one of the following: <ul> <li>{@link #PROVISIONING_MODE_FULLY_MANAGED_DEVICE}</li> <li>{@link #PROVISIONING_MODE_MANAGED_PROFILE}</li> </ul> */ EXTRA_PROVISIONING_MODE : "android.app.extra.PROVISIONING_MODE", /** The provisioning mode for fully managed device. */ PROVISIONING_MODE_FULLY_MANAGED_DEVICE : "1", /** The provisioning mode for managed profile. */ PROVISIONING_MODE_MANAGED_PROFILE : "2", /** Activity action: Starts the administrator to show policy compliance for the provisioning. */ ACTION_ADMIN_POLICY_COMPLIANCE : "android.app.action.ADMIN_POLICY_COMPLIANCE", /** Constant for {@link #setPasswordQuality}: the policy has no requirements for the password. Note that quality constants are ordered so that higher values are more restrictive. */ PASSWORD_QUALITY_UNSPECIFIED : "0", /** Constant for {@link #setPasswordQuality}: the policy allows for low-security biometric recognition technology. This implies technologies that can recognize the identity of an individual to about a 3 digit PIN (false detection is less than 1 in 1,000). Note that quality constants are ordered so that higher values are more restrictive. */ PASSWORD_QUALITY_BIOMETRIC_WEAK : "32768", /** Constant for {@link #setPasswordQuality}: the policy requires some kind of password or pattern, but doesn't care what it is. Note that quality constants are ordered so that higher values are more restrictive. */ PASSWORD_QUALITY_SOMETHING : "65536", /** Constant for {@link #setPasswordQuality}: the user must have entered a password containing at least numeric characters. Note that quality constants are ordered so that higher values are more restrictive. */ PASSWORD_QUALITY_NUMERIC : "131072", /** Constant for {@link #setPasswordQuality}: the user must have entered a password containing at least numeric characters with no repeating (4444) or ordered (1234, 4321, 2468) sequences. Note that quality constants are ordered so that higher values are more restrictive. */ PASSWORD_QUALITY_NUMERIC_COMPLEX : "196608", /** Constant for {@link #setPasswordQuality}: the user must have entered a password containing at least alphabetic (or other symbol) characters. Note that quality constants are ordered so that higher values are more restrictive. */ PASSWORD_QUALITY_ALPHABETIC : "262144", /** Constant for {@link #setPasswordQuality}: the user must have entered a password containing at least <em>both></em> numeric <em>and</em> alphabetic (or other symbol) characters. Note that quality constants are ordered so that higher values are more restrictive. */ PASSWORD_QUALITY_ALPHANUMERIC : "327680", /** Constant for {@link #setPasswordQuality}: the user must have entered a password containing at least a letter, a numerical digit and a special symbol, by default. With this password quality, passwords can be restricted to contain various sets of characters, like at least an uppercase letter, etc. These are specified using various methods, like {@link #setPasswordMinimumLowerCase(ComponentName, int)}. Note that quality constants are ordered so that higher values are more restrictive. */ PASSWORD_QUALITY_COMPLEX : "393216", /** Constant for {@link #setPasswordQuality}: the user is not allowed to modify password. In case this password quality is set, the password is managed by a profile owner. The profile owner can set any password, as if {@link #PASSWORD_QUALITY_UNSPECIFIED} is used. Note that quality constants are ordered so that higher values are more restrictive. The value of {@link #PASSWORD_QUALITY_MANAGED} is the highest. @hide */ PASSWORD_QUALITY_MANAGED : "524288", /** @hide adb shell dpm set-{device,profile}-owner will normally not allow installing an owner to a user with accounts. {@link #ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_ALLOWED} and {@link #ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_DISALLOWED} are the account features used by authenticator to exempt their accounts from this: <ul> <li>Non-test-only DO/PO still can't be installed when there are accounts. <p>In order to make an apk test-only, add android:testOnly="true" to the <application> tag in the manifest. <li>Test-only DO/PO can be installed even when there are accounts, as long as all the accounts have the {@link #ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_ALLOWED} feature. Some authenticators claim to have any features, so to detect it, we also check {@link #ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_DISALLOWED} and disallow installing if any of the accounts have it. </ul> */ ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_ALLOWED : "android.account.DEVICE_OR_PROFILE_OWNER_ALLOWED", /**@hide See {@link #ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_ALLOWED} */ ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_DISALLOWED : "android.account.DEVICE_OR_PROFILE_OWNER_DISALLOWED", /** Flag for {@link #resetPasswordWithToken} and {@link #resetPassword}: don't allow other admins to change the password again until the user has entered it. */ RESET_PASSWORD_REQUIRE_ENTRY : "1", /** Flag for {@link #resetPasswordWithToken} and {@link #resetPassword}: don't ask for user credentials on device boot. If the flag is set, the device can be booted without asking for user password. The absence of this flag does not change the current boot requirements. This flag can be set by the device owner only. If the app is not the device owner, the flag is ignored. Once the flag is set, it cannot be reverted back without resetting the device to factory defaults. */ RESET_PASSWORD_DO_NOT_ASK_CREDENTIALS_ON_BOOT : "2", /** Flag for {@link #lockNow}(int): also evict the user's credential encryption key from the keyring. The user's credential will need to be entered again in order to derive the credential encryption key that will be stored back in the keyring for future use. <p> This flag can only be used by a profile owner when locking a managed profile when {@link #getStorageEncryptionStatus} returns {@link #ENCRYPTION_STATUS_ACTIVE_PER_USER}. <p> In order to secure user data, the user will be stopped and restarted so apps should wait until they are next run to perform further actions. */ FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY : "1", /** Flag for {@link #wipeData}(int): also erase the device's external storage (such as SD cards). */ WIPE_EXTERNAL_STORAGE : "1", /** Flag for {@link #wipeData}(int): also erase the factory reset protection data. <p>This flag may only be set by device owner admins; if it is set by other admins a {@link SecurityException} will be thrown. */ WIPE_RESET_PROTECTION_DATA : "2", /** Flag for {@link #wipeData}(int): also erase the device's eUICC data. */ WIPE_EUICC : "4", /** Flag for {@link #wipeData}(int): won't show reason for wiping to the user. */ WIPE_SILENTLY : "8", /** Result code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}: indicating that encryption is not supported. */ ENCRYPTION_STATUS_UNSUPPORTED : "0", /** Result code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}: indicating that encryption is supported, but is not currently active. */ ENCRYPTION_STATUS_INACTIVE : "1", /** Result code for {@link #getStorageEncryptionStatus}: indicating that encryption is not currently active, but is currently being activated. This is only reported by devices that support encryption of data and only when the storage is currently undergoing a process of becoming encrypted. A device that must reboot and/or wipe data to become encrypted will never return this value. */ ENCRYPTION_STATUS_ACTIVATING : "2", /** Result code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}: indicating that encryption is active. <p> Also see {@link #ENCRYPTION_STATUS_ACTIVE_PER_USER}. */ ENCRYPTION_STATUS_ACTIVE : "3", /** Result code for {@link #getStorageEncryptionStatus}: indicating that encryption is active, but an encryption key has not been set by the user. */ ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY : "4", /** Result code for {@link #getStorageEncryptionStatus}: indicating that encryption is active and the encryption key is tied to the user or profile. <p> This value is only returned to apps targeting API level 24 and above. For apps targeting earlier API levels, {@link #ENCRYPTION_STATUS_ACTIVE} is returned, even if the encryption key is specific to the user or profile. */ ENCRYPTION_STATUS_ACTIVE_PER_USER : "5", /** Activity action: begin the process of encrypting data on the device. This activity should be launched after using {@link #setStorageEncryption} to request encryption be activated. After resuming from this activity, use {@link #getStorageEncryption} to check encryption status. However, on some devices this activity may never return, as it may trigger a reboot and in some cases a complete data wipe of the device. */ ACTION_START_ENCRYPTION : "android.app.action.START_ENCRYPTION", /** Broadcast action: notify managed provisioning that new managed user is created. @hide */ ACTION_MANAGED_USER_CREATED : "android.app.action.MANAGED_USER_CREATED", /** Widgets are enabled in keyguard */ KEYGUARD_DISABLE_FEATURES_NONE : "0", /** Disable all keyguard widgets. Has no effect starting from {@link android.os.Build.VERSION_CODES#LOLLIPOP} since keyguard widget is only supported on Android versions lower than 5.0. */ KEYGUARD_DISABLE_WIDGETS_ALL : "1", /** Disable the camera on secure keyguard screens (e.g. PIN/Pattern/Password) */ KEYGUARD_DISABLE_SECURE_CAMERA : "2", /** Disable showing all notifications on secure keyguard screens (e.g. PIN/Pattern/Password) */ KEYGUARD_DISABLE_SECURE_NOTIFICATIONS : "4", /** Only allow redacted notifications on secure keyguard screens (e.g. PIN/Pattern/Password) */ KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS : "8", /** Disable trust agents on secure keyguard screens (e.g. PIN/Pattern/Password). By setting this flag alone, all trust agents are disabled. If the admin then wants to whitelist specific features of some trust agent, {@link #setTrustAgentConfiguration} can be used in conjuction to set trust-agent-specific configurations. */ KEYGUARD_DISABLE_TRUST_AGENTS : "16", /** Disable fingerprint authentication on keyguard secure screens (e.g. PIN/Pattern/Password). */ KEYGUARD_DISABLE_FINGERPRINT : "32", /** Disable text entry into notifications on secure keyguard screens (e.g. PIN/Pattern/Password). This flag has no effect starting from version {@link android.os.Build.VERSION_CODES#N} */ KEYGUARD_DISABLE_REMOTE_INPUT : "64", /** Disable face authentication on keyguard secure screens (e.g. PIN/Pattern/Password). */ KEYGUARD_DISABLE_FACE : "128", /** Disable iris authentication on keyguard secure screens (e.g. PIN/Pattern/Password). */ KEYGUARD_DISABLE_IRIS : "256", /** Disable all biometric authentication on keyguard secure screens (e.g. PIN/Pattern/Password). */ KEYGUARD_DISABLE_BIOMETRICS : "416", /** Disable all current and future keyguard customizations. */ KEYGUARD_DISABLE_FEATURES_ALL : "2147483647", /** Keyguard features that when set on a managed profile that doesn't have its own challenge will affect the profile's parent user. These can also be set on the managed profile's parent {@link android.app.admin.DevicePolicyManager} instance. @hide */ PROFILE_KEYGUARD_FEATURES_AFFECT_OWNER : "432", /** Service-specific error code used in implementation of {@code setAlwaysOnVpnPackage} methods. @hide */ ERROR_VPN_PACKAGE_NOT_FOUND : "1", /** Flag used by {@link #createAndManageUser} to skip setup wizard after creating a new user. */ SKIP_SETUP_WIZARD : "1", /** Flag used by {@link #createAndManageUser} to specify that the user should be created ephemeral. Ephemeral users will be removed after switching to another user or rebooting the device. */ MAKE_USER_EPHEMERAL : "2", /** Flag used by {@link #createAndManageUser} to specify that the user should be created as a demo user. @hide */ MAKE_USER_DEMO : "4", /** Flag used by {@link #createAndManageUser} to specify that the newly created user should skip the disabling of system apps during provisioning. */ LEAVE_ALL_SYSTEM_APPS_ENABLED : "16", /**Return true if the given administrator component is currently active (enabled) in the system. @param {Object {ComponentName}} admin The administrator component to check for. @return {Boolean} {@code true} if {@code admin} is currently enabled in the system, {@code false} otherwise */ isAdminActive : function( ) {}, /** @see #isAdminActive(ComponentName) @hide */ isAdminActiveAsUser : function( ) {}, /**Return true if the given administrator component is currently being removed for the user. @hide */ isRemovingAdmin : function( ) {}, /**Return a list of all currently active device administrators' component names. If there are no administrators {@code null} may be returned. */ getActiveAdmins : function( ) {}, /** @see #getActiveAdmins() @hide */ getActiveAdminsAsUser : function( ) {}, /**Used by package administration code to determine if a package can be stopped or uninstalled. @hide */ packageHasActiveAdmins : function( ) {}, /**Used by package administration code to determine if a package can be stopped or uninstalled. @hide */ packageHasActiveAdmins : function( ) {}, /**Remove a current administration component. This can only be called by the application that owns the administration component; if you try to remove someone else's component, a security exception will be thrown. <p>Note that the operation is not synchronous and the admin might still be active (as indicated by {@link #getActiveAdmins}()) by the time this method returns. @param {Object {ComponentName}} admin The administration compononent to remove. @throws SecurityException if the caller is not in the owner application of {@code admin}. */ removeActiveAdmin : function( ) {}, /**Returns true if an administrator has been granted a particular device policy. This can be used to check whether the administrator was activated under an earlier set of policies, but requires additional policies after an upgrade. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. Must be an active administrator, or an exception will be thrown. @param {Number} usesPolicy Which uses-policy to check, as defined in {@link DeviceAdminInfo}. @throws SecurityException if {@code admin} is not an active administrator. */ hasGrantedPolicy : function( ) {}, /**Returns true if the Profile Challenge is available to use for the given profile user. @hide */ isSeparateProfileChallengeAllowed : function( ) {}, /**Called by an application that is administering the device to set the password restrictions it is imposing. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use {@link #ACTION_SET_NEW_PASSWORD} or {@link #ACTION_SET_NEW_PARENT_PROFILE_PASSWORD} after calling this method. <p> Quality constants are ordered so that higher values are more restrictive; thus the highest requested quality constant (between the policy set here, the user's preference, and any other considerations) is the one that is in effect. <p> On devices not supporting {@link PackageManager#FEATURE_SECURE_LOCK_SCREEN} feature, the password is always treated as empty. <p> The calling device admin must have requested {@link android.app.admin.DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call this method; if it has not, a security exception will be thrown. <p> This method can be called on the {@link android.app.admin.DevicePolicyManager} instance returned by {@link #getParentProfileInstance}(ComponentName) in order to set restrictions on the parent profile. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Number} quality The new desired quality. One of {@link #PASSWORD_QUALITY_UNSPECIFIED}, {@link #PASSWORD_QUALITY_SOMETHING}, {@link #PASSWORD_QUALITY_NUMERIC}, {@link #PASSWORD_QUALITY_NUMERIC_COMPLEX}, {@link #PASSWORD_QUALITY_ALPHABETIC}, {@link #PASSWORD_QUALITY_ALPHANUMERIC} or {@link #PASSWORD_QUALITY_COMPLEX}. @throws SecurityException if {@code admin} is not an active administrator or if {@code admin} does not use {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} */ setPasswordQuality : function( ) {}, /**Retrieve the current minimum password quality for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. <p>This method can be called on the {@link android.app.admin.DevicePolicyManager} instance returned by {@link #getParentProfileInstance}(ComponentName) in order to retrieve restrictions on the parent profile. <p>Note: on devices not supporting {@link PackageManager#FEATURE_SECURE_LOCK_SCREEN} feature, the password is always treated as empty. @param {Object {ComponentName}} admin The name of the admin component to check, or {@code null} to aggregate all admins. */ getPasswordQuality : function( ) {}, /** @hide per-user version */ getPasswordQuality : function( ) {}, /**Called by an application that is administering the device to set the minimum allowed password length. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use {@link #ACTION_SET_NEW_PASSWORD} or {@link #ACTION_SET_NEW_PARENT_PROFILE_PASSWORD} after setting this value. This constraint is only imposed if the administrator has also requested either {@link #PASSWORD_QUALITY_NUMERIC} , {@link #PASSWORD_QUALITY_NUMERIC_COMPLEX}, {@link #PASSWORD_QUALITY_ALPHABETIC}, {@link #PASSWORD_QUALITY_ALPHANUMERIC}, or {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. <p> On devices not supporting {@link PackageManager#FEATURE_SECURE_LOCK_SCREEN} feature, the password is always treated as empty. <p> The calling device admin must have requested {@link android.app.admin.DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call this method; if it has not, a security exception will be thrown. <p> This method can be called on the {@link android.app.admin.DevicePolicyManager} instance returned by {@link #getParentProfileInstance}(ComponentName) in order to set restrictions on the parent profile. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Number} length The new desired minimum password length. A value of 0 means there is no restriction. @throws SecurityException if {@code admin} is not an active administrator or {@code admin} does not use {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} */ setPasswordMinimumLength : function( ) {}, /**Retrieve the current minimum password length for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. <p>On devices not supporting {@link PackageManager#FEATURE_SECURE_LOCK_SCREEN} feature, the password is always treated as empty. <p>This method can be called on the {@link android.app.admin.DevicePolicyManager} instance returned by {@link #getParentProfileInstance}(ComponentName) in order to retrieve restrictions on the parent profile. @param {Object {ComponentName}} admin The name of the admin component to check, or {@code null} to aggregate all admins. */ getPasswordMinimumLength : function( ) {}, /** @hide per-user version */ getPasswordMinimumLength : function( ) {}, /**Called by an application that is administering the device to set the minimum number of upper case letters required in the password. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use {@link #ACTION_SET_NEW_PASSWORD} or {@link #ACTION_SET_NEW_PARENT_PROFILE_PASSWORD} after setting this value. This constraint is only imposed if the administrator has also requested {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The default value is 0. <p> On devices not supporting {@link PackageManager#FEATURE_SECURE_LOCK_SCREEN} feature, the password is always treated as empty. <p> The calling device admin must have requested {@link android.app.admin.DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call this method; if it has not, a security exception will be thrown. <p> This method can be called on the {@link android.app.admin.DevicePolicyManager} instance returned by {@link #getParentProfileInstance}(ComponentName) in order to set restrictions on the parent profile. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Number} length The new desired minimum number of upper case letters required in the password. A value of 0 means there is no restriction. @throws SecurityException if {@code admin} is not an active administrator or {@code admin} does not use {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} */ setPasswordMinimumUpperCase : function( ) {}, /**Retrieve the current number of upper case letters required in the password for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. This is the same value as set by {@link #setPasswordMinimumUpperCase(ComponentName, int)} and only applies when the password quality is {@link #PASSWORD_QUALITY_COMPLEX}. <p>On devices not supporting {@link PackageManager#FEATURE_SECURE_LOCK_SCREEN} feature, the password is always treated as empty. <p>This method can be called on the {@link android.app.admin.DevicePolicyManager} instance returned by {@link #getParentProfileInstance}(ComponentName) in order to retrieve restrictions on the parent profile. @param {Object {ComponentName}} admin The name of the admin component to check, or {@code null} to aggregate all admins. @return {Number} The minimum number of upper case letters required in the password. */ getPasswordMinimumUpperCase : function( ) {}, /** @hide per-user version */ getPasswordMinimumUpperCase : function( ) {}, /**Called by an application that is administering the device to set the minimum number of lower case letters required in the password. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use {@link #ACTION_SET_NEW_PASSWORD} or {@link #ACTION_SET_NEW_PARENT_PROFILE_PASSWORD} after setting this value. This constraint is only imposed if the administrator has also requested {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The default value is 0. <p> On devices not supporting {@link PackageManager#FEATURE_SECURE_LOCK_SCREEN} feature, the password is always treated as empty. <p> The calling device admin must have requested {@link android.app.admin.DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call this method; if it has not, a security exception will be thrown. <p> This method can be called on the {@link android.app.admin.DevicePolicyManager} instance returned by {@link #getParentProfileInstance}(ComponentName) in order to set restrictions on the parent profile. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Number} length The new desired minimum number of lower case letters required in the password. A value of 0 means there is no restriction. @throws SecurityException if {@code admin} is not an active administrator or {@code admin} does not use {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} */ setPasswordMinimumLowerCase : function( ) {}, /**Retrieve the current number of lower case letters required in the password for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. This is the same value as set by {@link #setPasswordMinimumLowerCase(ComponentName, int)} and only applies when the password quality is {@link #PASSWORD_QUALITY_COMPLEX}. <p>On devices not supporting {@link PackageManager#FEATURE_SECURE_LOCK_SCREEN} feature, the password is always treated as empty. <p>This method can be called on the {@link android.app.admin.DevicePolicyManager} instance returned by {@link #getParentProfileInstance}(ComponentName) in order to retrieve restrictions on the parent profile. @param {Object {ComponentName}} admin The name of the admin component to check, or {@code null} to aggregate all admins. @return {Number} The minimum number of lower case letters required in the password. */ getPasswordMinimumLowerCase : function( ) {}, /** @hide per-user version */ getPasswordMinimumLowerCase : function( ) {}, /**Called by an application that is administering the device to set the minimum number of letters required in the password. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use {@link #ACTION_SET_NEW_PASSWORD} or {@link #ACTION_SET_NEW_PARENT_PROFILE_PASSWORD} after setting this value. This constraint is only imposed if the administrator has also requested {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The default value is 1. <p> On devices not supporting {@link PackageManager#FEATURE_SECURE_LOCK_SCREEN} feature, the password is always treated as empty. <p> The calling device admin must have requested {@link android.app.admin.DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call this method; if it has not, a security exception will be thrown. <p> This method can be called on the {@link android.app.admin.DevicePolicyManager} instance returned by {@link #getParentProfileInstance}(ComponentName) in order to set restrictions on the parent profile. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Number} length The new desired minimum number of letters required in the password. A value of 0 means there is no restriction. @throws SecurityException if {@code admin} is not an active administrator or {@code admin} does not use {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} */ setPasswordMinimumLetters : function( ) {}, /**Retrieve the current number of letters required in the password for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. This is the same value as set by {@link #setPasswordMinimumLetters(ComponentName, int)} and only applies when the password quality is {@link #PASSWORD_QUALITY_COMPLEX}. <p>On devices not supporting {@link PackageManager#FEATURE_SECURE_LOCK_SCREEN} feature, the password is always treated as empty. <p>This method can be called on the {@link android.app.admin.DevicePolicyManager} instance returned by {@link #getParentProfileInstance}(ComponentName) in order to retrieve restrictions on the parent profile. @param {Object {ComponentName}} admin The name of the admin component to check, or {@code null} to aggregate all admins. @return {Number} The minimum number of letters required in the password. */ getPasswordMinimumLetters : function( ) {}, /** @hide per-user version */ getPasswordMinimumLetters : function( ) {}, /**Called by an application that is administering the device to set the minimum number of numerical digits required in the password. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use {@link #ACTION_SET_NEW_PASSWORD} or {@link #ACTION_SET_NEW_PARENT_PROFILE_PASSWORD} after setting this value. This constraint is only imposed if the administrator has also requested {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The default value is 1. <p> On devices not supporting {@link PackageManager#FEATURE_SECURE_LOCK_SCREEN} feature, the password is always treated as empty. <p> The calling device admin must have requested {@link android.app.admin.DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call this method; if it has not, a security exception will be thrown. <p> This method can be called on the {@link android.app.admin.DevicePolicyManager} instance returned by {@link #getParentProfileInstance}(ComponentName) in order to set restrictions on the parent profile. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Number} length The new desired minimum number of numerical digits required in the password. A value of 0 means there is no restriction. @throws SecurityException if {@code admin} is not an active administrator or {@code admin} does not use {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} */ setPasswordMinimumNumeric : function( ) {}, /**Retrieve the current number of numerical digits required in the password for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. This is the same value as set by {@link #setPasswordMinimumNumeric(ComponentName, int)} and only applies when the password quality is {@link #PASSWORD_QUALITY_COMPLEX}. <p>On devices not supporting {@link PackageManager#FEATURE_SECURE_LOCK_SCREEN} feature, the password is always treated as empty. <p>This method can be called on the {@link android.app.admin.DevicePolicyManager} instance returned by {@link #getParentProfileInstance}(ComponentName) in order to retrieve restrictions on the parent profile. @param {Object {ComponentName}} admin The name of the admin component to check, or {@code null} to aggregate all admins. @return {Number} The minimum number of numerical digits required in the password. */ getPasswordMinimumNumeric : function( ) {}, /** @hide per-user version */ getPasswordMinimumNumeric : function( ) {}, /**Called by an application that is administering the device to set the minimum number of symbols required in the password. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use {@link #ACTION_SET_NEW_PASSWORD} or {@link #ACTION_SET_NEW_PARENT_PROFILE_PASSWORD} after setting this value. This constraint is only imposed if the administrator has also requested {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The default value is 1. <p> On devices not supporting {@link PackageManager#FEATURE_SECURE_LOCK_SCREEN} feature, the password is always treated as empty. <p> The calling device admin must have requested {@link android.app.admin.DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call this method; if it has not, a security exception will be thrown. <p> This method can be called on the {@link android.app.admin.DevicePolicyManager} instance returned by {@link #getParentProfileInstance}(ComponentName) in order to set restrictions on the parent profile. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Number} length The new desired minimum number of symbols required in the password. A value of 0 means there is no restriction. @throws SecurityException if {@code admin} is not an active administrator or {@code admin} does not use {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} */ setPasswordMinimumSymbols : function( ) {}, /**Retrieve the current number of symbols required in the password for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. This is the same value as set by {@link #setPasswordMinimumSymbols(ComponentName, int)} and only applies when the password quality is {@link #PASSWORD_QUALITY_COMPLEX}. <p>On devices not supporting {@link PackageManager#FEATURE_SECURE_LOCK_SCREEN} feature, the password is always treated as empty. <p>This method can be called on the {@link android.app.admin.DevicePolicyManager} instance returned by {@link #getParentProfileInstance}(ComponentName) in order to retrieve restrictions on the parent profile. @param {Object {ComponentName}} admin The name of the admin component to check, or {@code null} to aggregate all admins. @return {Number} The minimum number of symbols required in the password. */ getPasswordMinimumSymbols : function( ) {}, /** @hide per-user version */ getPasswordMinimumSymbols : function( ) {}, /**Called by an application that is administering the device to set the minimum number of non-letter characters (numerical digits or symbols) required in the password. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use {@link #ACTION_SET_NEW_PASSWORD} or {@link #ACTION_SET_NEW_PARENT_PROFILE_PASSWORD} after setting this value. This constraint is only imposed if the administrator has also requested {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The default value is 0. <p> On devices not supporting {@link PackageManager#FEATURE_SECURE_LOCK_SCREEN} feature, the password is always treated as empty. <p> The calling device admin must have requested {@link android.app.admin.DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call this method; if it has not, a security exception will be thrown. <p> This method can be called on the {@link android.app.admin.DevicePolicyManager} instance returned by {@link #getParentProfileInstance}(ComponentName) in order to set restrictions on the parent profile. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Number} length The new desired minimum number of letters required in the password. A value of 0 means there is no restriction. @throws SecurityException if {@code admin} is not an active administrator or {@code admin} does not use {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} */ setPasswordMinimumNonLetter : function( ) {}, /**Retrieve the current number of non-letter characters required in the password for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. This is the same value as set by {@link #setPasswordMinimumNonLetter(ComponentName, int)} and only applies when the password quality is {@link #PASSWORD_QUALITY_COMPLEX}. <p>On devices not supporting {@link PackageManager#FEATURE_SECURE_LOCK_SCREEN} feature, the password is always treated as empty. <p>This method can be called on the {@link android.app.admin.DevicePolicyManager} instance returned by {@link #getParentProfileInstance}(ComponentName) in order to retrieve restrictions on the parent profile. @param {Object {ComponentName}} admin The name of the admin component to check, or {@code null} to aggregate all admins. @return {Number} The minimum number of letters required in the password. */ getPasswordMinimumNonLetter : function( ) {}, /** @hide per-user version */ getPasswordMinimumNonLetter : function( ) {}, /**Called by an application that is administering the device to set the length of the password history. After setting this, the user will not be able to enter a new password that is the same as any password in the history. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use {@link #ACTION_SET_NEW_PASSWORD} or {@link #ACTION_SET_NEW_PARENT_PROFILE_PASSWORD} after setting this value. This constraint is only imposed if the administrator has also requested either {@link #PASSWORD_QUALITY_NUMERIC} , {@link #PASSWORD_QUALITY_NUMERIC_COMPLEX} {@link #PASSWORD_QUALITY_ALPHABETIC}, or {@link #PASSWORD_QUALITY_ALPHANUMERIC} with {@link #setPasswordQuality}. <p> On devices not supporting {@link PackageManager#FEATURE_SECURE_LOCK_SCREEN} feature, the password history length is always 0. <p> The calling device admin must have requested {@link android.app.admin.DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call this method; if it has not, a security exception will be thrown. <p> This method can be called on the {@link android.app.admin.DevicePolicyManager} instance returned by {@link #getParentProfileInstance}(ComponentName) in order to set restrictions on the parent profile. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Number} length The new desired length of password history. A value of 0 means there is no restriction. @throws SecurityException if {@code admin} is not an active administrator or {@code admin} does not use {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} */ setPasswordHistoryLength : function( ) {}, /**Called by a device admin to set the password expiration timeout. Calling this method will restart the countdown for password expiration for the given admin, as will changing the device password (for all admins). <p> The provided timeout is the time delta in ms and will be added to the current time. For example, to have the password expire 5 days from now, timeout would be 5 * 86400 * 1000 = 432000000 ms for timeout. <p> To disable password expiration, a value of 0 may be used for timeout. <p> On devices not supporting {@link PackageManager#FEATURE_SECURE_LOCK_SCREEN} feature, the password expiration is always disabled. <p> The calling device admin must have requested {@link android.app.admin.DeviceAdminInfo#USES_POLICY_EXPIRE_PASSWORD} to be able to call this method; if it has not, a security exception will be thrown. <p> Note that setting the password will automatically reset the expiration time for all active admins. Active admins do not need to explicitly call this method in that case. <p> This method can be called on the {@link android.app.admin.DevicePolicyManager} instance returned by {@link #getParentProfileInstance}(ComponentName) in order to set restrictions on the parent profile. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Number} timeout The limit (in ms) that a password can remain in effect. A value of 0 means there is no restriction (unlimited). @throws SecurityException if {@code admin} is not an active administrator or {@code admin} does not use {@link DeviceAdminInfo#USES_POLICY_EXPIRE_PASSWORD} */ setPasswordExpirationTimeout : function( ) {}, /**Get the password expiration timeout for the given admin. The expiration timeout is the recurring expiration timeout provided in the call to {@link #setPasswordExpirationTimeout(ComponentName, long)} for the given admin or the aggregate of all participating policy administrators if {@code admin} is null. Admins that have set restrictions on profiles that have a separate challenge are not taken into account. <p>This method can be called on the {@link android.app.admin.DevicePolicyManager} instance returned by {@link #getParentProfileInstance}(ComponentName) in order to retrieve restrictions on the parent profile. <p>On devices not supporting {@link PackageManager#FEATURE_SECURE_LOCK_SCREEN} feature, the password expiration is always disabled and this method always returns 0. @param {Object {ComponentName}} admin The name of the admin component to check, or {@code null} to aggregate all admins. @return {Number} The timeout for the given admin or the minimum of all timeouts */ getPasswordExpirationTimeout : function( ) {}, /**Get the current password expiration time for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. If admin is {@code null}, then a composite of all expiration times is returned - which will be the minimum of all of them. <p>This method can be called on the {@link android.app.admin.DevicePolicyManager} instance returned by {@link #getParentProfileInstance}(ComponentName) in order to retrieve the password expiration for the parent profile. <p>On devices not supporting {@link PackageManager#FEATURE_SECURE_LOCK_SCREEN} feature, the password expiration is always disabled and this method always returns 0. @param {Object {ComponentName}} admin The name of the admin component to check, or {@code null} to aggregate all admins. @return {Number} The password expiration time, in milliseconds since epoch. */ getPasswordExpiration : function( ) {}, /**Retrieve the current password history length for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. <p>This method can be called on the {@link android.app.admin.DevicePolicyManager} instance returned by {@link #getParentProfileInstance}(ComponentName) in order to retrieve restrictions on the parent profile. <p>On devices not supporting {@link PackageManager#FEATURE_SECURE_LOCK_SCREEN} feature, the password history length is always 0. @param {Object {ComponentName}} admin The name of the admin component to check, or {@code null} to aggregate all admins. @return {Number} The length of the password history */ getPasswordHistoryLength : function( ) {}, /** @hide per-user version */ getPasswordHistoryLength : function( ) {}, /**Return the maximum password length that the device supports for a particular password quality. <p>On devices not supporting {@link PackageManager#FEATURE_SECURE_LOCK_SCREEN} feature, the password is always empty and this method always returns 0. @param {Number} quality The quality being interrogated. @return {Number} Returns the maximum length that the user can enter. */ getPasswordMaximumLength : function( ) {}, /**Determines whether the calling user's current password meets policy requirements (e.g. quality, minimum length). The user must be unlocked to perform this check. <p>Policy requirements which affect this check can be set by admins of the user, but also by the admin of a managed profile associated with the calling user (when the managed profile doesn't have a separate work challenge). When a managed profile has a separate work challenge, its policy requirements only affect the managed profile. <p>Depending on the user, this method checks the policy requirement against one of the following passwords: <ul> <li>For the primary user or secondary users: the personal keyguard password. <li>For managed profiles: a work challenge if set, otherwise the parent user's personal keyguard password. <ul/> In other words, it's always checking the requirement against the password that is protecting the calling user. <p>Note that this method considers all policy requirements targeting the password in question. For example a profile owner might set a requirement on the parent profile i.e. personal keyguard but not on the profile itself. When the device has a weak personal keyguard password and no separate work challenge, calling this method will return {@code false} despite the profile owner not setting a policy on the profile itself. This is because the profile's current password is the personal keyguard password, and it does not meet all policy requirements. <p>Device admins must request {@link android.app.admin.DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} before calling this method. Note, this policy type is deprecated for device admins in Android 9.0 (API level 28) or higher. <p>This method can be called on the {@link android.app.admin.DevicePolicyManager} instance returned by {@link #getParentProfileInstance}(ComponentName) in order to determine if the password set on the parent profile is sufficient. <p>On devices not supporting {@link PackageManager#FEATURE_SECURE_LOCK_SCREEN} feature, the password is always treated as empty - i.e. this method will always return false on such devices, provided any password requirements were set. @return {Boolean} {@code true} if the password meets the policy requirements, {@code false} otherwise @throws SecurityException if the calling application isn't an active admin that uses {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} @throws IllegalStateException if the user isn't unlocked */ isActivePasswordSufficient : function( ) {}, /**Returns how complex the current user's screen lock is. <p>Note that when called from a profile which uses an unified challenge with its parent, the screen lock complexity of the parent will be returned. However, this API does not support explicitly querying the parent profile screen lock complexity via {@link #getParentProfileInstance}. @throws IllegalStateException if the user is not unlocked. @throws SecurityException if the calling application does not have the permission {@link permission#REQUEST_PASSWORD_COMPLEXITY} */ getPasswordComplexity : function( ) {}, /**When called by a profile owner of a managed profile returns true if the profile uses unified challenge with its parent user. <strong>Note</strong>: This method is not concerned with password quality and will return false if the profile has empty password as a separate challenge. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @throws SecurityException if {@code admin} is not a profile owner of a managed profile. @see UserManager#DISALLOW_UNIFIED_PASSWORD */ isUsingUnifiedPassword : function( ) {}, /**Determine whether the current profile password the user has set is sufficient to meet the policy requirements (e.g. quality, minimum length) that have been requested by the admins of the parent user and its profiles. @param {Number} userHandle the userId of the profile to check the password for. @return {Boolean} Returns true if the password would meet the current requirements, else false. @throws SecurityException if {@code userHandle} is not a managed profile. @hide */ isProfileActivePasswordSufficientForParent : function( ) {}, /**Retrieve the number of times the user has failed at entering a password since that last successful password entry. <p> This method can be called on the {@link android.app.admin.DevicePolicyManager} instance returned by {@link #getParentProfileInstance}(ComponentName) in order to retrieve the number of failed password attemts for the parent user. <p> The calling device admin must have requested {@link android.app.admin.DeviceAdminInfo#USES_POLICY_WATCH_LOGIN} to be able to call this method; if it has not, a security exception will be thrown. <p>On devices not supporting {@link PackageManager#FEATURE_SECURE_LOCK_SCREEN} feature, the password is always empty and this method always returns 0. @return {Number} The number of times user has entered an incorrect password since the last correct password entry. @throws SecurityException if the calling application does not own an active administrator that uses {@link DeviceAdminInfo#USES_POLICY_WATCH_LOGIN} */ getCurrentFailedPasswordAttempts : function( ) {}, /**Retrieve the number of times the given user has failed at entering a password since that last successful password entry. <p>The calling device admin must have requested {@link android.app.admin.DeviceAdminInfo#USES_POLICY_WATCH_LOGIN} to be able to call this method; if it has not and it is not the system uid, a security exception will be thrown. @hide */ getCurrentFailedPasswordAttempts : function( ) {}, /**Queries whether {@link #RESET_PASSWORD_DO_NOT_ASK_CREDENTIALS_ON_BOOT} flag is set. @return {Boolean} true if RESET_PASSWORD_DO_NOT_ASK_CREDENTIALS_ON_BOOT flag is set. @hide */ getDoNotAskCredentialsOnBoot : function( ) {}, /**Setting this to a value greater than zero enables a built-in policy that will perform a device or profile wipe after too many incorrect device-unlock passwords have been entered. This built-in policy combines watching for failed passwords and wiping the device, and requires that you request both {@link android.app.admin.DeviceAdminInfo#USES_POLICY_WATCH_LOGIN} and {@link android.app.admin.DeviceAdminInfo#USES_POLICY_WIPE_DATA}}. <p> To implement any other policy (e.g. wiping data for a particular application only, erasing or revoking credentials, or reporting the failure to a server), you should implement {@link android.app.admin.DeviceAdminReceiver#onPasswordFailed(Context, android.content.Intent)} instead. Do not use this API, because if the maximum count is reached, the device or profile will be wiped immediately, and your callback will not be invoked. <p> This method can be called on the {@link android.app.admin.DevicePolicyManager} instance returned by {@link #getParentProfileInstance}(ComponentName) in order to set a value on the parent profile. <p>On devices not supporting {@link PackageManager#FEATURE_SECURE_LOCK_SCREEN} feature, the password is always empty and this method has no effect - i.e. the policy is not set. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Number} num The number of failed password attempts at which point the device or profile will be wiped. @throws SecurityException if {@code admin} is not an active administrator or does not use both {@link DeviceAdminInfo#USES_POLICY_WATCH_LOGIN} and {@link DeviceAdminInfo#USES_POLICY_WIPE_DATA}. */ setMaximumFailedPasswordsForWipe : function( ) {}, /**Retrieve the current maximum number of login attempts that are allowed before the device or profile is wiped, for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. <p>This method can be called on the {@link android.app.admin.DevicePolicyManager} instance returned by {@link #getParentProfileInstance}(ComponentName) in order to retrieve the value for the parent profile. <p>On devices not supporting {@link PackageManager#FEATURE_SECURE_LOCK_SCREEN} feature, the password is always empty and this method returns a default value (0) indicating that the policy is not set. @param {Object {ComponentName}} admin The name of the admin component to check, or {@code null} to aggregate all admins. */ getMaximumFailedPasswordsForWipe : function( ) {}, /** @hide per-user version */ getMaximumFailedPasswordsForWipe : function( ) {}, /**Returns the profile with the smallest maximum failed passwords for wipe, for the given user. So for primary user, it might return the primary or a managed profile. For a secondary user, it would be the same as the user passed in. @hide Used only by Keyguard */ getProfileWithMinimumFailedPasswordsForWipe : function( ) {}, /**Force a new password for device unlock (the password needed to access the entire device) or the work profile challenge on the current user. This takes effect immediately. <p> <em>For device owner and profile owners targeting SDK level {@link android.os.Build.VERSION_CODES#O} or above, this API is no longer available and will throw {@link SecurityException}. Please use the new API {@link #resetPasswordWithToken} instead. </em> <p> <em>Note: This API has been limited as of {@link android.os.Build.VERSION_CODES#N} for device admins that are not device owner and not profile owner. The password can now only be changed if there is currently no password set. Device owner and profile owner can still do this when user is unlocked and does not have a managed profile.</em> <p> The given password must be sufficient for the current password quality and length constraints as returned by {@link #getPasswordQuality}(ComponentName) and {@link #getPasswordMinimumLength}(ComponentName); if it does not meet these constraints, then it will be rejected and false returned. Note that the password may be a stronger quality (containing alphanumeric characters when the requested quality is only numeric), in which case the currently active quality will be increased to match. <p> Calling with a null or empty password will clear any existing PIN, pattern or password if the current password constraints allow it. <em>Note: This will not work in {@link android.os.Build.VERSION_CODES#N} and later for managed profiles, or for device admins that are not device owner or profile owner. Once set, the password cannot be changed to null or empty except by these admins.</em> <p>On devices not supporting {@link PackageManager#FEATURE_SECURE_LOCK_SCREEN} feature, this methods does nothing. <p> The calling device admin must have requested {@link android.app.admin.DeviceAdminInfo#USES_POLICY_RESET_PASSWORD} to be able to call this method; if it has not, a security exception will be thrown. @param {String} password The new password for the user. Null or empty clears the password. @param {Number} flags May be 0 or combination of {@link #RESET_PASSWORD_REQUIRE_ENTRY} and {@link #RESET_PASSWORD_DO_NOT_ASK_CREDENTIALS_ON_BOOT}. @return {Boolean} Returns true if the password was applied, or false if it is not acceptable for the current constraints or if the user has not been decrypted yet. @throws SecurityException if the calling application does not own an active administrator that uses {@link DeviceAdminInfo#USES_POLICY_RESET_PASSWORD} @throws IllegalStateException if the calling user is locked or has a managed profile. */ resetPassword : function( ) {}, /**Called by a profile or device owner to provision a token which can later be used to reset the device lockscreen password (if called by device owner), or managed profile challenge (if called by profile owner), via {@link #resetPasswordWithToken}. <p> If the user currently has a lockscreen password, the provisioned token will not be immediately usable; it only becomes active after the user performs a confirm credential operation, which can be triggered by {@link KeyguardManager#createConfirmDeviceCredentialIntent}. If the user has no lockscreen password, the token is activated immediately. In all cases, the active state of the current token can be checked by {@link #isResetPasswordTokenActive}. For security reasons, un-activated tokens are only stored in memory and will be lost once the device reboots. In this case a new token needs to be provisioned again. <p> Once provisioned and activated, the token will remain effective even if the user changes or clears the lockscreen password. <p> <em>This token is highly sensitive and should be treated at the same level as user credentials. In particular, NEVER store this token on device in plaintext. Do not store the plaintext token in device-encrypted storage if it will be needed to reset password on file-based encryption devices before user unlocks. Consider carefully how any password token will be stored on your server and who will need access to them. Tokens may be the subject of legal access requests. </em> <p>On devices not supporting {@link PackageManager#FEATURE_SECURE_LOCK_SCREEN} feature, the reset token is not set and this method returns false. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Object {byte[]}} token a secure token a least 32-byte long, which must be generated by a cryptographically strong random number generator. @return {Boolean} true if the operation is successful, false otherwise. @throws SecurityException if admin is not a device or profile owner. @throws IllegalArgumentException if the supplied token is invalid. */ setResetPasswordToken : function( ) {}, /**Called by a profile or device owner to revoke the current password reset token. <p>On devices not supporting {@link PackageManager#FEATURE_SECURE_LOCK_SCREEN} feature, this method has no effect - the reset token should not have been set in the first place - and false is returned. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @return {Boolean} true if the operation is successful, false otherwise. @throws SecurityException if admin is not a device or profile owner. */ clearResetPasswordToken : function( ) {}, /**Called by a profile or device owner to check if the current reset password token is active. <p>On devices not supporting {@link PackageManager#FEATURE_SECURE_LOCK_SCREEN} feature, false is always returned. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @return {Boolean} true if the token is active, false otherwise. @throws SecurityException if admin is not a device or profile owner. @throws IllegalStateException if no token has been set. */ isResetPasswordTokenActive : function( ) {}, /**Called by device or profile owner to force set a new device unlock password or a managed profile challenge on current user. This takes effect immediately. <p> Unlike {@link #resetPassword}, this API can change the password even before the user or device is unlocked or decrypted. The supplied token must have been previously provisioned via {@link #setResetPasswordToken}, and in active state {@link #isResetPasswordTokenActive}. <p> The given password must be sufficient for the current password quality and length constraints as returned by {@link #getPasswordQuality}(ComponentName) and {@link #getPasswordMinimumLength}(ComponentName); if it does not meet these constraints, then it will be rejected and false returned. Note that the password may be a stronger quality, for example, a password containing alphanumeric characters when the requested quality is only numeric. <p> Calling with a {@code null} or empty password will clear any existing PIN, pattern or password if the current password constraints allow it. <p>On devices not supporting {@link PackageManager#FEATURE_SECURE_LOCK_SCREEN} feature, calling this methods has no effect - the password is always empty - and false is returned. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {String} password The new password for the user. {@code null} or empty clears the password. @param {Object {byte[]}} token the password reset token previously provisioned by {@link #setResetPasswordToken}. @param {Number} flags May be 0 or combination of {@link #RESET_PASSWORD_REQUIRE_ENTRY} and {@link #RESET_PASSWORD_DO_NOT_ASK_CREDENTIALS_ON_BOOT}. @return {Boolean} Returns true if the password was applied, or false if it is not acceptable for the current constraints. @throws SecurityException if admin is not a device or profile owner. @throws IllegalStateException if the provided token is not valid. */ resetPasswordWithToken : function( ) {}, /**Called by an application that is administering the device to set the maximum time for user activity until the device will lock. This limits the length that the user can set. It takes effect immediately. <p> The calling device admin must have requested {@link android.app.admin.DeviceAdminInfo#USES_POLICY_FORCE_LOCK} to be able to call this method; if it has not, a security exception will be thrown. <p> This method can be called on the {@link android.app.admin.DevicePolicyManager} instance returned by {@link #getParentProfileInstance}(ComponentName) in order to set restrictions on the parent profile. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Number} timeMs The new desired maximum time to lock in milliseconds. A value of 0 means there is no restriction. @throws SecurityException if {@code admin} is not an active administrator or it does not use {@link DeviceAdminInfo#USES_POLICY_FORCE_LOCK} */ setMaximumTimeToLock : function( ) {}, /**Retrieve the current maximum time to unlock for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. <p>This method can be called on the {@link android.app.admin.DevicePolicyManager} instance returned by {@link #getParentProfileInstance}(ComponentName) in order to retrieve restrictions on the parent profile. @param {Object {ComponentName}} admin The name of the admin component to check, or {@code null} to aggregate all admins. @return {Number} time in milliseconds for the given admin or the minimum value (strictest) of all admins if admin is null. Returns 0 if there are no restrictions. */ getMaximumTimeToLock : function( ) {}, /** @hide per-user version */ getMaximumTimeToLock : function( ) {}, /**Called by a device/profile owner to set the timeout after which unlocking with secondary, non strong auth (e.g. fingerprint, face, trust agents) times out, i.e. the user has to use a strong authentication method like password, pin or pattern. <p>This timeout is used internally to reset the timer to require strong auth again after specified timeout each time it has been successfully used. <p>Fingerprint can also be disabled altogether using {@link #KEYGUARD_DISABLE_FINGERPRINT}. <p>Trust agents can also be disabled altogether using {@link #KEYGUARD_DISABLE_TRUST_AGENTS}. <p>The calling device admin must be a device or profile owner. If it is not, a {@link SecurityException} will be thrown. <p>The calling device admin can verify the value it has set by calling {@link #getRequiredStrongAuthTimeout}(ComponentName) and passing in its instance. <p>This method can be called on the {@link android.app.admin.DevicePolicyManager} instance returned by {@link #getParentProfileInstance}(ComponentName) in order to set restrictions on the parent profile. <p>On devices not supporting {@link PackageManager#FEATURE_SECURE_LOCK_SCREEN} feature, calling this methods has no effect - i.e. the timeout is not set. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Number} timeoutMs The new timeout in milliseconds, after which the user will have to unlock with strong authentication method. A value of 0 means the admin is not participating in controlling the timeout. The minimum and maximum timeouts are platform-defined and are typically 1 hour and 72 hours, respectively. Though discouraged, the admin may choose to require strong auth at all times using {@link #KEYGUARD_DISABLE_FINGERPRINT} and/or {@link #KEYGUARD_DISABLE_TRUST_AGENTS}. @throws SecurityException if {@code admin} is not a device or profile owner. */ setRequiredStrongAuthTimeout : function( ) {}, /**Determine for how long the user will be able to use secondary, non strong auth for authentication, since last strong method authentication (password, pin or pattern) was used. After the returned timeout the user is required to use strong authentication method. <p>This method can be called on the {@link android.app.admin.DevicePolicyManager} instance returned by {@link #getParentProfileInstance}(ComponentName) in order to retrieve restrictions on the parent profile. <p>On devices not supporting {@link PackageManager#FEATURE_SECURE_LOCK_SCREEN} feature, 0 is returned to indicate that no timeout is configured. @param {Object {ComponentName}} admin The name of the admin component to check, or {@code null} to aggregate across all participating admins. @return {Number} The timeout in milliseconds or 0 if not configured for the provided admin. */ getRequiredStrongAuthTimeout : function( ) {}, /** @hide per-user version */ getRequiredStrongAuthTimeout : function( ) {}, /**Make the device lock immediately, as if the lock screen timeout has expired at the point of this call. <p> The calling device admin must have requested {@link android.app.admin.DeviceAdminInfo#USES_POLICY_FORCE_LOCK} to be able to call this method; if it has not, a security exception will be thrown. <p> This method can be called on the {@link android.app.admin.DevicePolicyManager} instance returned by {@link #getParentProfileInstance}(ComponentName) in order to lock the parent profile. <p> Equivalent to calling {@link #lockNow}(int) with no flags. @throws SecurityException if the calling application does not own an active administrator that uses {@link DeviceAdminInfo#USES_POLICY_FORCE_LOCK} */ lockNow : function( ) {}, /**Make the device lock immediately, as if the lock screen timeout has expired at the point of this call. <p> The calling device admin must have requested {@link android.app.admin.DeviceAdminInfo#USES_POLICY_FORCE_LOCK} to be able to call this method; if it has not, a security exception will be thrown. <p> This method can be called on the {@link android.app.admin.DevicePolicyManager} instance returned by {@link #getParentProfileInstance}(ComponentName) in order to lock the parent profile. @param {Number} flags May be 0 or {@link #FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY}. @throws SecurityException if the calling application does not own an active administrator that uses {@link DeviceAdminInfo#USES_POLICY_FORCE_LOCK} or the {@link #FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY} flag is passed by an application that is not a profile owner of a managed profile. @throws IllegalArgumentException if the {@link #FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY} flag is passed when locking the parent profile. @throws UnsupportedOperationException if the {@link #FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY} flag is passed when {@link #getStorageEncryptionStatus} does not return {@link #ENCRYPTION_STATUS_ACTIVE_PER_USER}. */ lockNow : function( ) {}, /**Ask that all user data be wiped. If called as a secondary user, the user will be removed and other users will remain unaffected. Calling from the primary user will cause the device to reboot, erasing all device data - including all the secondary users and their data - while booting up. <p> The calling device admin must have requested {@link android.app.admin.DeviceAdminInfo#USES_POLICY_WIPE_DATA} to be able to call this method; if it has not, a security exception will be thrown. @param {Number} flags Bit mask of additional options: currently supported flags are {@link #WIPE_EXTERNAL_STORAGE}, {@link #WIPE_RESET_PROTECTION_DATA}, {@link #WIPE_EUICC} and {@link #WIPE_SILENTLY}. @throws SecurityException if the calling application does not own an active administrator that uses {@link DeviceAdminInfo#USES_POLICY_WIPE_DATA} */ wipeData : function( ) {}, /**Ask that all user data be wiped. If called as a secondary user, the user will be removed and other users will remain unaffected, the provided reason for wiping data can be shown to user. Calling from the primary user will cause the device to reboot, erasing all device data - including all the secondary users and their data - while booting up. In this case, we don't show the reason to the user since the device would be factory reset. <p> The calling device admin must have requested {@link android.app.admin.DeviceAdminInfo#USES_POLICY_WIPE_DATA} to be able to call this method; if it has not, a security exception will be thrown. @param {Number} flags Bit mask of additional options: currently supported flags are {@link #WIPE_EXTERNAL_STORAGE}, {@link #WIPE_RESET_PROTECTION_DATA} and {@link #WIPE_EUICC}. @param {Object {CharSequence}} reason a string that contains the reason for wiping data, which can be presented to the user. @throws SecurityException if the calling application does not own an active administrator that uses {@link DeviceAdminInfo#USES_POLICY_WIPE_DATA} @throws IllegalArgumentException if the input reason string is null or empty, or if {@link #WIPE_SILENTLY} is set. */ wipeData : function( ) {}, /**Called by an application that is administering the device to set the global proxy and exclusion list. <p> The calling device admin must have requested {@link android.app.admin.DeviceAdminInfo#USES_POLICY_SETS_GLOBAL_PROXY} to be able to call this method; if it has not, a security exception will be thrown. Only the first device admin can set the proxy. If a second admin attempts to set the proxy, the {@link ComponentName} of the admin originally setting the proxy will be returned. If successful in setting the proxy, {@code null} will be returned. The method can be called repeatedly by the device admin alrady setting the proxy to update the proxy and exclusion list. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Object {Proxy}} proxySpec the global proxy desired. Must be an HTTP Proxy. Pass Proxy.NO_PROXY to reset the proxy. @param {Object {java.util.List}} exclusionList a list of domains to be excluded from the global proxy. @return {Object {android.content.ComponentName}} {@code null} if the proxy was successfully set, or otherwise a {@link ComponentName} of the device admin that sets the proxy. @hide */ setGlobalProxy : function( ) {}, /**Set a network-independent global HTTP proxy. This is not normally what you want for typical HTTP proxies - they are generally network dependent. However if you're doing something unusual like general internal filtering this may be useful. On a private network where the proxy is not accessible, you may break HTTP using this. <p> This method requires the caller to be the device owner. <p> This proxy is only a recommendation and it is possible that some apps will ignore it. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Object {ProxyInfo}} proxyInfo The a {@link ProxyInfo} object defining the new global HTTP proxy. A {@code null} value will clear the global HTTP proxy. @param proxyInfo The a {@link ProxyInfo} object defining the new global HTTP proxy. A {@code null} value will clear the global HTTP proxy. @throws SecurityException if {@code admin} is not the device owner. */ setRecommendedGlobalProxy : function( ) {}, /**Returns the component name setting the global proxy. @return {Object {android.content.ComponentName}} ComponentName object of the device admin that set the global proxy, or {@code null} if no admin has set the proxy. @hide */ getGlobalProxyAdmin : function( ) {}, /**Called by an application that is administering the device to request that the storage system be encrypted. Does nothing if the caller is on a secondary user or a managed profile. <p> When multiple device administrators attempt to control device encryption, the most secure, supported setting will always be used. If any device administrator requests device encryption, it will be enabled; Conversely, if a device administrator attempts to disable device encryption while another device administrator has enabled it, the call to disable will fail (most commonly returning {@link #ENCRYPTION_STATUS_ACTIVE}). <p> This policy controls encryption of the secure (application data) storage area. Data written to other storage areas may or may not be encrypted, and this policy does not require or control the encryption of any other storage areas. There is one exception: If {@link android.os.Environment#isExternalStorageEmulated()} is {@code true}, then the directory returned by {@link android.os.Environment#getExternalStorageDirectory()} must be written to disk within the encrypted storage area. <p> Important Note: On some devices, it is possible to encrypt storage without requiring the user to create a device PIN or Password. In this case, the storage is encrypted, but the encryption key may not be fully secured. For maximum security, the administrator should also require (and check for) a pattern, PIN, or password. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Boolean} encrypt true to request encryption, false to release any previous request @return {Number} the new total request status (for all active admins), or {@link DevicePolicyManager#ENCRYPTION_STATUS_UNSUPPORTED} if called for a non-system user. Will be one of {@link #ENCRYPTION_STATUS_UNSUPPORTED}, {@link #ENCRYPTION_STATUS_INACTIVE}, or {@link #ENCRYPTION_STATUS_ACTIVE}. This is the value of the requests; use {@link #getStorageEncryptionStatus()} to query the actual device state. @throws SecurityException if {@code admin} is not an active administrator or does not use {@link DeviceAdminInfo#USES_ENCRYPTED_STORAGE} */ setStorageEncryption : function( ) {}, /**Called by an application that is administering the device to determine the requested setting for secure storage. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. If null, this will return the requested encryption setting as an aggregate of all active administrators. @return {Boolean} true if the admin(s) are requesting encryption, false if not. */ getStorageEncryption : function( ) {}, /**Called by an application that is administering the device to determine the current encryption status of the device. <p> Depending on the returned status code, the caller may proceed in different ways. If the result is {@link #ENCRYPTION_STATUS_UNSUPPORTED}, the storage system does not support encryption. If the result is {@link #ENCRYPTION_STATUS_INACTIVE}, use {@link #ACTION_START_ENCRYPTION} to begin the process of encrypting or decrypting the storage. If the result is {@link #ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY}, the storage system has enabled encryption but no password is set so further action may be required. If the result is {@link #ENCRYPTION_STATUS_ACTIVATING}, {@link #ENCRYPTION_STATUS_ACTIVE} or {@link #ENCRYPTION_STATUS_ACTIVE_PER_USER}, no further action is required. @return {Number} current status of encryption. The value will be one of {@link #ENCRYPTION_STATUS_UNSUPPORTED}, {@link #ENCRYPTION_STATUS_INACTIVE}, {@link #ENCRYPTION_STATUS_ACTIVATING}, {@link #ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY}, {@link #ENCRYPTION_STATUS_ACTIVE}, or {@link #ENCRYPTION_STATUS_ACTIVE_PER_USER}. */ getStorageEncryptionStatus : function( ) {}, /** @hide per-user version */ getStorageEncryptionStatus : function( ) {}, /**Mark a CA certificate as approved by the device user. This means that they have been notified of the installation, were made aware of the risks, viewed the certificate and still wanted to keep the certificate on the device. Calling with {@param approval} as {@code true} will cancel any ongoing warnings related to this certificate. @hide */ approveCaCert : function( ) {}, /**Check whether a CA certificate has been approved by the device user. @hide */ isCaCertApproved : function( ) {}, /**Installs the given certificate as a user CA. <p> Inserted user CAs aren't automatically trusted by apps in Android 7.0 (API level 24) and higher. App developers can change the default behavior for an app by adding a <a href="{@docRoot}training/articles/security-config.html">Security Configuration File</a> to the app manifest file. The caller must be a profile or device owner on that user, or a delegate package given the {@link #DELEGATION_CERT_INSTALL} scope via {@link #setDelegatedScopes}; otherwise a security exception will be thrown. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with, or {@code null} if calling from a delegated certificate installer. @param {Object {byte[]}} certBuffer encoded form of the certificate to install. @return {Boolean} false if the certBuffer cannot be parsed or installation is interrupted, true otherwise. @throws SecurityException if {@code admin} is not {@code null} and not a device or profile owner. @see #setDelegatedScopes @see #DELEGATION_CERT_INSTALL */ installCaCert : function( ) {}, /**Uninstalls the given certificate from trusted user CAs, if present. The caller must be a profile or device owner on that user, or a delegate package given the {@link #DELEGATION_CERT_INSTALL} scope via {@link #setDelegatedScopes}; otherwise a security exception will be thrown. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with, or {@code null} if calling from a delegated certificate installer. @param {Object {byte[]}} certBuffer encoded form of the certificate to remove. @throws SecurityException if {@code admin} is not {@code null} and not a device or profile owner. @see #setDelegatedScopes @see #DELEGATION_CERT_INSTALL */ uninstallCaCert : function( ) {}, /**Returns all CA certificates that are currently trusted, excluding system CA certificates. If a user has installed any certificates by other means than device policy these will be included too. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with, or {@code null} if calling from a delegated certificate installer. @return {Object {java.util.List}} a List of byte[] arrays, each encoding one user CA certificate. @throws SecurityException if {@code admin} is not {@code null} and not a device or profile owner. */ getInstalledCaCerts : function( ) {}, /**Uninstalls all custom trusted CA certificates from the profile. Certificates installed by means other than device policy will also be removed, except for system CA certificates. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with, or {@code null} if calling from a delegated certificate installer. @throws SecurityException if {@code admin} is not {@code null} and not a device or profile owner. */ uninstallAllUserCaCerts : function( ) {}, /**Returns whether this certificate is installed as a trusted CA. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with, or {@code null} if calling from a delegated certificate installer. @param {Object {byte[]}} certBuffer encoded form of the certificate to look up. @throws SecurityException if {@code admin} is not {@code null} and not a device or profile owner. */ hasCaCertInstalled : function( ) {}, /**Called by a device or profile owner, or delegated certificate installer, to install a certificate and corresponding private key. All apps within the profile will be able to access the certificate and use the private key, given direct user approval. <p>Access to the installed credentials will not be granted to the caller of this API without direct user approval. This is for security - should a certificate installer become compromised, certificates it had already installed will be protected. <p>If the installer must have access to the credentials, call {@link #installKeyPair(ComponentName, PrivateKey, Certificate[], String, boolean)} instead. <p>Note: If the provided {@code alias} is of an existing alias, all former grants that apps have been given to access the key and certificates associated with this alias will be revoked. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with, or {@code null} if calling from a delegated certificate installer. @param {Object {PrivateKey}} privKey The private key to install. @param {Object {Certificate}} cert The certificate to install. @param {String} alias The private key alias under which to install the certificate. If a certificate with that alias already exists, it will be overwritten. @return {Boolean} {@code true} if the keys were installed, {@code false} otherwise. @throws SecurityException if {@code admin} is not {@code null} and not a device or profile owner. @see #setDelegatedScopes @see #DELEGATION_CERT_INSTALL */ installKeyPair : function( ) {}, /**Called by a device or profile owner, or delegated certificate installer, to install a certificate chain and corresponding private key for the leaf certificate. All apps within the profile will be able to access the certificate chain and use the private key, given direct user approval. <p>The caller of this API may grant itself access to the certificate and private key immediately, without user approval. It is a best practice not to request this unless strictly necessary since it opens up additional security vulnerabilities. <p>Note: If the provided {@code alias} is of an existing alias, all former grants that apps have been given to access the key and certificates associated with this alias will be revoked. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with, or {@code null} if calling from a delegated certificate installer. @param {Object {PrivateKey}} privKey The private key to install. @param {Object {java.security.cert.Certificate[]}} certs The certificate chain to install. The chain should start with the leaf certificate and include the chain of trust in order. This will be returned by {@link android.security.KeyChain#getCertificateChain}. @param {String} alias The private key alias under which to install the certificate. If a certificate with that alias already exists, it will be overwritten. @param {Boolean} requestAccess {@code true} to request that the calling app be granted access to the credentials immediately. Otherwise, access to the credentials will be gated by user approval. @return {Boolean} {@code true} if the keys were installed, {@code false} otherwise. @throws SecurityException if {@code admin} is not {@code null} and not a device or profile owner. @see android.security.KeyChain#getCertificateChain @see #setDelegatedScopes @see #DELEGATION_CERT_INSTALL */ installKeyPair : function( ) {}, /**Called by a device or profile owner, or delegated certificate installer, to install a certificate chain and corresponding private key for the leaf certificate. All apps within the profile will be able to access the certificate chain and use the private key, given direct user approval (if the user is allowed to select the private key). <p>The caller of this API may grant itself access to the certificate and private key immediately, without user approval. It is a best practice not to request this unless strictly necessary since it opens up additional security vulnerabilities. <p>Include {@link #INSTALLKEY_SET_USER_SELECTABLE} in the {@code flags} argument to allow the user to select the key from a dialog. <p>Note: If the provided {@code alias} is of an existing alias, all former grants that apps have been given to access the key and certificates associated with this alias will be revoked. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with, or {@code null} if calling from a delegated certificate installer. @param {Object {PrivateKey}} privKey The private key to install. @param {Object {java.security.cert.Certificate[]}} certs The certificate chain to install. The chain should start with the leaf certificate and include the chain of trust in order. This will be returned by {@link android.security.KeyChain#getCertificateChain}. @param {String} alias The private key alias under which to install the certificate. If a certificate with that alias already exists, it will be overwritten. @param {Number} flags Flags to request that the calling app be granted access to the credentials and set the key to be user-selectable. See {@link #INSTALLKEY_SET_USER_SELECTABLE} and {@link #INSTALLKEY_REQUEST_CREDENTIALS_ACCESS}. @return {Boolean} {@code true} if the keys were installed, {@code false} otherwise. @throws SecurityException if {@code admin} is not {@code null} and not a device or profile owner. @see android.security.KeyChain#getCertificateChain @see #setDelegatedScopes @see #DELEGATION_CERT_INSTALL */ installKeyPair : function( ) {}, /**Called by a device or profile owner, or delegated certificate installer, to remove a certificate and private key pair installed under a given alias. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with, or {@code null} if calling from a delegated certificate installer. @param {String} alias The private key alias under which the certificate is installed. @return {Boolean} {@code true} if the private key alias no longer exists, {@code false} otherwise. @throws SecurityException if {@code admin} is not {@code null} and not a device or profile owner. @see #setDelegatedScopes @see #DELEGATION_CERT_INSTALL */ removeKeyPair : function( ) {}, /**Called by a device or profile owner, or delegated certificate installer, to generate a new private/public key pair. If the device supports key generation via secure hardware, this method is useful for creating a key in KeyChain that never left the secure hardware. Access to the key is controlled the same way as in {@link #installKeyPair}. <p>Because this method might take several seconds to complete, it should only be called from a worker thread. This method returns {@code null} when called from the main thread. <p>Note: If the provided {@code alias} is of an existing alias, all former grants that apps have been given to access the key and certificates associated with this alias will be revoked. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with, or {@code null} if calling from a delegated certificate installer. @param {String} algorithm The key generation algorithm, see {@link java.security.KeyPairGenerator}. @param {Object {KeyGenParameterSpec}} keySpec Specification of the key to generate, see {@link java.security.KeyPairGenerator}. @param {Number} idAttestationFlags A bitmask of all the identifiers that should be included in the attestation record ({@code ID_TYPE_BASE_INFO}, {@code ID_TYPE_SERIAL}, {@code ID_TYPE_IMEI} and {@code ID_TYPE_MEID}), or {@code 0} if no device identification is required in the attestation record. Device owner, profile owner and their delegated certificate installer can use {@link #ID_TYPE_BASE_INFO} to request inclusion of the general device information including manufacturer, model, brand, device and product in the attestation record. Only device owner and their delegated certificate installer can use {@link #ID_TYPE_SERIAL}, {@link #ID_TYPE_IMEI} and {@link #ID_TYPE_MEID} to request unique device identifiers to be attested. <p> If any of {@link #ID_TYPE_SERIAL}, {@link #ID_TYPE_IMEI} and {@link #ID_TYPE_MEID} is set, it is implicitly assumed that {@link #ID_TYPE_BASE_INFO} is also set. <p> If any flag is specified, then an attestation challenge must be included in the {@code keySpec}. @return {Object {android.security.AttestedKeyPair}} A non-null {@code AttestedKeyPair} if the key generation succeeded, null otherwise. @throws SecurityException if {@code admin} is not {@code null} and not a device or profile owner. If Device ID attestation is requested (using {@link #ID_TYPE_SERIAL}, {@link #ID_TYPE_IMEI} or {@link #ID_TYPE_MEID}), the caller must be the Device Owner or the Certificate Installer delegate. @throws IllegalArgumentException if the alias in {@code keySpec} is empty, if the algorithm specification in {@code keySpec} is not {@code RSAKeyGenParameterSpec} or {@code ECGenParameterSpec}, or if Device ID attestation was requested but the {@code keySpec} does not contain an attestation challenge. @throws UnsupportedOperationException if Device ID attestation was requested but the underlying hardware does not support it. @throws StrongBoxUnavailableException if the use of StrongBox for key generation was specified in {@code keySpec} but the device does not have one. @see KeyGenParameterSpec.Builder#setAttestationChallenge(byte[]) */ generateKeyPair : function( ) {}, /**Returns {@code true} if the device supports attestation of device identifiers in addition to key attestation. @return {Boolean} {@code true} if Device ID attestation is supported. */ isDeviceIdAttestationSupported : function( ) {}, /**Called by a device or profile owner, or delegated certificate installer, to associate certificates with a key pair that was generated using {@link #generateKeyPair}, and set whether the key is available for the user to choose in the certificate selection prompt. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with, or {@code null} if calling from a delegated certificate installer. @param {String} alias The private key alias under which to install the certificate. The {@code alias} should denote an existing private key. If a certificate with that alias already exists, it will be overwritten. @param {Object {java.util.List}} certs The certificate chain to install. The chain should start with the leaf certificate and include the chain of trust in order. This will be returned by {@link android.security.KeyChain#getCertificateChain}. @param {Boolean} isUserSelectable {@code true} to indicate that a user can select this key via the certificate selection prompt, {@code false} to indicate that this key can only be granted access by implementing {@link android.app.admin.DeviceAdminReceiver#onChoosePrivateKeyAlias}. @return {Boolean} {@code true} if the provided {@code alias} exists and the certificates has been successfully associated with it, {@code false} otherwise. @throws SecurityException if {@code admin} is not {@code null} and not a device or profile owner, or {@code admin} is null but the calling application is not a delegated certificate installer. */ setKeyPairCertificate : function( ) {}, /**Called by a profile owner or device owner to grant access to privileged certificate manipulation APIs to a third-party certificate installer app. Granted APIs include {@link #getInstalledCaCerts}, {@link #hasCaCertInstalled}, {@link #installCaCert}, {@link #uninstallCaCert}, {@link #uninstallAllUserCaCerts} and {@link #installKeyPair}. <p> Delegated certificate installer is a per-user state. The delegated access is persistent until it is later cleared by calling this method with a null value or uninstallling the certificate installer. <p> <b>Note:</b>Starting from {@link android.os.Build.VERSION_CODES#N}, if the caller application's target SDK version is {@link android.os.Build.VERSION_CODES#N} or newer, the supplied certificate installer package must be installed when calling this API, otherwise an {@link IllegalArgumentException} will be thrown. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {String} installerPackage The package name of the certificate installer which will be given access. If {@code null} is given the current package will be cleared. @throws SecurityException if {@code admin} is not a device or a profile owner. @deprecated From {@link android.os.Build.VERSION_CODES#O}. Use {@link #setDelegatedScopes} with the {@link #DELEGATION_CERT_INSTALL} scope instead. */ setCertInstallerPackage : function( ) {}, /**Called by a profile owner or device owner to retrieve the certificate installer for the user, or {@code null} if none is set. If there are multiple delegates this function will return one of them. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @return {String} The package name of the current delegated certificate installer, or {@code null} if none is set. @throws SecurityException if {@code admin} is not a device or a profile owner. @deprecated From {@link android.os.Build.VERSION_CODES#O}. Use {@link #getDelegatePackages} with the {@link #DELEGATION_CERT_INSTALL} scope instead. */ getCertInstallerPackage : function( ) {}, /**Called by a profile owner or device owner to grant access to privileged APIs to another app. Granted APIs are determined by {@code scopes}, which is a list of the {@code DELEGATION_*} constants. <p> A broadcast with the {@link #ACTION_APPLICATION_DELEGATION_SCOPES_CHANGED} action will be sent to the {@code delegatePackage} with its new scopes in an {@code ArrayList<String>} extra under the {@link #EXTRA_DELEGATION_SCOPES} key. The broadcast is sent with the {@link Intent#FLAG_RECEIVER_REGISTERED_ONLY} flag. <p> Delegated scopes are a per-user state. The delegated access is persistent until it is later cleared by calling this method with an empty {@code scopes} list or uninstalling the {@code delegatePackage}. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {String} delegatePackage The package name of the app which will be given access. @param {Object {java.util.List}} scopes The groups of privileged APIs whose access should be granted to {@code delegatedPackage}. @throws SecurityException if {@code admin} is not a device or a profile owner. */ setDelegatedScopes : function( ) {}, /**Called by a profile owner or device owner to retrieve a list of the scopes given to a delegate package. Other apps can use this method to retrieve their own delegated scopes by passing {@code null} for {@code admin} and their own package name as {@code delegatedPackage}. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with, or {@code null} if the caller is {@code delegatedPackage}. @param {String} delegatedPackage The package name of the app whose scopes should be retrieved. @return {Object {java.util.List}} A list containing the scopes given to {@code delegatedPackage}. @throws SecurityException if {@code admin} is not a device or a profile owner. */ getDelegatedScopes : function( ) {}, /**Called by a profile owner or device owner to retrieve a list of delegate packages that were granted a delegation scope. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {String} delegationScope The scope whose delegates should be retrieved. @return {Object {java.util.List}} A list of package names of the current delegated packages for {@code delegationScope}. @throws SecurityException if {@code admin} is not a device or a profile owner. */ getDelegatePackages : function( ) {}, /**Called by a device or profile owner to configure an always-on VPN connection through a specific application for the current user. This connection is automatically granted and persisted after a reboot. <p> To support the always-on feature, an app must <ul> <li>declare a {@link android.net.VpnService} in its manifest, guarded by {@link android.Manifest.permission#BIND_VPN_SERVICE};</li> <li>target {@link android.os.Build.VERSION_CODES#N API 24} or above; and</li> <li><i>not</i> explicitly opt out of the feature through {@link android.net.VpnService#SERVICE_META_DATA_SUPPORTS_ALWAYS_ON}.</li> </ul> The call will fail if called with the package name of an unsupported VPN app. <p> Enabling lockdown via {@code lockdownEnabled} argument carries the risk that any failure of the VPN provider could break networking for all apps. This method clears any lockdown whitelist set by {@link #setAlwaysOnVpnPackage(ComponentName, String, boolean, Set)}. @param {Object {ComponentName}} vpnPackage The package name for an installed VPN app on the device, or {@code null} to remove an existing always-on VPN configuration. @param {String} lockdownEnabled {@code true} to disallow networking when the VPN is not connected or {@code false} otherwise. This has no effect when clearing. @throws SecurityException if {@code admin} is not a device or a profile owner. @throws NameNotFoundException if {@code vpnPackage} is not installed. @throws UnsupportedOperationException if {@code vpnPackage} exists but does not support being set as always-on, or if always-on VPN is not available. @see #setAlwaysOnVpnPackage(ComponentName, String, boolean, Set) */ setAlwaysOnVpnPackage : function( ) {}, /**A version of {@link #setAlwaysOnVpnPackage(ComponentName, String, boolean)} that allows the admin to specify a set of apps that should be able to access the network directly when VPN is not connected. When VPN connects these apps switch over to VPN if allowed to use that VPN. System apps can always bypass VPN. <p> Note that the system doesn't update the whitelist when packages are installed or uninstalled, the admin app must call this method to keep the list up to date. <p> When {@code lockdownEnabled} is false {@code lockdownWhitelist} is ignored . When {@code lockdownEnabled} is {@code true} and {@code lockdownWhitelist} is {@code null} or empty, only system apps can bypass VPN. <p> Setting always-on VPN package to {@code null} or using {@link #setAlwaysOnVpnPackage(ComponentName, String, boolean)} clears lockdown whitelist. @param {Object {ComponentName}} vpnPackage package name for an installed VPN app on the device, or {@code null} to remove an existing always-on VPN configuration @param {String} lockdownEnabled {@code true} to disallow networking when the VPN is not connected or {@code false} otherwise. This has no effect when clearing. @param {Boolean} lockdownWhitelist Packages that will be able to access the network directly when VPN is in lockdown mode but not connected. Has no effect when clearing. @throws SecurityException if {@code admin} is not a device or a profile owner. @throws NameNotFoundException if {@code vpnPackage} or one of {@code lockdownWhitelist} is not installed. @throws UnsupportedOperationException if {@code vpnPackage} exists but does not support being set as always-on, or if always-on VPN is not available. */ setAlwaysOnVpnPackage : function( ) {}, /**Called by device or profile owner to query whether current always-on VPN is configured in lockdown mode. Returns {@code false} when no always-on configuration is set. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @throws SecurityException if {@code admin} is not a device or a profile owner. @see #setAlwaysOnVpnPackage(ComponentName, String, boolean) */ isAlwaysOnVpnLockdownEnabled : function( ) {}, /**Called by device or profile owner to query the set of packages that are allowed to access the network directly when always-on VPN is in lockdown mode but not connected. Returns {@code null} when always-on VPN is not active or not in lockdown mode. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @throws SecurityException if {@code admin} is not a device or a profile owner. @see #setAlwaysOnVpnPackage(ComponentName, String, boolean, Set) */ getAlwaysOnVpnLockdownWhitelist : function( ) {}, /**Called by a device or profile owner to read the name of the package administering an always-on VPN connection for the current user. If there is no such package, or the always-on VPN is provided by the system instead of by an application, {@code null} will be returned. @return {String} Package name of VPN controller responsible for always-on VPN, or {@code null} if none is set. @throws SecurityException if {@code admin} is not a device or a profile owner. */ getAlwaysOnVpnPackage : function( ) {}, /**Called by an application that is administering the device to disable all cameras on the device, for this user. After setting this, no applications running as this user will be able to access any cameras on the device. <p> If the caller is device owner, then the restriction will be applied to all users. <p> The calling device admin must have requested {@link android.app.admin.DeviceAdminInfo#USES_POLICY_DISABLE_CAMERA} to be able to call this method; if it has not, a security exception will be thrown. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Boolean} disabled Whether or not the camera should be disabled. @throws SecurityException if {@code admin} is not an active administrator or does not use {@link DeviceAdminInfo#USES_POLICY_DISABLE_CAMERA}. */ setCameraDisabled : function( ) {}, /**Determine whether or not the device's cameras have been disabled for this user, either by the calling admin, if specified, or all admins. @param {Object {ComponentName}} admin The name of the admin component to check, or {@code null} to check whether any admins have disabled the camera */ getCameraDisabled : function( ) {}, /** @hide per-user version */ getCameraDisabled : function( ) {}, /**Called by a device owner to request a bugreport. <p> If the device contains secondary users or profiles, they must be affiliated with the device. Otherwise a {@link SecurityException} will be thrown. See {@link #isAffiliatedUser}. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @return {Boolean} {@code true} if the bugreport collection started successfully, or {@code false} if it wasn't triggered because a previous bugreport operation is still active (either the bugreport is still running or waiting for the user to share or decline) @throws SecurityException if {@code admin} is not a device owner, or there is at least one profile or secondary user that is not affiliated with the device. @see #isAffiliatedUser */ requestBugreport : function( ) {}, /**Determine whether or not creating a guest user has been disabled for the device @hide */ getGuestUserDisabled : function( ) {}, /**Called by a device/profile owner to set whether the screen capture is disabled. Disabling screen capture also prevents the content from being shown on display devices that do not have a secure video output. See {@link android.view.Display#FLAG_SECURE} for more details about secure surfaces and secure displays. <p> The calling device admin must be a device or profile owner. If it is not, a security exception will be thrown. <p> From version {@link android.os.Build.VERSION_CODES#M} disabling screen capture also blocks assist requests for all activities of the relevant user. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Boolean} disabled Whether screen capture is disabled or not. @throws SecurityException if {@code admin} is not a device or profile owner. */ setScreenCaptureDisabled : function( ) {}, /**Determine whether or not screen capture has been disabled by the calling admin, if specified, or all admins. @param {Object {ComponentName}} admin The name of the admin component to check, or {@code null} to check whether any admins have disabled screen capture. */ getScreenCaptureDisabled : function( ) {}, /** @hide per-user version */ getScreenCaptureDisabled : function( ) {}, /**Called by a device owner, or alternatively a profile owner from Android 8.0 (API level 26) or higher, to set whether auto time is required. If auto time is required, no user will be able set the date and time and network date and time will be used. <p> Note: if auto time is required the user can still manually set the time zone. <p> The calling device admin must be a device owner, or alternatively a profile owner from Android 8.0 (API level 26) or higher. If it is not, a security exception will be thrown. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Boolean} required Whether auto time is set required or not. @throws SecurityException if {@code admin} is not a device owner. */ setAutoTimeRequired : function( ) {}, /** @return {Boolean} true if auto time is required. */ getAutoTimeRequired : function( ) {}, /**Called by a device owner to set whether all users created on the device should be ephemeral. <p> The system user is exempt from this policy - it is never ephemeral. <p> The calling device admin must be the device owner. If it is not, a security exception will be thrown. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Boolean} forceEphemeralUsers If true, all the existing users will be deleted and all subsequently created users will be ephemeral. @throws SecurityException if {@code admin} is not a device owner. @hide */ setForceEphemeralUsers : function( ) {}, /** @return {Boolean} true if all users are created ephemeral. @throws SecurityException if {@code admin} is not a device owner. @hide */ getForceEphemeralUsers : function( ) {}, /**Called by an application that is administering the device to disable keyguard customizations, such as widgets. After setting this, keyguard features will be disabled according to the provided feature list. <p> The calling device admin must have requested {@link android.app.admin.DeviceAdminInfo#USES_POLICY_DISABLE_KEYGUARD_FEATURES} to be able to call this method; if it has not, a security exception will be thrown. <p> Calling this from a managed profile before version {@link android.os.Build.VERSION_CODES#M} will throw a security exception. From version {@link android.os.Build.VERSION_CODES#M} the profile owner of a managed profile can set: <ul> <li>{@link #KEYGUARD_DISABLE_TRUST_AGENTS}, which affects the parent user, but only if there is no separate challenge set on the managed profile. <li>{@link #KEYGUARD_DISABLE_FINGERPRINT}, {@link #KEYGUARD_DISABLE_FACE} or {@link #KEYGUARD_DISABLE_IRIS} which affects the managed profile challenge if there is one, or the parent user otherwise. <li>{@link #KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS} which affects notifications generated by applications in the managed profile. </ul> {@link #KEYGUARD_DISABLE_TRUST_AGENTS}, {@link #KEYGUARD_DISABLE_FINGERPRINT}, {@link #KEYGUARD_DISABLE_FACE} and {@link #KEYGUARD_DISABLE_IRIS} can also be set on the {@link android.app.admin.DevicePolicyManager} instance returned by {@link #getParentProfileInstance}(ComponentName) in order to set restrictions on the parent profile. <p> Requests to disable other features on a managed profile will be ignored. <p> The admin can check which features have been disabled by calling {@link #getKeyguardDisabledFeatures}(ComponentName) @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Number} which The disabled features flag which can be either {@link #KEYGUARD_DISABLE_FEATURES_NONE} (default), {@link #KEYGUARD_DISABLE_FEATURES_ALL}, or a combination of {@link #KEYGUARD_DISABLE_WIDGETS_ALL}, {@link #KEYGUARD_DISABLE_SECURE_CAMERA}, {@link #KEYGUARD_DISABLE_SECURE_NOTIFICATIONS}, {@link #KEYGUARD_DISABLE_TRUST_AGENTS}, {@link #KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS}, {@link #KEYGUARD_DISABLE_FINGERPRINT}, {@link #KEYGUARD_DISABLE_FACE}, {@link #KEYGUARD_DISABLE_IRIS}. @throws SecurityException if {@code admin} is not an active administrator or does not user {@link DeviceAdminInfo#USES_POLICY_DISABLE_KEYGUARD_FEATURES} */ setKeyguardDisabledFeatures : function( ) {}, /**Determine whether or not features have been disabled in keyguard either by the calling admin, if specified, or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. <p>This method can be called on the {@link android.app.admin.DevicePolicyManager} instance returned by {@link #getParentProfileInstance}(ComponentName) in order to retrieve restrictions on the parent profile. @param {Object {ComponentName}} admin The name of the admin component to check, or {@code null} to check whether any admins have disabled features in keyguard. @return {Number} bitfield of flags. See {@link #setKeyguardDisabledFeatures(ComponentName, int)} for a list. */ getKeyguardDisabledFeatures : function( ) {}, /** @hide per-user version */ getKeyguardDisabledFeatures : function( ) {}, /** @hide */ setActiveAdmin : function( ) {}, /** @hide */ setActiveAdmin : function( ) {}, /** @hide */ getRemoveWarning : function( ) {}, /** @hide */ setActivePasswordState : function( ) {}, /** @hide */ reportPasswordChanged : function( ) {}, /** @hide */ reportFailedPasswordAttempt : function( ) {}, /** @hide */ reportSuccessfulPasswordAttempt : function( ) {}, /** @hide */ reportFailedBiometricAttempt : function( ) {}, /** @hide */ reportSuccessfulBiometricAttempt : function( ) {}, /**Should be called when keyguard has been dismissed. @hide */ reportKeyguardDismissed : function( ) {}, /**Should be called when keyguard view has been shown to the user. @hide */ reportKeyguardSecured : function( ) {}, /** @param {Object {ComponentName}} who the component name to be registered as device owner. @param who the component name to be registered as device owner. @return {Boolean} whether the package was successfully registered as the device owner. @throws IllegalArgumentException if the package name is null or invalid @throws IllegalStateException If the preconditions mentioned are not met. */ setDeviceOwner : function( ) {}, /** @hide */ setDeviceOwner : function( ) {}, /** @hide */ setDeviceOwner : function( ) {}, /** @param {Object {ComponentName}} who the component name to be registered as device owner. @param {String} ownerName the human readable name of the institution that owns this device. @param {Number} userId ID of the user on which the device owner runs. @param userId ID of the user on which the device owner runs. @return {Boolean} whether the package was successfully registered as the device owner. @throws IllegalArgumentException if the package name is null or invalid @throws IllegalStateException If the preconditions mentioned are not met. */ setDeviceOwner : function( ) {}, /**Used to determine if a particular package has been registered as a Device Owner app. A device owner app is a special device admin that cannot be deactivated by the user, once activated as a device admin. It also cannot be uninstalled. To check whether a particular package is currently registered as the device owner app, pass in the package name from {@link Context#getPackageName()} to this method.<p/>This is useful for device admin apps that want to check whether they are also registered as the device owner app. The exact mechanism by which a device admin app is registered as a device owner app is defined by the setup process. @param {String} packageName the package name of the app, to compare with the registered device owner app, if any. @return {Boolean} whether or not the package is registered as the device owner app. */ isDeviceOwnerApp : function( ) {}, /** @return {Boolean} true if a package is registered as device owner, only when it's running on the calling user. <p>Same as {@link #isDeviceOwnerApp}, but bundled code should use it for clarity. @hide */ isDeviceOwnerAppOnCallingUser : function( ) {}, /** @return {Boolean} true if a package is registered as device owner, even if it's running on a different user. <p>Requires the MANAGE_USERS permission. @hide */ isDeviceOwnerAppOnAnyUser : function( ) {}, /** @return {Object {android.content.ComponentName}} device owner component name, only when it's running on the calling user. @hide */ getDeviceOwnerComponentOnCallingUser : function( ) {}, /** @return {Object {android.content.ComponentName}} device owner component name, even if it's running on a different user. @hide */ getDeviceOwnerComponentOnAnyUser : function( ) {}, /** @return {Object {android.os.UserHandle}} Handle of the user who runs device owner, or {@code null} if there's no device owner. @hide */ getDeviceOwnerUser : function( ) {}, /** @hide */ getDeviceOwnerUserId : function( ) {}, /**Clears the current device owner. The caller must be the device owner. This function should be used cautiously as once it is called it cannot be undone. The device owner can only be set as a part of device setup, before it completes. <p> While some policies previously set by the device owner will be cleared by this method, it is a best-effort process and some other policies will still remain in place after the device owner is cleared. @param {String} packageName The package name of the device owner. @throws SecurityException if the caller is not in {@code packageName} or {@code packageName} does not own the current device owner component. @deprecated This method is expected to be used for testing purposes only. The device owner will lose control of the device and its data after calling it. In order to protect any sensitive data that remains on the device, it is advised that the device owner factory resets the device instead of calling this method. See {@link #wipeData(int)}. */ clearDeviceOwnerApp : function( ) {}, /**Returns the device owner package name, only if it's running on the calling user. <p>Bundled components should use {@code getDeviceOwnerComponentOnCallingUser()} for clarity. @hide */ getDeviceOwner : function( ) {}, /**Called by the system to find out whether the device is managed by a Device Owner. @return {Boolean} whether the device is managed by a Device Owner. @throws SecurityException if the caller is not the device owner, does not hold the MANAGE_USERS permission and is not the system. @hide */ isDeviceManaged : function( ) {}, /**Returns the device owner name. Note this method *will* return the device owner name when it's running on a different user. @hide */ getDeviceOwnerNameOnAnyUser : function( ) {}, /** @hide @deprecated Do not use @removed */ getDeviceInitializerApp : function( ) {}, /** @hide @deprecated Do not use @removed */ getDeviceInitializerComponent : function( ) {}, /** @param {Object {ComponentName}} admin The component to register as an active admin and profile owner. @param {String} ownerName The user-visible name of the entity that is managing this user. @param admin The component to register as an active admin and profile owner. @param ownerName The user-visible name of the entity that is managing this user. @return {Boolean} whether the admin was successfully registered as the profile owner. @throws IllegalArgumentException if packageName is null, the package isn't installed, or the user has already been set up. */ setActiveProfileOwner : function( ) {}, /**Clears the active profile owner. The caller must be the profile owner of this user, otherwise a SecurityException will be thrown. This method is not available to managed profile owners. <p> While some policies previously set by the profile owner will be cleared by this method, it is a best-effort process and some other policies will still remain in place after the profile owner is cleared. @param {Object {ComponentName}} admin The component to remove as the profile owner. @throws SecurityException if {@code admin} is not an active profile owner, or the method is being called from a managed profile. @deprecated This method is expected to be used for testing purposes only. The profile owner will lose control of the user and its data after calling it. In order to protect any sensitive data that remains on this user, it is advised that the profile owner deletes it instead of calling this method. See {@link #wipeData(int)}. */ clearProfileOwner : function( ) {}, /** @hide Checks whether the user was already setup. */ hasUserSetupCompleted : function( ) {}, /** @param {Object {ComponentName}} admin the component name to be registered as profile owner. @param {String} ownerName the human readable name of the organisation associated with this DPM. @param {Number} userHandle the userId to set the profile owner for. @param userHandle the userId to set the profile owner for. @return {Boolean} whether the component was successfully registered as the profile owner. @throws IllegalArgumentException if admin is null, the package isn't installed, or the preconditions mentioned are not met. */ setProfileOwner : function( ) {}, /**Sets the device owner information to be shown on the lock screen. <p> If the device owner information is {@code null} or empty then the device owner info is cleared and the user owner info is shown on the lock screen if it is set. <p> If the device owner information contains only whitespaces then the message on the lock screen will be blank and the user will not be allowed to change it. <p> If the device owner information needs to be localized, it is the responsibility of the {@link android.app.admin.DeviceAdminReceiver} to listen to the {@link Intent#ACTION_LOCALE_CHANGED} broadcast and set a new version of this string accordingly. @param {Object {ComponentName}} admin The name of the admin component to check. @param {Object {CharSequence}} info Device owner information which will be displayed instead of the user owner info. @throws SecurityException if {@code admin} is not a device owner. */ setDeviceOwnerLockScreenInfo : function( ) {}, /** @return {Object {java.lang.CharSequence}} The device owner information. If it is not set returns {@code null}. */ getDeviceOwnerLockScreenInfo : function( ) {}, /**Called by device or profile owners to suspend packages for this user. This function can be called by a device owner, profile owner, or by a delegate given the {@link #DELEGATION_PACKAGE_ACCESS} scope via {@link #setDelegatedScopes}. <p> A suspended package will not be able to start activities. Its notifications will be hidden, it will not show up in recents, will not be able to show toasts or dialogs or ring the device. <p> The package must already be installed. If the package is uninstalled while suspended the package will no longer be suspended. The admin can block this by using {@link #setUninstallBlocked}. @param {Object {ComponentName}} admin The name of the admin component to check, or {@code null} if the caller is a package access delegate. @param {Object {java.lang.String[]}} packageNames The package names to suspend or unsuspend. @param {Boolean} suspended If set to {@code true} than the packages will be suspended, if set to {@code false} the packages will be unsuspended. @return {String} an array of package names for which the suspended status is not set as requested in this method. @throws SecurityException if {@code admin} is not a device or profile owner. @see #setDelegatedScopes @see #DELEGATION_PACKAGE_ACCESS */ setPackagesSuspended : function( ) {}, /**Determine if a package is suspended. This function can be called by a device owner, profile owner, or by a delegate given the {@link #DELEGATION_PACKAGE_ACCESS} scope via {@link #setDelegatedScopes}. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with, or {@code null} if the caller is a package access delegate. @param {String} packageName The name of the package to retrieve the suspended status of. @return {Boolean} {@code true} if the package is suspended or {@code false} if the package is not suspended, could not be found or an error occurred. @throws SecurityException if {@code admin} is not a device or profile owner. @throws NameNotFoundException if the package could not be found. @see #setDelegatedScopes @see #DELEGATION_PACKAGE_ACCESS */ isPackageSuspended : function( ) {}, /**Sets the enabled state of the profile. A profile should be enabled only once it is ready to be used. Only the profile owner can call this. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param admin Which {@link DeviceAdminReceiver} this request is associated with. @throws SecurityException if {@code admin} is not a profile owner. */ setProfileEnabled : function( ) {}, /**Sets the name of the profile. In the device owner case it sets the name of the user which it is called from. Only a profile owner or device owner can call this. If this is never called by the profile or device owner, the name will be set to default values. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associate with. @param {String} profileName The name of the profile. @param admin Which {@link DeviceAdminReceiver} this request is associate with. @param profileName The name of the profile. @throws SecurityException if {@code admin} is not a device or profile owner. */ setProfileName : function( ) {}, /**Used to determine if a particular package is registered as the profile owner for the user. A profile owner is a special device admin that has additional privileges within the profile. @param {String} packageName The package name of the app to compare with the registered profile owner. @return {Boolean} Whether or not the package is registered as the profile owner. */ isProfileOwnerApp : function( ) {}, /** @hide @return {Object {android.content.ComponentName}} the packageName of the owner of the given user profile or {@code null} if no profile owner has been set for that user. @throws IllegalArgumentException if the userId is invalid. */ getProfileOwner : function( ) {}, /** @see #getProfileOwner() @hide */ getProfileOwnerAsUser : function( ) {}, /** @hide */ getProfileOwnerAsUser : function( ) {}, /** @hide @return {String} the human readable name of the organisation associated with this DPM or {@code null} if one is not set. @throws IllegalArgumentException if the userId is invalid. */ getProfileOwnerName : function( ) {}, /** @param {Number} userId The user for whom to fetch the profile owner name, if any. @param userId The user for whom to fetch the profile owner name, if any. @return {String} the human readable name of the organisation associated with this profile owner or null if one is not set. @throws IllegalArgumentException if the userId is invalid. */ getProfileOwnerNameAsUser : function( ) {}, /**Returns whether the specified package can read the device identifiers. @param {String} packageName The package name of the app to check for device identifier access. @param {Number} pid The process id of the package to be checked. @param {Number} uid The uid of the package to be checked. @return {Boolean} whether the package can read the device identifiers. @hide */ checkDeviceIdentifierAccess : function( ) {}, /**Called by a profile owner or device owner to set a default activity that the system selects to handle intents that match the given {@link IntentFilter}. This activity will remain the default intent handler even if the set of potential event handlers for the intent filter changes and if the intent preferences are reset. <p> Note that the caller should still declare the activity in the manifest, the API just sets the activity to be the default one to handle the given intent filter. <p> The default disambiguation mechanism takes over if the activity is not installed (anymore). When the activity is (re)installed, it is automatically reset as default intent handler for the filter. <p> The calling device admin must be a profile owner or device owner. If it is not, a security exception will be thrown. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Object {IntentFilter}} filter The IntentFilter for which a default handler is added. @param {Object {ComponentName}} activity The Activity that is added as default intent handler. @throws SecurityException if {@code admin} is not a device or profile owner. */ addPersistentPreferredActivity : function( ) {}, /**Called by a profile owner or device owner to remove all persistent intent handler preferences associated with the given package that were set by {@link #addPersistentPreferredActivity}. <p> The calling device admin must be a profile owner. If it is not, a security exception will be thrown. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {String} packageName The name of the package for which preferences are removed. @throws SecurityException if {@code admin} is not a device or profile owner. */ clearPackagePersistentPreferredActivities : function( ) {}, /**Called by a device owner to set the default SMS application. <p> The calling device admin must be a device owner. If it is not, a security exception will be thrown. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {String} packageName The name of the package to set as the default SMS application. @throws SecurityException if {@code admin} is not a device owner. */ setDefaultSmsApplication : function( ) {}, /**Called by a profile owner or device owner to grant permission to a package to manage application restrictions for the calling user via {@link #setApplicationRestrictions} and {@link #getApplicationRestrictions}. <p> This permission is persistent until it is later cleared by calling this method with a {@code null} value or uninstalling the managing package. <p> The supplied application restriction managing package must be installed when calling this API, otherwise an {@link NameNotFoundException} will be thrown. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {String} packageName The package name which will be given access to application restrictions APIs. If {@code null} is given the current package will be cleared. @throws SecurityException if {@code admin} is not a device or profile owner. @throws NameNotFoundException if {@code packageName} is not found @deprecated From {@link android.os.Build.VERSION_CODES#O}. Use {@link #setDelegatedScopes} with the {@link #DELEGATION_APP_RESTRICTIONS} scope instead. */ setApplicationRestrictionsManagingPackage : function( ) {}, /**Called by a profile owner or device owner to retrieve the application restrictions managing package for the current user, or {@code null} if none is set. If there are multiple delegates this function will return one of them. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @return {String} The package name allowed to manage application restrictions on the current user, or {@code null} if none is set. @throws SecurityException if {@code admin} is not a device or profile owner. @deprecated From {@link android.os.Build.VERSION_CODES#O}. Use {@link #getDelegatePackages} with the {@link #DELEGATION_APP_RESTRICTIONS} scope instead. */ getApplicationRestrictionsManagingPackage : function( ) {}, /**Called by any application to find out whether it has been granted permission via {@link #setApplicationRestrictionsManagingPackage} to manage application restrictions for the calling user. <p>This is done by comparing the calling Linux uid with the uid of the package specified by that method. @deprecated From {@link android.os.Build.VERSION_CODES#O}. Use {@link #getDelegatedScopes} instead. */ isCallerApplicationRestrictionsManagingPackage : function( ) {}, /**Sets the application restrictions for a given target application running in the calling user. <p> The caller must be a profile or device owner on that user, or the package allowed to manage application restrictions via {@link #setDelegatedScopes} with the {@link #DELEGATION_APP_RESTRICTIONS} scope; otherwise a security exception will be thrown. <p> The provided {@link Bundle} consists of key-value pairs, where the types of values may be: <ul> <li>{@code boolean} <li>{@code int} <li>{@code String} or {@code String[]} <li>From {@link android.os.Build.VERSION_CODES#M}, {@code Bundle} or {@code Bundle[]} </ul> <p> If the restrictions are not available yet, but may be applied in the near future, the caller can notify the target application of that by adding {@link UserManager#KEY_RESTRICTIONS_PENDING} to the settings parameter. <p> The application restrictions are only made visible to the target application via {@link UserManager#getApplicationRestrictions(String)}, in addition to the profile or device owner, and the application restrictions managing package via {@link #getApplicationRestrictions}. <p>NOTE: The method performs disk I/O and shouldn't be called on the main thread @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with, or {@code null} if called by the application restrictions managing package. @param {String} packageName The name of the package to update restricted settings for. @param {Object {Bundle}} settings A {@link Bundle} to be parsed by the receiving application, conveying a new set of active restrictions. @throws SecurityException if {@code admin} is not a device or profile owner. @see #setDelegatedScopes @see #DELEGATION_APP_RESTRICTIONS @see UserManager#KEY_RESTRICTIONS_PENDING */ setApplicationRestrictions : function( ) {}, /**Sets a list of configuration features to enable for a trust agent component. This is meant to be used in conjunction with {@link #KEYGUARD_DISABLE_TRUST_AGENTS}, which disables all trust agents but those enabled by this function call. If flag {@link #KEYGUARD_DISABLE_TRUST_AGENTS} is not set, then this call has no effect. <p> For any specific trust agent, whether it is disabled or not depends on the aggregated state of each admin's {@link #KEYGUARD_DISABLE_TRUST_AGENTS} setting and its trust agent configuration as set by this function call. In particular: if any admin sets {@link #KEYGUARD_DISABLE_TRUST_AGENTS} and does not additionally set any trust agent configuration, the trust agent is disabled completely. Otherwise, the trust agent will receive the list of configurations from all admins who set {@link #KEYGUARD_DISABLE_TRUST_AGENTS} and aggregate the configurations to determine its behavior. The exact meaning of aggregation is trust-agent-specific. <p> The calling device admin must have requested {@link android.app.admin.DeviceAdminInfo#USES_POLICY_DISABLE_KEYGUARD_FEATURES} to be able to call this method; if not, a security exception will be thrown. <p> This method can be called on the {@link android.app.admin.DevicePolicyManager} instance returned by {@link #getParentProfileInstance}(ComponentName) in order to set the configuration for the parent profile. <p> On devices not supporting {@link PackageManager#FEATURE_SECURE_LOCK_SCREEN} feature, calling this method has no effect - no trust agent configuration will be set. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Object {ComponentName}} target Component name of the agent to be configured. @param {Object {PersistableBundle}} configuration Trust-agent-specific feature configuration bundle. Please consult documentation of the specific trust agent to determine the interpretation of this bundle. @throws SecurityException if {@code admin} is not an active administrator or does not use {@link DeviceAdminInfo#USES_POLICY_DISABLE_KEYGUARD_FEATURES} */ setTrustAgentConfiguration : function( ) {}, /**Gets configuration for the given trust agent based on aggregating all calls to {@link #setTrustAgentConfiguration(ComponentName, ComponentName, PersistableBundle)} for all device admins. <p> This method can be called on the {@link android.app.admin.DevicePolicyManager} instance returned by {@link #getParentProfileInstance}(ComponentName) in order to retrieve the configuration set on the parent profile. <p> On devices not supporting {@link PackageManager#FEATURE_SECURE_LOCK_SCREEN} feature, null is always returned. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. If null, this function returns a list of configurations for all admins that declare {@link #KEYGUARD_DISABLE_TRUST_AGENTS}. If any admin declares {@link #KEYGUARD_DISABLE_TRUST_AGENTS} but doesn't call {@link #setTrustAgentConfiguration(ComponentName, ComponentName, PersistableBundle)} for this {@param agent} or calls it with a null configuration, null is returned. @param {Object {ComponentName}} agent Which component to get enabled features for. @return {Object {java.util.List}} configuration for the given trust agent. */ getTrustAgentConfiguration : function( ) {}, /** @hide per-user version */ getTrustAgentConfiguration : function( ) {}, /**Called by a profile owner of a managed profile to set whether caller-Id information from the managed profile will be shown in the parent profile, for incoming calls. <p> The calling device admin must be a profile owner. If it is not, a security exception will be thrown. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Boolean} disabled If true caller-Id information in the managed profile is not displayed. @throws SecurityException if {@code admin} is not a profile owner. */ setCrossProfileCallerIdDisabled : function( ) {}, /**Called by a profile owner of a managed profile to determine whether or not caller-Id information has been disabled. <p> The calling device admin must be a profile owner. If it is not, a security exception will be thrown. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @throws SecurityException if {@code admin} is not a profile owner. */ getCrossProfileCallerIdDisabled : function( ) {}, /**Determine whether or not caller-Id information has been disabled. @param {Object {UserHandle}} userHandle The user for whom to check the caller-id permission @hide */ getCrossProfileCallerIdDisabled : function( ) {}, /**Called by a profile owner of a managed profile to set whether contacts search from the managed profile will be shown in the parent profile, for incoming calls. <p> The calling device admin must be a profile owner. If it is not, a security exception will be thrown. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Boolean} disabled If true contacts search in the managed profile is not displayed. @throws SecurityException if {@code admin} is not a profile owner. */ setCrossProfileContactsSearchDisabled : function( ) {}, /**Called by a profile owner of a managed profile to determine whether or not contacts search has been disabled. <p> The calling device admin must be a profile owner. If it is not, a security exception will be thrown. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @throws SecurityException if {@code admin} is not a profile owner. */ getCrossProfileContactsSearchDisabled : function( ) {}, /**Determine whether or not contacts search has been disabled. @param {Object {UserHandle}} userHandle The user for whom to check the contacts search permission @hide */ getCrossProfileContactsSearchDisabled : function( ) {}, /**Start Quick Contact on the managed profile for the user, if the policy allows. @hide */ startManagedQuickContact : function( ) {}, /**Start Quick Contact on the managed profile for the user, if the policy allows. @hide */ startManagedQuickContact : function( ) {}, /**Called by a profile owner of a managed profile to set whether bluetooth devices can access enterprise contacts. <p> The calling device admin must be a profile owner. If it is not, a security exception will be thrown. <p> This API works on managed profile only. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Boolean} disabled If true, bluetooth devices cannot access enterprise contacts. @throws SecurityException if {@code admin} is not a profile owner. */ setBluetoothContactSharingDisabled : function( ) {}, /**Called by a profile owner of a managed profile to determine whether or not Bluetooth devices cannot access enterprise contacts. <p> The calling device admin must be a profile owner. If it is not, a security exception will be thrown. <p> This API works on managed profile only. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @throws SecurityException if {@code admin} is not a profile owner. */ getBluetoothContactSharingDisabled : function( ) {}, /**Determine whether or not Bluetooth devices cannot access contacts. <p> This API works on managed profile UserHandle only. @param {Object {UserHandle}} userHandle The user for whom to check the caller-id permission @hide */ getBluetoothContactSharingDisabled : function( ) {}, /**Called by the profile owner of a managed profile so that some intents sent in the managed profile can also be resolved in the parent, or vice versa. Only activity intents are supported. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Object {IntentFilter}} filter The {@link IntentFilter} the intent has to match to be also resolved in the other profile @param {Number} flags {@link DevicePolicyManager#FLAG_MANAGED_CAN_ACCESS_PARENT} and {@link DevicePolicyManager#FLAG_PARENT_CAN_ACCESS_MANAGED} are supported. @throws SecurityException if {@code admin} is not a device or profile owner. */ addCrossProfileIntentFilter : function( ) {}, /**Called by a profile owner of a managed profile to remove the cross-profile intent filters that go from the managed profile to the parent, or from the parent to the managed profile. Only removes those that have been set by the profile owner. <p> <em>Note</em>: A list of default cross profile intent filters are set up by the system when the profile is created, some of them ensure the proper functioning of the profile, while others enable sharing of data from the parent to the managed profile for user convenience. These default intent filters are not cleared when this API is called. If the default cross profile data sharing is not desired, they can be disabled with {@link UserManager#DISALLOW_SHARE_INTO_MANAGED_PROFILE}. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @throws SecurityException if {@code admin} is not a profile owner. */ clearCrossProfileIntentFilters : function( ) {}, /**Called by a profile or device owner to set the permitted {@link android.accessibilityservice.AccessibilityService}. When set by a device owner or profile owner the restriction applies to all profiles of the user the device owner or profile owner is an admin for. By default, the user can use any accessibility service. When zero or more packages have been added, accessibility services that are not in the list and not part of the system can not be enabled by the user. <p> Calling with a null value for the list disables the restriction so that all services can be used, calling with an empty list only allows the built-in system services. Any non-system accessibility service that's currently enabled must be included in the list. <p> System accessibility services are always available to the user the list can't modify this. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Object {java.util.List}} packageNames List of accessibility service package names. @return {Boolean} {@code true} if the operation succeeded, or {@code false} if the list didn't contain every enabled non-system accessibility service. @throws SecurityException if {@code admin} is not a device or profile owner. */ setPermittedAccessibilityServices : function( ) {}, /**Returns the list of permitted accessibility services set by this device or profile owner. <p> An empty list means no accessibility services except system services are allowed. Null means all accessibility services are allowed. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @return {Object {java.util.List}} List of accessiblity service package names. @throws SecurityException if {@code admin} is not a device or profile owner. */ getPermittedAccessibilityServices : function( ) {}, /**Called by the system to check if a specific accessibility service is disabled by admin. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {String} packageName Accessibility service package name that needs to be checked. @param {Number} userHandle user id the admin is running as. @return {Boolean} true if the accessibility service is permitted, otherwise false. @hide */ isAccessibilityServicePermittedByAdmin : function( ) {}, /**Returns the list of accessibility services permitted by the device or profiles owners of this user. <p>Null means all accessibility services are allowed, if a non-null list is returned it will contain the intersection of the permitted lists for any device or profile owners that apply to this user. It will also include any system accessibility services. @param {Number} userId which user to check for. @return {Object {java.util.List}} List of accessiblity service package names. @hide */ getPermittedAccessibilityServices : function( ) {}, /**Called by a profile or device owner to set the permitted input methods services for this user. By default, the user can use any input method. <p> When zero or more packages have been added, input method that are not in the list and not part of the system can not be enabled by the user. This method will fail if it is called for a admin that is not for the foreground user or a profile of the foreground user. Any non-system input method service that's currently enabled must be included in the list. <p> Calling with a null value for the list disables the restriction so that all input methods can be used, calling with an empty list disables all but the system's own input methods. <p> System input methods are always available to the user - this method can't modify this. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Object {java.util.List}} packageNames List of input method package names. @return {Boolean} {@code true} if the operation succeeded, or {@code false} if the list didn't contain every enabled non-system input method service. @throws SecurityException if {@code admin} is not a device or profile owner. */ setPermittedInputMethods : function( ) {}, /**Returns the list of permitted input methods set by this device or profile owner. <p> An empty list means no input methods except system input methods are allowed. Null means all input methods are allowed. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @return {Object {java.util.List}} List of input method package names. @throws SecurityException if {@code admin} is not a device or profile owner. */ getPermittedInputMethods : function( ) {}, /**Called by the system to check if a specific input method is disabled by admin. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {String} packageName Input method package name that needs to be checked. @param {Number} userHandle user id the admin is running as. @return {Boolean} true if the input method is permitted, otherwise false. @hide */ isInputMethodPermittedByAdmin : function( ) {}, /**Returns the list of input methods permitted by the device or profiles owners. <p>On {@link android.os.Build.VERSION_CODES#Q} and later devices, this method returns the result for the calling user.</p> <p>On Android P and prior devices, this method returns the result for the current user.</p> <p>Null means all input methods are allowed, if a non-null list is returned it will contain the intersection of the permitted lists for any device or profile owners that apply to this user. It will also include any system input methods. @return {Object {java.util.List}} List of input method package names. @hide */ getPermittedInputMethodsForCurrentUser : function( ) {}, /**Called by a profile owner of a managed profile to set the packages that are allowed to use a {@link android.service.notification.NotificationListenerService} in the primary user to see notifications from the managed profile. By default all packages are permitted by this policy. When zero or more packages have been added, notification listeners installed on the primary user that are not in the list and are not part of the system won't receive events for managed profile notifications. <p> Calling with a {@code null} value for the list disables the restriction so that all notification listener services be used. Calling with an empty list disables all but the system's own notification listeners. System notification listener services are always available to the user. <p> If a device or profile owner want to stop notification listeners in their user from seeing that user's notifications they should prevent that service from running instead (e.g. via {@link #setApplicationHidden(ComponentName, String, boolean)}) @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Object {java.util.List}} packageList List of package names to whitelist @return {Boolean} true if setting the restriction succeeded. It will fail if called outside a managed profile @throws SecurityException if {@code admin} is not a profile owner. @see android.service.notification.NotificationListenerService */ setPermittedCrossProfileNotificationListeners : function( ) {}, /**Returns the list of packages installed on the primary user that allowed to use a {@link android.service.notification.NotificationListenerService} to receive notifications from this managed profile, as set by the profile owner. <p> An empty list means no notification listener services except system ones are allowed. A {@code null} return value indicates that all notification listeners are allowed. */ getPermittedCrossProfileNotificationListeners : function( ) {}, /**Returns true if {@code NotificationListenerServices} from the given package are allowed to receive events for notifications from the given user id. Can only be called by the system uid @see #setPermittedCrossProfileNotificationListeners(ComponentName, List) @hide */ isNotificationListenerServicePermitted : function( ) {}, /**Get the list of apps to keep around as APKs even if no user has currently installed it. This function can be called by a device owner or by a delegate given the {@link #DELEGATION_KEEP_UNINSTALLED_PACKAGES} scope via {@link #setDelegatedScopes}. <p> Please note that packages returned in this method are not automatically pre-cached. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with, or {@code null} if the caller is a keep uninstalled packages delegate. @return {Object {java.util.List}} List of package names to keep cached. @see #setDelegatedScopes @see #DELEGATION_KEEP_UNINSTALLED_PACKAGES */ getKeepUninstalledPackages : function( ) {}, /**Set a list of apps to keep around as APKs even if no user has currently installed it. This function can be called by a device owner or by a delegate given the {@link #DELEGATION_KEEP_UNINSTALLED_PACKAGES} scope via {@link #setDelegatedScopes}. <p>Please note that setting this policy does not imply that specified apps will be automatically pre-cached.</p> @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with, or {@code null} if the caller is a keep uninstalled packages delegate. @param {Object {java.util.List}} packageNames List of package names to keep cached. @throws SecurityException if {@code admin} is not a device owner. @see #setDelegatedScopes @see #DELEGATION_KEEP_UNINSTALLED_PACKAGES */ setKeepUninstalledPackages : function( ) {}, /**Called by a device owner to create a user with the specified name. The UserHandle returned by this method should not be persisted as user handles are recycled as users are removed and created. If you need to persist an identifier for this user, use {@link UserManager#getSerialNumberForUser}. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {String} name the user's name @see UserHandle @return {Object {android.os.UserHandle}} the {@link android.os.UserHandle} object for the created user, or {@code null} if the user could not be created. @deprecated From {@link android.os.Build.VERSION_CODES#M} @removed From {@link android.os.Build.VERSION_CODES#N} */ createUser : function( ) {}, /**Called by a device owner to create a user with the specified name. The UserHandle returned by this method should not be persisted as user handles are recycled as users are removed and created. If you need to persist an identifier for this user, use {@link UserManager#getSerialNumberForUser}. The new user will be started in the background immediately. <p> profileOwnerComponent is the {@link android.app.admin.DeviceAdminReceiver} to be the profile owner as well as registered as an active admin on the new user. The profile owner package will be installed on the new user if it already is installed on the device. <p>If the optionalInitializeData is not null, then the extras will be passed to the profileOwnerComponent when onEnable is called. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {String} name the user's name @param {String} ownerName the human readable name of the organisation associated with this DPM. @param {Object {ComponentName}} profileOwnerComponent The {@link DeviceAdminReceiver} that will be an active admin on the user. @param {Object {Bundle}} adminExtras Extras that will be passed to onEnable of the admin receiver on the new user. @see UserHandle @return {Object {android.os.UserHandle}} the {@link android.os.UserHandle} object for the created user, or {@code null} if the user could not be created. @deprecated From {@link android.os.Build.VERSION_CODES#M} @removed From {@link android.os.Build.VERSION_CODES#N} */ createAndInitializeUser : function( ) {}, /**Called by a device owner to create a user with the specified name and a given component of the calling package as profile owner. The UserHandle returned by this method should not be persisted as user handles are recycled as users are removed and created. If you need to persist an identifier for this user, use {@link UserManager#getSerialNumberForUser}. The new user will not be started in the background. <p> admin is the {@link android.app.admin.DeviceAdminReceiver} which is the device owner. profileOwner is also a DeviceAdminReceiver in the same package as admin, and will become the profile owner and will be registered as an active admin on the new user. The profile owner package will be installed on the new user. <p> If the adminExtras are not null, they will be stored on the device until the user is started for the first time. Then the extras will be passed to the admin when onEnable is called. <p>From {@link android.os.Build.VERSION_CODES#P} onwards, if targeting {@link android.os.Build.VERSION_CODES#P}, throws {@link UserOperationException} instead of returning {@code null} on failure. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {String} name The user's name. @param {Object {ComponentName}} profileOwner Which {@link DeviceAdminReceiver} will be profile owner. Has to be in the same package as admin, otherwise no user is created and an IllegalArgumentException is thrown. @param {Object {PersistableBundle}} adminExtras Extras that will be passed to onEnable of the admin receiver on the new user. @param {Number} flags {@link #SKIP_SETUP_WIZARD}, {@link #MAKE_USER_EPHEMERAL} and {@link #LEAVE_ALL_SYSTEM_APPS_ENABLED} are supported. @see UserHandle @return {Object {android.os.UserHandle}} the {@link android.os.UserHandle} object for the created user, or {@code null} if the user could not be created. @throws SecurityException if {@code admin} is not a device owner. @throws UserOperationException if the user could not be created and the calling app is targeting {@link android.os.Build.VERSION_CODES#P} and running on {@link android.os.Build.VERSION_CODES#P}. */ createAndManageUser : function( ) {}, /**Called by a device owner to remove a user/profile and all associated data. The primary user can not be removed. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Object {UserHandle}} userHandle the user to remove. @return {Boolean} {@code true} if the user was removed, {@code false} otherwise. @throws SecurityException if {@code admin} is not a device owner. */ removeUser : function( ) {}, /**Called by a device owner to switch the specified secondary user to the foreground. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Object {UserHandle}} userHandle the user to switch to; null will switch to primary. @return {Boolean} {@code true} if the switch was successful, {@code false} otherwise. @throws SecurityException if {@code admin} is not a device owner. @see Intent#ACTION_USER_FOREGROUND @see #getSecondaryUsers(ComponentName) */ switchUser : function( ) {}, /**Called by a device owner to start the specified secondary user in background. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Object {UserHandle}} userHandle the user to be started in background. @return {Number} one of the following result codes: {@link UserManager#USER_OPERATION_ERROR_UNKNOWN}, {@link UserManager#USER_OPERATION_SUCCESS}, {@link UserManager#USER_OPERATION_ERROR_MANAGED_PROFILE}, {@link UserManager#USER_OPERATION_ERROR_MAX_RUNNING_USERS}, @throws SecurityException if {@code admin} is not a device owner. @see #getSecondaryUsers(ComponentName) */ startUserInBackground : function( ) {}, /**Called by a device owner to stop the specified secondary user. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Object {UserHandle}} userHandle the user to be stopped. @return {Number} one of the following result codes: {@link UserManager#USER_OPERATION_ERROR_UNKNOWN}, {@link UserManager#USER_OPERATION_SUCCESS}, {@link UserManager#USER_OPERATION_ERROR_MANAGED_PROFILE}, {@link UserManager#USER_OPERATION_ERROR_CURRENT_USER} @throws SecurityException if {@code admin} is not a device owner. @see #getSecondaryUsers(ComponentName) */ stopUser : function( ) {}, /**Called by a profile owner of secondary user that is affiliated with the device to stop the calling user and switch back to primary. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @return {Number} one of the following result codes: {@link UserManager#USER_OPERATION_ERROR_UNKNOWN}, {@link UserManager#USER_OPERATION_SUCCESS}, {@link UserManager#USER_OPERATION_ERROR_MANAGED_PROFILE}, {@link UserManager#USER_OPERATION_ERROR_CURRENT_USER} @throws SecurityException if {@code admin} is not a profile owner affiliated with the device. @see #getSecondaryUsers(ComponentName) */ logoutUser : function( ) {}, /**Called by a device owner to list all secondary users on the device. Managed profiles are not considered as secondary users. <p> Used for various user management APIs, including {@link #switchUser}, {@link #removeUser} and {@link #stopUser}. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @return {Object {java.util.List}} list of other {@link UserHandle}s on the device. @throws SecurityException if {@code admin} is not a device owner. @see #removeUser(ComponentName, UserHandle) @see #switchUser(ComponentName, UserHandle) @see #startUserInBackground(ComponentName, UserHandle) @see #stopUser(ComponentName, UserHandle) */ getSecondaryUsers : function( ) {}, /**Checks if the profile owner is running in an ephemeral user. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @return {Boolean} whether the profile owner is running in an ephemeral user. */ isEphemeralUser : function( ) {}, /**Retrieves the application restrictions for a given target application running in the calling user. <p> The caller must be a profile or device owner on that user, or the package allowed to manage application restrictions via {@link #setDelegatedScopes} with the {@link #DELEGATION_APP_RESTRICTIONS} scope; otherwise a security exception will be thrown. <p>NOTE: The method performs disk I/O and shouldn't be called on the main thread @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with, or {@code null} if called by the application restrictions managing package. @param {String} packageName The name of the package to fetch restricted settings of. @return {Object {android.os.Bundle}} {@link Bundle} of settings corresponding to what was set last time {@link DevicePolicyManager#setApplicationRestrictions} was called, or an empty {@link Bundle} if no restrictions have been set. @throws SecurityException if {@code admin} is not a device or profile owner. @see #setDelegatedScopes @see #DELEGATION_APP_RESTRICTIONS */ getApplicationRestrictions : function( ) {}, /**Called by a profile or device owner to set a user restriction specified by the key. <p> The calling device admin must be a profile or device owner; if it is not, a security exception will be thrown. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {String} key The key of the restriction. See the constants in {@link android.os.UserManager} for the list of keys. @throws SecurityException if {@code admin} is not a device or profile owner. */ addUserRestriction : function( ) {}, /**Called by a profile or device owner to clear a user restriction specified by the key. <p> The calling device admin must be a profile or device owner; if it is not, a security exception will be thrown. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {String} key The key of the restriction. See the constants in {@link android.os.UserManager} for the list of keys. @throws SecurityException if {@code admin} is not a device or profile owner. */ clearUserRestriction : function( ) {}, /**Called by a profile or device owner to get user restrictions set with {@link #addUserRestriction(ComponentName, String)}. <p> The target user may have more restrictions set by the system or other device owner / profile owner. To get all the user restrictions currently set, use {@link UserManager#getUserRestrictions()}. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @throws SecurityException if {@code admin} is not a device or profile owner. */ getUserRestrictions : function( ) {}, /**Called by any app to display a support dialog when a feature was disabled by an admin. This returns an intent that can be used with {@link Context#startActivity(Intent)} to display the dialog. It will tell the user that the feature indicated by {@code restriction} was disabled by an admin, and include a link for more information. The default content of the dialog can be changed by the restricting admin via {@link #setShortSupportMessage(ComponentName, CharSequence)}. If the restriction is not set (i.e. the feature is available), then the return value will be {@code null}. @param {String} restriction Indicates for which feature the dialog should be displayed. Can be a user restriction from {@link UserManager}, e.g. {@link UserManager#DISALLOW_ADJUST_VOLUME}, or one of the constants {@link #POLICY_DISABLE_CAMERA} or {@link #POLICY_DISABLE_SCREEN_CAPTURE}. @return {Object {android.content.Intent}} Intent An intent to be used to start the dialog-activity if the restriction is set by an admin, or null if the restriction does not exist or no admin set it. */ createAdminSupportIntent : function( ) {}, /**Hide or unhide packages. When a package is hidden it is unavailable for use, but the data and actual package file remain. This function can be called by a device owner, profile owner, or by a delegate given the {@link #DELEGATION_PACKAGE_ACCESS} scope via {@link #setDelegatedScopes}. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with, or {@code null} if the caller is a package access delegate. @param {String} packageName The name of the package to hide or unhide. @param {Boolean} hidden {@code true} if the package should be hidden, {@code false} if it should be unhidden. @return {Boolean} boolean Whether the hidden setting of the package was successfully updated. @throws SecurityException if {@code admin} is not a device or profile owner. @see #setDelegatedScopes @see #DELEGATION_PACKAGE_ACCESS */ setApplicationHidden : function( ) {}, /**Determine if a package is hidden. This function can be called by a device owner, profile owner, or by a delegate given the {@link #DELEGATION_PACKAGE_ACCESS} scope via {@link #setDelegatedScopes}. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with, or {@code null} if the caller is a package access delegate. @param {String} packageName The name of the package to retrieve the hidden status of. @return {Boolean} boolean {@code true} if the package is hidden, {@code false} otherwise. @throws SecurityException if {@code admin} is not a device or profile owner. @see #setDelegatedScopes @see #DELEGATION_PACKAGE_ACCESS */ isApplicationHidden : function( ) {}, /**Re-enable a system app that was disabled by default when the user was initialized. This function can be called by a device owner, profile owner, or by a delegate given the {@link #DELEGATION_ENABLE_SYSTEM_APP} scope via {@link #setDelegatedScopes}. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with, or {@code null} if the caller is an enable system app delegate. @param {String} packageName The package to be re-enabled in the calling profile. @throws SecurityException if {@code admin} is not a device or profile owner. @see #setDelegatedScopes @see #DELEGATION_PACKAGE_ACCESS */ enableSystemApp : function( ) {}, /**Re-enable system apps by intent that were disabled by default when the user was initialized. This function can be called by a device owner, profile owner, or by a delegate given the {@link #DELEGATION_ENABLE_SYSTEM_APP} scope via {@link #setDelegatedScopes}. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with, or {@code null} if the caller is an enable system app delegate. @param {Object {Intent}} intent An intent matching the app(s) to be installed. All apps that resolve for this intent will be re-enabled in the calling profile. @return {Number} int The number of activities that matched the intent and were installed. @throws SecurityException if {@code admin} is not a device or profile owner. @see #setDelegatedScopes @see #DELEGATION_PACKAGE_ACCESS */ enableSystemApp : function( ) {}, /**Install an existing package that has been installed in another user, or has been kept after removal via {@link #setKeepUninstalledPackages}. This function can be called by a device owner, profile owner or a delegate given the {@link #DELEGATION_INSTALL_EXISTING_PACKAGE} scope via {@link #setDelegatedScopes}. When called in a secondary user or managed profile, the user/profile must be affiliated with the device. See {@link #isAffiliatedUser}. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {String} packageName The package to be installed in the calling profile. @return {Boolean} {@code true} if the app is installed; {@code false} otherwise. @throws SecurityException if {@code admin} is not the device owner, or the profile owner of an affiliated user or profile. @see #setKeepUninstalledPackages @see #setDelegatedScopes @see #isAffiliatedUser @see #DELEGATION_PACKAGE_ACCESS */ installExistingPackage : function( ) {}, /**Called by a device owner or profile owner to disable account management for a specific type of account. <p> The calling device admin must be a device owner or profile owner. If it is not, a security exception will be thrown. <p> When account management is disabled for an account type, adding or removing an account of that type will not be possible. <p> From {@link android.os.Build.VERSION_CODES#N} the profile or device owner can still use {@link android.accounts.AccountManager} APIs to add or remove accounts when account management for a specific type is disabled. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {String} accountType For which account management is disabled or enabled. @param {Boolean} disabled The boolean indicating that account management will be disabled (true) or enabled (false). @throws SecurityException if {@code admin} is not a device or profile owner. */ setAccountManagementDisabled : function( ) {}, /**Gets the array of accounts for which account management is disabled by the profile owner. <p> Account management can be disabled/enabled by calling {@link #setAccountManagementDisabled}. @return {String} a list of account types for which account management has been disabled. @see #setAccountManagementDisabled */ getAccountTypesWithManagementDisabled : function( ) {}, /** @see #getAccountTypesWithManagementDisabled() @hide */ getAccountTypesWithManagementDisabledAsUser : function( ) {}, /**Sets which packages may enter lock task mode. <p> Any packages that share uid with an allowed package will also be allowed to activate lock task. From {@link android.os.Build.VERSION_CODES#M} removing packages from the lock task package list results in locked tasks belonging to those packages to be finished. <p> This function can only be called by the device owner, a profile owner of an affiliated user or profile, or the profile owner when no device owner is set. See {@link #isAffiliatedUser}. Any package set via this method will be cleared if the user becomes unaffiliated. @param {Object {ComponentName}} packages The list of packages allowed to enter lock task mode @param {Object {java.lang.String[]}} admin Which {@link DeviceAdminReceiver} this request is associated with. @throws SecurityException if {@code admin} is not the device owner, the profile owner of an affiliated user or profile, or the profile owner when no device owner is set. @see #isAffiliatedUser @see Activity#startLockTask() @see DeviceAdminReceiver#onLockTaskModeEntering(Context, Intent, String) @see DeviceAdminReceiver#onLockTaskModeExiting(Context, Intent) @see UserManager#DISALLOW_CREATE_WINDOWS */ setLockTaskPackages : function( ) {}, /**Returns the list of packages allowed to start the lock task mode. @throws SecurityException if {@code admin} is not the device owner, the profile owner of an affiliated user or profile, or the profile owner when no device owner is set. @see #isAffiliatedUser @see #setLockTaskPackages */ getLockTaskPackages : function( ) {}, /**This function lets the caller know whether the given component is allowed to start the lock task mode. @param {String} pkg The package to check */ isLockTaskPermitted : function( ) {}, /**Sets which system features are enabled when the device runs in lock task mode. This method doesn't affect the features when lock task mode is inactive. Any system features not included in {@code flags} are implicitly disabled when calling this method. By default, only {@link #LOCK_TASK_FEATURE_GLOBAL_ACTIONS} is enabled—all the other features are disabled. To disable the global actions dialog, call this method omitting {@link #LOCK_TASK_FEATURE_GLOBAL_ACTIONS}. <p>This method can only be called by the device owner, a profile owner of an affiliated user or profile, or the profile owner when no device owner is set. See {@link #isAffiliatedUser}. Any features set using this method are cleared if the user becomes unaffiliated. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Number} flags The system features enabled during lock task mode. @throws SecurityException if {@code admin} is not the device owner, the profile owner of an affiliated user or profile, or the profile owner when no device owner is set. @see #isAffiliatedUser */ setLockTaskFeatures : function( ) {}, /**Gets which system features are enabled for LockTask mode. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @return {Number} bitfield of flags. See {@link #setLockTaskFeatures(ComponentName, int)} for a list. @throws SecurityException if {@code admin} is not the device owner, the profile owner of an affiliated user or profile, or the profile owner when no device owner is set. @see #isAffiliatedUser @see #setLockTaskFeatures */ getLockTaskFeatures : function( ) {}, /**Called by device owner to update {@link android.provider.Settings.Global} settings. Validation that the value of the setting is in the correct form for the setting type should be performed by the caller. <p> The settings that can be updated with this method are: <ul> <li>{@link android.provider.Settings.Global#ADB_ENABLED}</li> <li>{@link android.provider.Settings.Global#AUTO_TIME}</li> <li>{@link android.provider.Settings.Global#AUTO_TIME_ZONE}</li> <li>{@link android.provider.Settings.Global#DATA_ROAMING}</li> <li>{@link android.provider.Settings.Global#USB_MASS_STORAGE_ENABLED}</li> <li>{@link android.provider.Settings.Global#WIFI_SLEEP_POLICY}</li> <li>{@link android.provider.Settings.Global#STAY_ON_WHILE_PLUGGED_IN} This setting is only available from {@link android.os.Build.VERSION_CODES#M} onwards and can only be set if {@link #setMaximumTimeToLock} is not used to set a timeout.</li> <li>{@link android.provider.Settings.Global#WIFI_DEVICE_OWNER_CONFIGS_LOCKDOWN}</li> This setting is only available from {@link android.os.Build.VERSION_CODES#M} onwards.</li> </ul> <p> Changing the following settings has no effect as of {@link android.os.Build.VERSION_CODES#M}: <ul> <li>{@link android.provider.Settings.Global#BLUETOOTH_ON}. Use {@link android.bluetooth.BluetoothAdapter#enable()} and {@link android.bluetooth.BluetoothAdapter#disable()} instead.</li> <li>{@link android.provider.Settings.Global#DEVELOPMENT_SETTINGS_ENABLED}</li> <li>{@link android.provider.Settings.Global#MODE_RINGER}. Use {@link android.media.AudioManager#setRingerMode(int)} instead.</li> <li>{@link android.provider.Settings.Global#NETWORK_PREFERENCE}</li> <li>{@link android.provider.Settings.Global#WIFI_ON}. Use {@link android.net.wifi.WifiManager#setWifiEnabled(boolean)} instead.</li> </ul> @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {String} setting The name of the setting to update. @param {String} value The value to update the setting to. @throws SecurityException if {@code admin} is not a device owner. */ setGlobalSetting : function( ) {}, /**Called by a device or profile owner to update {@link android.provider.Settings.System} settings. Validation that the value of the setting is in the correct form for the setting type should be performed by the caller. <p> The settings that can be updated by a device owner or profile owner of secondary user with this method are: <ul> <li>{@link android.provider.Settings.System#SCREEN_BRIGHTNESS}</li> <li>{@link android.provider.Settings.System#SCREEN_BRIGHTNESS_MODE}</li> <li>{@link android.provider.Settings.System#SCREEN_OFF_TIMEOUT}</li> </ul> <p> @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {String} setting The name of the setting to update. @param {String} value The value to update the setting to. @param value The value to update the setting to. @throws SecurityException if {@code admin} is not a device or profile owner. */ setSystemSetting : function( ) {}, /**Called by device owner to set the system wall clock time. This only takes effect if called when {@link android.provider.Settings.Global#AUTO_TIME} is 0, otherwise {@code false} will be returned. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with @param {Number} millis time in milliseconds since the Epoch @return {Boolean} {@code true} if set time succeeded, {@code false} otherwise. @throws SecurityException if {@code admin} is not a device owner. */ setTime : function( ) {}, /**Called by device owner to set the system's persistent default time zone. This only takes effect if called when {@link android.provider.Settings.Global#AUTO_TIME_ZONE} is 0, otherwise {@code false} will be returned. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with @param {String} timeZone one of the Olson ids from the list returned by {@link java.util.TimeZone#getAvailableIDs} @param timeZone one of the Olson ids from the list returned by {@link java.util.TimeZone#getAvailableIDs} @return {Boolean} {@code true} if set timezone succeeded, {@code false} otherwise. @throws SecurityException if {@code admin} is not a device owner. */ setTimeZone : function( ) {}, /**Called by profile or device owners to update {@link android.provider.Settings.Secure} settings. Validation that the value of the setting is in the correct form for the setting type should be performed by the caller. <p> The settings that can be updated by a profile or device owner with this method are: <ul> <li>{@link android.provider.Settings.Secure#DEFAULT_INPUT_METHOD}</li> <li>{@link android.provider.Settings.Secure#SKIP_FIRST_USE_HINTS}</li> </ul> <p> A device owner can additionally update the following settings: <ul> <li>{@link android.provider.Settings.Secure#LOCATION_MODE}</li> </ul> <strong>Note: Starting from Android O, apps should no longer call this method with the setting {@link android.provider.Settings.Secure#INSTALL_NON_MARKET_APPS}, which is deprecated. Instead, device owners or profile owners should use the restriction {@link UserManager#DISALLOW_INSTALL_UNKNOWN_SOURCES}. If any app targeting {@link android.os.Build.VERSION_CODES#O} or higher calls this method with {@link android.provider.Settings.Secure#INSTALL_NON_MARKET_APPS}, an {@link UnsupportedOperationException} is thrown. Starting from Android Q, the device and profile owner can also call {@link UserManager#DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY} to restrict unknown sources for all users. </strong> @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {String} setting The name of the setting to update. @param {String} value The value to update the setting to. @throws SecurityException if {@code admin} is not a device or profile owner. */ setSecureSetting : function( ) {}, /**Designates a specific service component as the provider for making permission requests of a local or remote administrator of the user. <p/> Only a profile owner can designate the restrictions provider. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Object {ComponentName}} provider The component name of the service that implements {@link RestrictionsReceiver}. If this param is null, it removes the restrictions provider previously assigned. @throws SecurityException if {@code admin} is not a device or profile owner. */ setRestrictionsProvider : function( ) {}, /**Called by profile or device owners to set the master volume mute on or off. This has no effect when set on a managed profile. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Boolean} on {@code true} to mute master volume, {@code false} to turn mute off. @throws SecurityException if {@code admin} is not a device or profile owner. */ setMasterVolumeMuted : function( ) {}, /**Called by profile or device owners to check whether the master volume mute is on or off. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @return {Boolean} {@code true} if master volume is muted, {@code false} if it's not. @throws SecurityException if {@code admin} is not a device or profile owner. */ isMasterVolumeMuted : function( ) {}, /**Change whether a user can uninstall a package. This function can be called by a device owner, profile owner, or by a delegate given the {@link #DELEGATION_BLOCK_UNINSTALL} scope via {@link #setDelegatedScopes}. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with, or {@code null} if the caller is a block uninstall delegate. @param {String} packageName package to change. @param {Boolean} uninstallBlocked true if the user shouldn't be able to uninstall the package. @throws SecurityException if {@code admin} is not a device or profile owner. @see #setDelegatedScopes @see #DELEGATION_BLOCK_UNINSTALL */ setUninstallBlocked : function( ) {}, /**Check whether the user has been blocked by device policy from uninstalling a package. Requires the caller to be the profile owner if checking a specific admin's policy. <p> <strong>Note:</strong> Starting from {@link android.os.Build.VERSION_CODES#LOLLIPOP_MR1}, the behavior of this API is changed such that passing {@code null} as the {@code admin} parameter will return if any admin has blocked the uninstallation. Before L MR1, passing {@code null} will cause a NullPointerException to be raised. @param {Object {ComponentName}} admin The name of the admin component whose blocking policy will be checked, or {@code null} to check whether any admin has blocked the uninstallation. @param {String} packageName package to check. @return {Boolean} true if uninstallation is blocked. @throws SecurityException if {@code admin} is not a device or profile owner. */ isUninstallBlocked : function( ) {}, /**Called by the profile owner of a managed profile to enable widget providers from a given package to be available in the parent profile. As a result the user will be able to add widgets from the white-listed package running under the profile to a widget host which runs under the parent profile, for example the home screen. Note that a package may have zero or more provider components, where each component provides a different widget type. <p> <strong>Note:</strong> By default no widget provider package is white-listed. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {String} packageName The package from which widget providers are white-listed. @return {Boolean} Whether the package was added. @throws SecurityException if {@code admin} is not a profile owner. @see #removeCrossProfileWidgetProvider(android.content.ComponentName, String) @see #getCrossProfileWidgetProviders(android.content.ComponentName) */ addCrossProfileWidgetProvider : function( ) {}, /**Called by the profile owner of a managed profile to disable widget providers from a given package to be available in the parent profile. For this method to take effect the package should have been added via {@link #addCrossProfileWidgetProvider( android.content.ComponentName, String)}. <p> <strong>Note:</strong> By default no widget provider package is white-listed. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {String} packageName The package from which widget providers are no longer white-listed. @return {Boolean} Whether the package was removed. @throws SecurityException if {@code admin} is not a profile owner. @see #addCrossProfileWidgetProvider(android.content.ComponentName, String) @see #getCrossProfileWidgetProviders(android.content.ComponentName) */ removeCrossProfileWidgetProvider : function( ) {}, /**Called by the profile owner of a managed profile to query providers from which packages are available in the parent profile. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @return {Object {java.util.List}} The white-listed package list. @see #addCrossProfileWidgetProvider(android.content.ComponentName, String) @see #removeCrossProfileWidgetProvider(android.content.ComponentName, String) @throws SecurityException if {@code admin} is not a profile owner. */ getCrossProfileWidgetProviders : function( ) {}, /**Called by profile or device owners to set the user's photo. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Object {Bitmap}} icon the bitmap to set as the photo. @throws SecurityException if {@code admin} is not a device or profile owner. */ setUserIcon : function( ) {}, /**Called by device owners to set a local system update policy. When a new policy is set, {@link #ACTION_SYSTEM_UPDATE_POLICY_CHANGED} is broadcasted. <p> If the supplied system update policy has freeze periods set but the freeze periods do not meet 90-day maximum length or 60-day minimum separation requirement set out in {@link android.app.admin.SystemUpdatePolicy#setFreezePeriods}, {@link android.app.admin.SystemUpdatePolicy.ValidationFailedException} will the thrown. Note that the system keeps a record of freeze periods the device experienced previously, and combines them with the new freeze periods to be set when checking the maximum freeze length and minimum freeze separation constraints. As a result, freeze periods that passed validation during {@link android.app.admin.SystemUpdatePolicy#setFreezePeriods} might fail the additional checks here due to the freeze period history. If this is causing issues during development, {@code adb shell dpm clear-freeze-period-record} can be used to clear the record. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. All components in the device owner package can set system update policies and the most recent policy takes effect. @param {Object {SystemUpdatePolicy}} policy the new policy, or {@code null} to clear the current policy. @throws SecurityException if {@code admin} is not a device owner. @throws IllegalArgumentException if the policy type or maintenance window is not valid. @throws SystemUpdatePolicy.ValidationFailedException if the policy's freeze period does not meet the requirement. @see SystemUpdatePolicy @see SystemUpdatePolicy#setFreezePeriods(List) */ setSystemUpdatePolicy : function( ) {}, /**Retrieve a local system update policy set previously by {@link #setSystemUpdatePolicy}. @return {Object {android.app.admin.SystemUpdatePolicy}} The current policy object, or {@code null} if no policy is set. */ getSystemUpdatePolicy : function( ) {}, /**Reset record of previous system update freeze period the device went through. Only callable by ADB. @hide */ clearSystemUpdatePolicyFreezePeriodRecord : function( ) {}, /**Called by a device owner or profile owner of secondary users that is affiliated with the device to disable the keyguard altogether. <p> Setting the keyguard to disabled has the same effect as choosing "None" as the screen lock type. However, this call has no effect if a password, pin or pattern is currently set. If a password, pin or pattern is set after the keyguard was disabled, the keyguard stops being disabled. <p> As of {@link android.os.Build.VERSION_CODES#P}, this call also dismisses the keyguard if it is currently shown. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Boolean} disabled {@code true} disables the keyguard, {@code false} reenables it. @return {Boolean} {@code false} if attempting to disable the keyguard while a lock password was in place. {@code true} otherwise. @throws SecurityException if {@code admin} is not the device owner, or a profile owner of secondary user that is affiliated with the device. @see #isAffiliatedUser @see #getSecondaryUsers */ setKeyguardDisabled : function( ) {}, /**Called by device owner or profile owner of secondary users that is affiliated with the device to disable the status bar. Disabling the status bar blocks notifications, quick settings and other screen overlays that allow escaping from a single use device. <p> <strong>Note:</strong> This method has no effect for LockTask mode. The behavior of the status bar in LockTask mode can be configured with {@link #setLockTaskFeatures(ComponentName, int)}. Calls to this method when the device is in LockTask mode will be registered, but will only take effect when the device leaves LockTask mode. <p>This policy does not have any effect while on the lock screen, where the status bar will not be disabled. Using LockTask instead of this method is recommended. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Boolean} disabled {@code true} disables the status bar, {@code false} reenables it. @return {Boolean} {@code false} if attempting to disable the status bar failed. {@code true} otherwise. @throws SecurityException if {@code admin} is not the device owner, or a profile owner of secondary user that is affiliated with the device. @see #isAffiliatedUser @see #getSecondaryUsers */ setStatusBarDisabled : function( ) {}, /**Called by the system update service to notify device and profile owners of pending system updates. This method should only be used when it is unknown whether the pending system update is a security patch. Otherwise, use {@link #notifyPendingSystemUpdate(long, boolean)}. @param {Number} updateReceivedTime The time as given by {@link System#currentTimeMillis()} indicating when the current pending update was first available. {@code -1} if no update is available. @see #notifyPendingSystemUpdate(long, boolean) @hide */ notifyPendingSystemUpdate : function( ) {}, /**Called by the system update service to notify device and profile owners of pending system updates. This method should be used instead of {@link #notifyPendingSystemUpdate}(long) when it is known whether the pending system update is a security patch. @param {Number} updateReceivedTime The time as given by {@link System#currentTimeMillis()} indicating when the current pending update was first available. {@code -1} if no update is available. @param {Boolean} isSecurityPatch {@code true} if this system update is purely a security patch; {@code false} if not. @see #notifyPendingSystemUpdate(long) @hide */ notifyPendingSystemUpdate : function( ) {}, /**Called by device or profile owners to get information about a pending system update. @param {Object {ComponentName}} admin Which profile or device owner this request is associated with. @return {Object {android.app.admin.SystemUpdateInfo}} Information about a pending system update or {@code null} if no update pending. @throws SecurityException if {@code admin} is not a device or profile owner. @see DeviceAdminReceiver#onSystemUpdatePending(Context, Intent, long) */ getPendingSystemUpdate : function( ) {}, /**Set the default response for future runtime permission requests by applications. This function can be called by a device owner, profile owner, or by a delegate given the {@link #DELEGATION_PERMISSION_GRANT} scope via {@link #setDelegatedScopes}. The policy can allow for normal operation which prompts the user to grant a permission, or can allow automatic granting or denying of runtime permission requests by an application. This also applies to new permissions declared by app updates. When a permission is denied or granted this way, the effect is equivalent to setting the permission * grant state via {@link #setPermissionGrantState}. <p/> As this policy only acts on runtime permission requests, it only applies to applications built with a {@code targetSdkVersion} of {@link android.os.Build.VERSION_CODES#M} or later. @param {Object {ComponentName}} admin Which profile or device owner this request is associated with. @param {Number} policy One of the policy constants {@link #PERMISSION_POLICY_PROMPT}, {@link #PERMISSION_POLICY_AUTO_GRANT} and {@link #PERMISSION_POLICY_AUTO_DENY}. @throws SecurityException if {@code admin} is not a device or profile owner. @see #setPermissionGrantState @see #setDelegatedScopes @see #DELEGATION_PERMISSION_GRANT */ setPermissionPolicy : function( ) {}, /**Returns the current runtime permission policy set by the device or profile owner. The default is {@link #PERMISSION_POLICY_PROMPT}. @param {Object {ComponentName}} admin Which profile or device owner this request is associated with. @return {Number} the current policy for future permission requests. */ getPermissionPolicy : function( ) {}, /**Sets the grant state of a runtime permission for a specific application. The state can be {@link #PERMISSION_GRANT_STATE_DEFAULT default} in which a user can manage it through the UI, {@link #PERMISSION_GRANT_STATE_DENIED denied}, in which the permission is denied and the user cannot manage it through the UI, and {@link #PERMISSION_GRANT_STATE_GRANTED granted} in which the permission is granted and the user cannot manage it through the UI. This method can only be called by a profile owner, device owner, or a delegate given the {@link #DELEGATION_PERMISSION_GRANT} scope via {@link #setDelegatedScopes}. <p/> Note that user cannot manage other permissions in the affected group through the UI either and their granted state will be kept as the current value. Thus, it's recommended that you set the grant state of all the permissions in the affected group. <p/> Setting the grant state to {@link #PERMISSION_GRANT_STATE_DEFAULT default} does not revoke the permission. It retains the previous grant, if any. <p/> Device admins with a {@code targetSdkVersion} < {@link android.os.Build.VERSION_CODES#Q} cannot grant and revoke permissions for applications built with a {@code targetSdkVersion} < {@link android.os.Build.VERSION_CODES#M}. <p/> Admins with a {@code targetSdkVersion} ≥ {@link android.os.Build.VERSION_CODES#Q} can grant and revoke permissions of all apps. Similar to the user revoking a permission from a application built with a {@code targetSdkVersion} < {@link android.os.Build.VERSION_CODES#M} the app-op matching the permission is set to {@link android.app.AppOpsManager#MODE_IGNORED}, but the permission stays granted. @param {Object {ComponentName}} admin Which profile or device owner this request is associated with. @param {String} packageName The application to grant or revoke a permission to. @param {String} permission The permission to grant or revoke. @param {Number} grantState The permission grant state which is one of {@link #PERMISSION_GRANT_STATE_DENIED}, {@link #PERMISSION_GRANT_STATE_DEFAULT}, {@link #PERMISSION_GRANT_STATE_GRANTED}, @return {Boolean} whether the permission was successfully granted or revoked. @throws SecurityException if {@code admin} is not a device or profile owner. @see #PERMISSION_GRANT_STATE_DENIED @see #PERMISSION_GRANT_STATE_DEFAULT @see #PERMISSION_GRANT_STATE_GRANTED @see #setDelegatedScopes @see #DELEGATION_PERMISSION_GRANT */ setPermissionGrantState : function( ) {}, /**Returns the current grant state of a runtime permission for a specific application. This function can be called by a device owner, profile owner, or by a delegate given the {@link #DELEGATION_PERMISSION_GRANT} scope via {@link #setDelegatedScopes}. @param {Object {ComponentName}} admin Which profile or device owner this request is associated with, or {@code null} if the caller is a permission grant delegate. @param {String} packageName The application to check the grant state for. @param {String} permission The permission to check for. @return {Number} the current grant state specified by device policy. If the profile or device owner has not set a grant state, the return value is {@link #PERMISSION_GRANT_STATE_DEFAULT}. This does not indicate whether or not the permission is currently granted for the package. <p/> If a grant state was set by the profile or device owner, then the return value will be one of {@link #PERMISSION_GRANT_STATE_DENIED} or {@link #PERMISSION_GRANT_STATE_GRANTED}, which indicates if the permission is currently denied or granted. @throws SecurityException if {@code admin} is not a device or profile owner. @see #setPermissionGrantState(ComponentName, String, String, int) @see PackageManager#checkPermission(String, String) @see #setDelegatedScopes @see #DELEGATION_PERMISSION_GRANT */ getPermissionGrantState : function( ) {}, /**Returns whether it is possible for the caller to initiate provisioning of a managed profile or device, setting itself as the device or profile owner. @param {String} action One of {@link #ACTION_PROVISION_MANAGED_DEVICE}, {@link #ACTION_PROVISION_MANAGED_PROFILE}. @return {Boolean} whether provisioning a managed profile or device is possible. @throws IllegalArgumentException if the supplied action is not valid. */ isProvisioningAllowed : function( ) {}, /**Checks whether it is possible to initiate provisioning a managed device, profile or user, setting the given package as owner. @param {String} action One of {@link #ACTION_PROVISION_MANAGED_DEVICE}, {@link #ACTION_PROVISION_MANAGED_PROFILE}, {@link #ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE}, {@link #ACTION_PROVISION_MANAGED_USER} @param {String} packageName The package of the component that would be set as device, user, or profile owner. @return {Number} A {@link ProvisioningPreCondition} value indicating whether provisioning is allowed. @hide */ checkProvisioningPreCondition : function( ) {}, /**Return if this user is a managed profile of another user. An admin can become the profile owner of a managed profile with {@link #ACTION_PROVISION_MANAGED_PROFILE} and of a managed user with {@link #createAndManageUser} @param {Object {ComponentName}} admin Which profile owner this request is associated with. @return {Boolean} if this user is a managed profile of another user. */ isManagedProfile : function( ) {}, /** @param {Object {ComponentName}} admin Which device owner this request is associated with. @param admin Which device owner this request is associated with. @return {Boolean} if this user is a system-only user. */ isSystemOnlyUser : function( ) {}, /**Called by device owner to get the MAC address of the Wi-Fi device. @param {Object {ComponentName}} admin Which device owner this request is associated with. @return {String} the MAC address of the Wi-Fi device, or null when the information is not available. (For example, Wi-Fi hasn't been enabled, or the device doesn't support Wi-Fi.) <p> The address will be in the {@code XX:XX:XX:XX:XX:XX} format. @throws SecurityException if {@code admin} is not a device owner. */ getWifiMacAddress : function( ) {}, /**Called by device owner to reboot the device. If there is an ongoing call on the device, throws an {@link IllegalStateException}. @param {Object {ComponentName}} admin Which device owner the request is associated with. @throws IllegalStateException if device has an ongoing call. @throws SecurityException if {@code admin} is not a device owner. @see TelephonyManager#CALL_STATE_IDLE */ reboot : function( ) {}, /**Called by a device admin to set the short support message. This will be displayed to the user in settings screens where funtionality has been disabled by the admin. The message should be limited to a short statement such as "This setting is disabled by your administrator. Contact someone@example.com for support." If the message is longer than 200 characters it may be truncated. <p> If the short support message needs to be localized, it is the responsibility of the {@link android.app.admin.DeviceAdminReceiver} to listen to the {@link Intent#ACTION_LOCALE_CHANGED} broadcast and set a new version of this string accordingly. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Object {CharSequence}} message Short message to be displayed to the user in settings or null to clear the existing message. @param message Short message to be displayed to the user in settings or null to clear the existing message. @throws SecurityException if {@code admin} is not an active administrator. */ setShortSupportMessage : function( ) {}, /**Called by a device admin to get the short support message. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @return {Object {java.lang.CharSequence}} The message set by {@link #setShortSupportMessage(ComponentName, CharSequence)} or null if no message has been set. @throws SecurityException if {@code admin} is not an active administrator. */ getShortSupportMessage : function( ) {}, /**Called by a device admin to set the long support message. This will be displayed to the user in the device administators settings screen. <p> If the long support message needs to be localized, it is the responsibility of the {@link android.app.admin.DeviceAdminReceiver} to listen to the {@link Intent#ACTION_LOCALE_CHANGED} broadcast and set a new version of this string accordingly. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Object {CharSequence}} message Long message to be displayed to the user in settings or null to clear the existing message. @param message Long message to be displayed to the user in settings or null to clear the existing message. @throws SecurityException if {@code admin} is not an active administrator. */ setLongSupportMessage : function( ) {}, /**Called by a device admin to get the long support message. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @return {Object {java.lang.CharSequence}} The message set by {@link #setLongSupportMessage(ComponentName, CharSequence)} or null if no message has been set. @throws SecurityException if {@code admin} is not an active administrator. */ getLongSupportMessage : function( ) {}, /**Called by the system to get the short support message. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Number} userHandle user id the admin is running as. @return {Object {java.lang.CharSequence}} The message set by {@link #setShortSupportMessage(ComponentName, CharSequence)} @hide */ getShortSupportMessageForUser : function( ) {}, /**Called by the system to get the long support message. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Number} userHandle user id the admin is running as. @return {Object {java.lang.CharSequence}} The message set by {@link #setLongSupportMessage(ComponentName, CharSequence)} @hide */ getLongSupportMessageForUser : function( ) {}, /**Called by the profile owner of a managed profile to obtain a {@link android.app.admin.DevicePolicyManager} whose calls act on the parent profile. <p>The following methods are supported for the parent instance, all other methods will throw a SecurityException when called on the parent instance: <ul> <li>{@link #getPasswordQuality}</li> <li>{@link #setPasswordQuality}</li> <li>{@link #getPasswordMinimumLength}</li> <li>{@link #setPasswordMinimumLength}</li> <li>{@link #getPasswordMinimumUpperCase}</li> <li>{@link #setPasswordMinimumUpperCase}</li> <li>{@link #getPasswordMinimumLowerCase}</li> <li>{@link #setPasswordMinimumLowerCase}</li> <li>{@link #getPasswordMinimumLetters}</li> <li>{@link #setPasswordMinimumLetters}</li> <li>{@link #getPasswordMinimumNumeric}</li> <li>{@link #setPasswordMinimumNumeric}</li> <li>{@link #getPasswordMinimumSymbols}</li> <li>{@link #setPasswordMinimumSymbols}</li> <li>{@link #getPasswordMinimumNonLetter}</li> <li>{@link #setPasswordMinimumNonLetter}</li> <li>{@link #getPasswordHistoryLength}</li> <li>{@link #setPasswordHistoryLength}</li> <li>{@link #getPasswordExpirationTimeout}</li> <li>{@link #setPasswordExpirationTimeout}</li> <li>{@link #getPasswordExpiration}</li> <li>{@link #getPasswordMaximumLength}</li> <li>{@link #isActivePasswordSufficient}</li> <li>{@link #getCurrentFailedPasswordAttempts}</li> <li>{@link #getMaximumFailedPasswordsForWipe}</li> <li>{@link #setMaximumFailedPasswordsForWipe}</li> <li>{@link #getMaximumTimeToLock}</li> <li>{@link #setMaximumTimeToLock}</li> <li>{@link #lockNow}</li> <li>{@link #getKeyguardDisabledFeatures}</li> <li>{@link #setKeyguardDisabledFeatures}</li> <li>{@link #getTrustAgentConfiguration}</li> <li>{@link #setTrustAgentConfiguration}</li> <li>{@link #getRequiredStrongAuthTimeout}</li> <li>{@link #setRequiredStrongAuthTimeout}</li> </ul> @return {Object {android.app.admin.DevicePolicyManager}} a new instance of {@link DevicePolicyManager} that acts on the parent profile. @throws SecurityException if {@code admin} is not a profile owner. */ getParentProfileInstance : function( ) {}, /**Called by device owner to control the security logging feature. <p> Security logs contain various information intended for security auditing purposes. See {@link android.app.admin.SecurityLog.SecurityEvent} for details. <p><strong>Note:</strong> The device owner won't be able to retrieve security logs if there are unaffiliated secondary users or profiles on the device, regardless of whether the feature is enabled. Logs will be discarded if the internal buffer fills up while waiting for all users to become affiliated. Therefore it's recommended that affiliation ids are set for new users as soon as possible after provisioning via {@link #setAffiliationIds}. @param {Object {ComponentName}} admin Which device owner this request is associated with. @param {Boolean} enabled whether security logging should be enabled or not. @throws SecurityException if {@code admin} is not a device owner. @see #setAffiliationIds @see #retrieveSecurityLogs */ setSecurityLoggingEnabled : function( ) {}, /**Return whether security logging is enabled or not by the device owner. <p>Can only be called by the device owner, otherwise a {@link SecurityException} will be thrown. @param {Object {ComponentName}} admin Which device owner this request is associated with. @return {Boolean} {@code true} if security logging is enabled by device owner, {@code false} otherwise. @throws SecurityException if {@code admin} is not a device owner. */ isSecurityLoggingEnabled : function( ) {}, /**Called by device owner to retrieve all new security logging entries since the last call to this API after device boots. <p> Access to the logs is rate limited and it will only return new logs after the device owner has been notified via {@link android.app.admin.DeviceAdminReceiver#onSecurityLogsAvailable}. <p>If there is any other user or profile on the device, it must be affiliated with the device. Otherwise a {@link SecurityException} will be thrown. See {@link #isAffiliatedUser}. @param {Object {ComponentName}} admin Which device owner this request is associated with. @return {Object {java.util.List}} the new batch of security logs which is a list of {@link SecurityEvent}, or {@code null} if rate limitation is exceeded or if logging is currently disabled. @throws SecurityException if {@code admin} is not a device owner, or there is at least one profile or secondary user that is not affiliated with the device. @see #isAffiliatedUser @see DeviceAdminReceiver#onSecurityLogsAvailable */ retrieveSecurityLogs : function( ) {}, /**Makes all accumulated network logs available to DPC in a new batch. Only callable by ADB. If throttled, returns time to wait in milliseconds, otherwise 0. @hide */ forceNetworkLogs : function( ) {}, /**Forces a batch of security logs to be fetched from logd and makes it available for DPC. Only callable by ADB. If throttled, returns time to wait in milliseconds, otherwise 0. @hide */ forceSecurityLogs : function( ) {}, /**Called by the system to obtain a {@link android.app.admin.DevicePolicyManager} whose calls act on the parent profile. @hide */ getParentProfileInstance : function( ) {}, /**Called by a device or profile owner to restrict packages from using metered data. @param {Object {ComponentName}} admin which {@link DeviceAdminReceiver} this request is associated with. @param {Object {java.util.List}} packageNames the list of package names to be restricted. @return {Object {java.util.List}} a list of package names which could not be restricted. @throws SecurityException if {@code admin} is not a device or profile owner. */ setMeteredDataDisabledPackages : function( ) {}, /**Called by a device or profile owner to retrieve the list of packages which are restricted by the admin from using metered data. @param {Object {ComponentName}} admin which {@link DeviceAdminReceiver} this request is associated with. @return {Object {java.util.List}} the list of restricted package names. @throws SecurityException if {@code admin} is not a device or profile owner. */ getMeteredDataDisabledPackages : function( ) {}, /**Called by the system to check if a package is restricted from using metered data by {@param admin}. @param {Object {ComponentName}} admin which {@link DeviceAdminReceiver} this request is associated with. @param {String} packageName the package whose restricted status is needed. @param {Number} userId the user to which {@param packageName} belongs. @return {Boolean} {@code true} if the package is restricted by admin, otherwise {@code false} @throws SecurityException if the caller doesn't run with {@link Process#SYSTEM_UID} @hide */ isMeteredDataDisabledPackageForUser : function( ) {}, /**Called by device owners to retrieve device logs from before the device's last reboot. <p> <strong> This API is not supported on all devices. Calling this API on unsupported devices will result in {@code null} being returned. The device logs are retrieved from a RAM region which is not guaranteed to be corruption-free during power cycles, as a result be cautious about data corruption when parsing. </strong> <p>If there is any other user or profile on the device, it must be affiliated with the device. Otherwise a {@link SecurityException} will be thrown. See {@link #isAffiliatedUser}. @param {Object {ComponentName}} admin Which device owner this request is associated with. @return {Object {java.util.List}} Device logs from before the latest reboot of the system, or {@code null} if this API is not supported on the device. @throws SecurityException if {@code admin} is not a device owner, or there is at least one profile or secondary user that is not affiliated with the device. @see #isAffiliatedUser @see #retrieveSecurityLogs */ retrievePreRebootSecurityLogs : function( ) {}, /**Called by a profile owner of a managed profile to set the color used for customization. This color is used as background color of the confirm credentials screen for that user. The default color is teal (#00796B). <p> The confirm credentials screen can be created using {@link android.app.KeyguardManager#createConfirmDeviceCredentialIntent}. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Number} color The 24bit (0xRRGGBB) representation of the color to be used. @throws SecurityException if {@code admin} is not a profile owner. */ setOrganizationColor : function( ) {}, /** @param {Number} color The 24bit (0xRRGGBB) representation of the color to be used. @param {Number} userId which user to set the color to. @param userId which user to set the color to. @RequiresPermission(allOf = { Manifest.permission.MANAGE_USERS, Manifest.permission.INTERACT_ACROSS_USERS_FULL}) */ setOrganizationColorForUser : function( ) {}, /**Called by a profile owner of a managed profile to retrieve the color used for customization. This color is used as background color of the confirm credentials screen for that user. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @return {Number} The 24bit (0xRRGGBB) representation of the color to be used. @throws SecurityException if {@code admin} is not a profile owner. */ getOrganizationColor : function( ) {}, /** @param {Number} userHandle The user id of the user we're interested in. @param userHandle The user id of the user we're interested in. @return {Number} The 24bit (0xRRGGBB) representation of the color to be used. */ getOrganizationColorForUser : function( ) {}, /**Called by the device owner (since API 26) or profile owner (since API 24) to set the name of the organization under management. <p>If the organization name needs to be localized, it is the responsibility of the {@link android.app.admin.DeviceAdminReceiver} to listen to the {@link Intent#ACTION_LOCALE_CHANGED} broadcast and set a new version of this string accordingly. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Object {CharSequence}} title The organization name or {@code null} to clear a previously set name. @throws SecurityException if {@code admin} is not a device or profile owner. */ setOrganizationName : function( ) {}, /**Called by a profile owner of a managed profile to retrieve the name of the organization under management. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @return {Object {java.lang.CharSequence}} The organization name or {@code null} if none is set. @throws SecurityException if {@code admin} is not a profile owner. */ getOrganizationName : function( ) {}, /**Called by the system to retrieve the name of the organization managing the device. @return {Object {java.lang.CharSequence}} The organization name or {@code null} if none is set. @throws SecurityException if the caller is not the device owner, does not hold the MANAGE_USERS permission and is not the system. @hide */ getDeviceOwnerOrganizationName : function( ) {}, /**Retrieve the default title message used in the confirm credentials screen for a given user. @param {Number} userHandle The user id of the user we're interested in. @return {Object {java.lang.CharSequence}} The organization name or {@code null} if none is set. @hide */ getOrganizationNameForUser : function( ) {}, /** @return {Number} the {@link UserProvisioningState} for the current user - for unmanaged users will return {@link #STATE_USER_UNMANAGED} @hide */ getUserProvisioningState : function( ) {}, /**Set the {@link android.app.admin.DevicePolicyManager.UserProvisioningState} for the supplied user, if they are managed. @param {Number} state to store @param {Number} userHandle for user @hide */ setUserProvisioningState : function( ) {}, /**Indicates the entity that controls the device or profile owner. Two users/profiles are affiliated if the set of ids set by their device or profile owners intersect. <p>A user/profile that is affiliated with the device owner user is considered to be affiliated with the device. <p><strong>Note:</strong> Features that depend on user affiliation (such as security logging or {@link #bindDeviceAdminServiceAsUser}) won't be available when a secondary user or profile is created, until it becomes affiliated. Therefore it is recommended that the appropriate affiliation ids are set by its profile owner as soon as possible after the user/profile is created. @param {Object {ComponentName}} admin Which profile or device owner this request is associated with. @param {Object {java.util.Set}} ids A set of opaque non-empty affiliation ids. @throws IllegalArgumentException if {@code ids} is null or contains an empty string. @see #isAffiliatedUser */ setAffiliationIds : function( ) {}, /**Returns the set of affiliation ids previously set via {@link #setAffiliationIds}, or an empty set if none have been set. */ getAffiliationIds : function( ) {}, /**Returns whether this user/profile is affiliated with the device. <p> By definition, the user that the device owner runs on is always affiliated with the device. Any other user/profile is considered affiliated with the device if the set specified by its profile owner via {@link #setAffiliationIds} intersects with the device owner's. @see #setAffiliationIds */ isAffiliatedUser : function( ) {}, /** @param {String} packageName the package to check for @param packageName the package to check for @return {Boolean} whether the uninstall intent for {@code packageName} is pending */ isUninstallInQueue : function( ) {}, /** @param {String} packageName the package containing active DAs to be uninstalled @param packageName the package containing active DAs to be uninstalled */ uninstallPackageWithActiveAdmins : function( ) {}, /** @param {Object {ComponentName}} userHandle user id to remove the admin for. @param {Number} admin The administration compononent to remove. @param admin The administration compononent to remove. @throws SecurityException if the caller is not shell / root or the admin package isn't a test application see {@link ApplicationInfo#FLAG_TEST_APP}. */ forceRemoveActiveAdmin : function( ) {}, /**Returns whether the device has been provisioned. <p>Not for use by third-party applications. @hide */ isDeviceProvisioned : function( ) {}, /**Writes that the provisioning configuration has been applied. <p>The caller must hold the {@link android.Manifest.permission#MANAGE_USERS} permission. <p>Not for use by third-party applications. @hide */ setDeviceProvisioningConfigApplied : function( ) {}, /**Returns whether the provisioning configuration has been applied. <p>The caller must hold the {@link android.Manifest.permission#MANAGE_USERS} permission. <p>Not for use by third-party applications. @return {Boolean} whether the provisioning configuration has been applied. @hide */ isDeviceProvisioningConfigApplied : function( ) {}, /** @hide Force update user setup completed status. This API has no effect on user build. @throws {@link SecurityException} if the caller has no {@code android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS} or the caller is not {@link UserHandle#SYSTEM_USER} */ forceUpdateUserSetupComplete : function( ) {}, /**Allows the device owner or profile owner to enable or disable the backup service. <p> Each user has its own backup service which manages the backup and restore mechanisms in that user. Disabling the backup service will prevent data from being backed up or restored. <p> Device owner calls this API to control backup services across all users on the device. Profile owner can use this API to enable or disable the profile's backup service. However, for a managed profile its backup functionality is only enabled if both the device owner and the profile owner have enabled the backup service. <p> By default, backup service is disabled on a device with device owner, and within a managed profile. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Boolean} enabled {@code true} to enable the backup service, {@code false} to disable it. @throws SecurityException if {@code admin} is not a device owner or a profile owner. */ setBackupServiceEnabled : function( ) {}, /**Return whether the backup service is enabled by the device owner or profile owner for the current user, as previously set by {@link #setBackupServiceEnabled(ComponentName, boolean)}. <p> Whether the backup functionality is actually enabled or not depends on settings from both the current user and the device owner, please see {@link #setBackupServiceEnabled(ComponentName, boolean)} for details. <p> Backup service manages all backup and restore mechanisms on the device. @return {Boolean} {@code true} if backup service is enabled, {@code false} otherwise. @see #setBackupServiceEnabled */ isBackupServiceEnabled : function( ) {}, /**Called by a device owner or delegated app with {@link #DELEGATION_NETWORK_LOGGING} to control the network logging feature. <p> Network logs contain DNS lookup and connect() library call events. The following library functions are recorded while network logging is active: <ul> <li>{@code getaddrinfo()}</li> <li>{@code gethostbyname()}</li> <li>{@code connect()}</li> </ul> <p> Network logging is a low-overhead tool for forensics but it is not guaranteed to use full system call logging; event reporting is enabled by default for all processes but not strongly enforced. Events from applications using alternative implementations of libc, making direct kernel calls, or deliberately obfuscating traffic may not be recorded. <p> Some common network events may not be reported. For example: <ul> <li>Applications may hardcode IP addresses to reduce the number of DNS lookups, or use an alternative system for name resolution, and so avoid calling {@code getaddrinfo()} or {@code gethostbyname}.</li> <li>Applications may use datagram sockets for performance reasons, for example for a game client. Calling {@code connect()} is unnecessary for this kind of socket, so it will not trigger a network event.</li> </ul> <p> It is possible to directly intercept layer 3 traffic leaving the device using an always-on VPN service. See {@link #setAlwaysOnVpnPackage(ComponentName, String, boolean)} and {@link android.net.VpnService} for details. <p><strong>Note:</strong> The device owner won't be able to retrieve network logs if there are unaffiliated secondary users or profiles on the device, regardless of whether the feature is enabled. Logs will be discarded if the internal buffer fills up while waiting for all users to become affiliated. Therefore it's recommended that affiliation ids are set for new users as soon as possible after provisioning via {@link #setAffiliationIds}. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with, or {@code null} if called by a delegated app. @param {Boolean} enabled whether network logging should be enabled or not. @throws SecurityException if {@code admin} is not a device owner. @see #setAffiliationIds @see #retrieveNetworkLogs */ setNetworkLoggingEnabled : function( ) {}, /**Return whether network logging is enabled by a device owner. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. Can only be {@code null} if the caller is a delegated app with {@link #DELEGATION_NETWORK_LOGGING} or has MANAGE_USERS permission. @return {Boolean} {@code true} if network logging is enabled by device owner, {@code false} otherwise. @throws SecurityException if {@code admin} is not a device owner and caller has no MANAGE_USERS permission */ isNetworkLoggingEnabled : function( ) {}, /**Called by device owner or delegated app with {@link #DELEGATION_NETWORK_LOGGING} to retrieve the most recent batch of network logging events. A device owner has to provide a batchToken provided as part of {@link android.app.admin.DeviceAdminReceiver#onNetworkLogsAvailable} callback. If the token doesn't match the token of the most recent available batch of logs, {@code null} will be returned. <p> {@link android.app.admin.NetworkEvent} can be one of {@link android.app.admin.DnsEvent} or {@link android.app.admin.ConnectEvent}. <p> The list of network events is sorted chronologically, and contains at most 1200 events. <p> Access to the logs is rate limited and this method will only return a new batch of logs after the device device owner has been notified via {@link android.app.admin.DeviceAdminReceiver#onNetworkLogsAvailable}. <p>If a secondary user or profile is created, calling this method will throw a {@link SecurityException} until all users become affiliated again. It will also no longer be possible to retrieve the network logs batch with the most recent batchToken provided by {@link android.app.admin.DeviceAdminReceiver#onNetworkLogsAvailable}. See {@link android.app.admin.DevicePolicyManager#setAffiliationIds}. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with, or {@code null} if called by a delegated app. @param {Number} batchToken A token of the batch to retrieve @return {Object {java.util.List}} A new batch of network logs which is a list of {@link NetworkEvent}. Returns {@code null} if the batch represented by batchToken is no longer available or if logging is disabled. @throws SecurityException if {@code admin} is not a device owner, or there is at least one profile or secondary user that is not affiliated with the device. @see #setAffiliationIds @see DeviceAdminReceiver#onNetworkLogsAvailable */ retrieveNetworkLogs : function( ) {}, /**Called by a device owner to bind to a service from a profile owner or vice versa. See {@link #getBindDeviceAdminTargetUsers} for a definition of which device/profile owners are allowed to bind to services of another profile/device owner. <p> The service must be protected by {@link android.Manifest.permission#BIND_DEVICE_ADMIN}. Note that the {@link Context} used to obtain this {@link android.app.admin.DevicePolicyManager} instance via {@link Context#getSystemService(Class)} will be used to bind to the {@link android.app.Service}. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Object {Intent}} serviceIntent Identifies the service to connect to. The Intent must specify either an explicit component name or a package name to match an {@link IntentFilter} published by a service. @param {Object {ServiceConnection}} conn Receives information as the service is started and stopped in main thread. This must be a valid {@link ServiceConnection} object; it must not be {@code null}. @param {Number} flags Operation options for the binding operation. See {@link Context#bindService(Intent, ServiceConnection, int)}. @param {Object {UserHandle}} targetUser Which user to bind to. Must be one of the users returned by {@link #getBindDeviceAdminTargetUsers}, otherwise a {@link SecurityException} will be thrown. @return {Boolean} If you have successfully bound to the service, {@code true} is returned; {@code false} is returned if the connection is not made and you will not receive the service object. @see Context#bindService(Intent, ServiceConnection, int) @see #getBindDeviceAdminTargetUsers(ComponentName) */ bindDeviceAdminServiceAsUser : function( ) {}, /**Returns the list of target users that the calling device or profile owner can use when calling {@link #bindDeviceAdminServiceAsUser}. <p> A device owner can bind to a service from a profile owner and vice versa, provided that: <ul> <li>Both belong to the same package name. <li>Both users are affiliated. See {@link #setAffiliationIds}. </ul> */ getBindDeviceAdminTargetUsers : function( ) {}, /**Called by the system to get the time at which the device owner last retrieved security logging entries. @return {Number} the time at which the device owner most recently retrieved security logging entries, in milliseconds since epoch; -1 if security logging entries were never retrieved. @throws SecurityException if the caller is not the device owner, does not hold the MANAGE_USERS permission and is not the system. @hide */ getLastSecurityLogRetrievalTime : function( ) {}, /**Called by the system to get the time at which the device owner last requested a bug report. @return {Number} the time at which the device owner most recently requested a bug report, in milliseconds since epoch; -1 if a bug report was never requested. @throws SecurityException if the caller is not the device owner, does not hold the MANAGE_USERS permission and is not the system. @hide */ getLastBugReportRequestTime : function( ) {}, /**Called by the system to get the time at which the device owner last retrieved network logging events. @return {Number} the time at which the device owner most recently retrieved network logging events, in milliseconds since epoch; -1 if network logging events were never retrieved. @throws SecurityException if the caller is not the device owner, does not hold the MANAGE_USERS permission and is not the system. @hide */ getLastNetworkLogRetrievalTime : function( ) {}, /**Called by the system to find out whether the current user's IME was set by the device/profile owner or the user. @return {Boolean} {@code true} if the user's IME was set by the device or profile owner, {@code false} otherwise. @throws SecurityException if the caller is not the device owner/profile owner. @hide */ isCurrentInputMethodSetByOwner : function( ) {}, /**Called by the system to get a list of CA certificates that were installed by the device or profile owner. <p> The caller must be the target user's device owner/profile Owner or hold the {@link android.Manifest.permission#INTERACT_ACROSS_USERS_FULL} permission. @param {Object {UserHandle}} user The user for whom to retrieve information. @return {Object {java.util.List}} list of aliases identifying CA certificates installed by the device or profile owner @throws SecurityException if the caller does not have permission to retrieve information about the given user's CA certificates. @hide */ getOwnerInstalledCaCerts : function( ) {}, /**Called by the device owner or profile owner to clear application user data of a given package. The behaviour of this is equivalent to the target application calling {@link android.app.ActivityManager#clearApplicationUserData()}. <p><strong>Note:</strong> an application can store data outside of its application data, e.g. external storage or user dictionary. This data will not be wiped by calling this API. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {String} packageName The name of the package which will have its user data wiped. @param {Object {Executor}} executor The executor through which the listener should be invoked. @param {Object {DevicePolicyManager.OnClearApplicationUserDataListener}} listener A callback object that will inform the caller when the clearing is done. @throws SecurityException if the caller is not the device owner/profile owner. */ clearApplicationUserData : function( ) {}, /**Called by a device owner to specify whether logout is enabled for all secondary users. The system may show a logout button that stops the user and switches back to the primary user. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Boolean} enabled whether logout should be enabled or not. @throws SecurityException if {@code admin} is not a device owner. */ setLogoutEnabled : function( ) {}, /**Returns whether logout is enabled by a device owner. @return {Boolean} {@code true} if logout is enabled by device owner, {@code false} otherwise. */ isLogoutEnabled : function( ) {}, /**Returns set of system apps that should be removed during provisioning. @param {Object {ComponentName}} admin Which {@link DeviceAdminReceiver} this request is associated with. @param {Number} userId ID of the user to be provisioned. @param {String} provisioningAction action indicating type of provisioning, should be one of {@link #ACTION_PROVISION_MANAGED_DEVICE}, {@link #ACTION_PROVISION_MANAGED_PROFILE} or {@link #ACTION_PROVISION_MANAGED_USER}. @hide */ getDisallowedSystemApps : function( ) {}, /**Changes the current administrator to another one. All policies from the current administrator are migrated to the new administrator. The whole operation is atomic - the transfer is either complete or not done at all. <p>Depending on the current administrator (device owner, profile owner), you have the following expected behaviour: <ul> <li>A device owner can only be transferred to a new device owner</li> <li>A profile owner can only be transferred to a new profile owner</li> </ul> <p>Use the {@code bundle} parameter to pass data to the new administrator. The data will be received in the {@link android.app.admin.DeviceAdminReceiver#onTransferOwnershipComplete(Context, PersistableBundle)} callback of the new administrator. <p>The transfer has failed if the original administrator is still the corresponding owner after calling this method. <p>The incoming target administrator must have the <code><support-transfer-ownership /></code> tag inside the <code><device-admin></device-admin></code> tags in the xml file referenced by {@link android.app.admin.DeviceAdminReceiver#DEVICE_ADMIN_META_DATA}. Otherwise an {@link IllegalArgumentException} will be thrown. @param {Object {ComponentName}} admin which {@link DeviceAdminReceiver} this request is associated with @param {Object {ComponentName}} target which {@link DeviceAdminReceiver} we want the new administrator to be @param {Object {PersistableBundle}} bundle data to be sent to the new administrator @throws SecurityException if {@code admin} is not a device owner nor a profile owner @throws IllegalArgumentException if {@code admin} or {@code target} is {@code null}, they are components in the same package or {@code target} is not an active admin */ transferOwnership : function( ) {}, /**Called by a device owner to specify the user session start message. This may be displayed during a user switch. <p> The message should be limited to a short statement or it may be truncated. <p> If the message needs to be localized, it is the responsibility of the {@link android.app.admin.DeviceAdminReceiver} to listen to the {@link Intent#ACTION_LOCALE_CHANGED} broadcast and set a new version of this message accordingly. @param {Object {ComponentName}} admin which {@link DeviceAdminReceiver} this request is associated with. @param {Object {CharSequence}} startUserSessionMessage message for starting user session, or {@code null} to use system default message. @throws SecurityException if {@code admin} is not a device owner. */ setStartUserSessionMessage : function( ) {}, /**Called by a device owner to specify the user session end message. This may be displayed during a user switch. <p> The message should be limited to a short statement or it may be truncated. <p> If the message needs to be localized, it is the responsibility of the {@link android.app.admin.DeviceAdminReceiver} to listen to the {@link Intent#ACTION_LOCALE_CHANGED} broadcast and set a new version of this message accordingly. @param {Object {ComponentName}} admin which {@link DeviceAdminReceiver} this request is associated with. @param {Object {CharSequence}} endUserSessionMessage message for ending user session, or {@code null} to use system default message. @throws SecurityException if {@code admin} is not a device owner. */ setEndUserSessionMessage : function( ) {}, /**Returns the user session start message. @param {Object {ComponentName}} admin which {@link DeviceAdminReceiver} this request is associated with. @throws SecurityException if {@code admin} is not a device owner. */ getStartUserSessionMessage : function( ) {}, /**Returns the user session end message. @param {Object {ComponentName}} admin which {@link DeviceAdminReceiver} this request is associated with. @throws SecurityException if {@code admin} is not a device owner. */ getEndUserSessionMessage : function( ) {}, /**Called by device owner to add an override APN. <p>This method may returns {@code -1} if {@code apnSetting} conflicts with an existing override APN. Update the existing conflicted APN with {@link #updateOverrideApn(ComponentName, int, ApnSetting)} instead of adding a new entry. <p>Two override APNs are considered to conflict when all the following APIs return the same values on both override APNs: <ul> <li>{@link ApnSetting#getOperatorNumeric()}</li> <li>{@link ApnSetting#getApnName()}</li> <li>{@link ApnSetting#getProxyAddressAsString()}</li> <li>{@link ApnSetting#getProxyPort()}</li> <li>{@link ApnSetting#getMmsProxyAddressAsString()}</li> <li>{@link ApnSetting#getMmsProxyPort()}</li> <li>{@link ApnSetting#getMmsc()}</li> <li>{@link ApnSetting#isEnabled()}</li> <li>{@link ApnSetting#getMvnoType()}</li> <li>{@link ApnSetting#getProtocol()}</li> <li>{@link ApnSetting#getRoamingProtocol()}</li> </ul> @param {Object {ComponentName}} admin which {@link DeviceAdminReceiver} this request is associated with @param {Object {ApnSetting}} apnSetting the override APN to insert @return {Number} The {@code id} of inserted override APN. Or {@code -1} when failed to insert into the database. @throws SecurityException if {@code admin} is not a device owner. @see #setOverrideApnsEnabled(ComponentName, boolean) */ addOverrideApn : function( ) {}, /**Called by device owner to update an override APN. <p>This method may returns {@code false} if there is no override APN with the given {@code apnId}. <p>This method may also returns {@code false} if {@code apnSetting} conflicts with an existing override APN. Update the existing conflicted APN instead. <p>See {@link #addOverrideApn} for the definition of conflict. @param {Object {ComponentName}} admin which {@link DeviceAdminReceiver} this request is associated with @param {Number} apnId the {@code id} of the override APN to update @param {Object {ApnSetting}} apnSetting the override APN to update @return {Boolean} {@code true} if the required override APN is successfully updated, {@code false} otherwise. @throws SecurityException if {@code admin} is not a device owner. @see #setOverrideApnsEnabled(ComponentName, boolean) */ updateOverrideApn : function( ) {}, /**Called by device owner to remove an override APN. <p>This method may returns {@code false} if there is no override APN with the given {@code apnId}. @param {Object {ComponentName}} admin which {@link DeviceAdminReceiver} this request is associated with @param {Number} apnId the {@code id} of the override APN to remove @return {Boolean} {@code true} if the required override APN is successfully removed, {@code false} otherwise. @throws SecurityException if {@code admin} is not a device owner. @see #setOverrideApnsEnabled(ComponentName, boolean) */ removeOverrideApn : function( ) {}, /**Called by device owner to get all override APNs inserted by device owner. @param {Object {ComponentName}} admin which {@link DeviceAdminReceiver} this request is associated with @return {Object {java.util.List}} A list of override APNs inserted by device owner. @throws SecurityException if {@code admin} is not a device owner. @see #setOverrideApnsEnabled(ComponentName, boolean) */ getOverrideApns : function( ) {}, /**Called by device owner to set if override APNs should be enabled. <p> Override APNs are separated from other APNs on the device, and can only be inserted or modified by the device owner. When enabled, only override APNs are in use, any other APNs are ignored. @param {Object {ComponentName}} admin which {@link DeviceAdminReceiver} this request is associated with @param {Boolean} enabled {@code true} if override APNs should be enabled, {@code false} otherwise @throws SecurityException if {@code admin} is not a device owner. */ setOverrideApnsEnabled : function( ) {}, /**Called by device owner to check if override APNs are currently enabled. @param {Object {ComponentName}} admin which {@link DeviceAdminReceiver} this request is associated with @return {Boolean} {@code true} if override APNs are currently enabled, {@code false} otherwise. @throws SecurityException if {@code admin} is not a device owner. @see #setOverrideApnsEnabled(ComponentName, boolean) */ isOverrideApnEnabled : function( ) {}, /**Returns the data passed from the current administrator to the new administrator during an ownership transfer. This is the same {@code bundle} passed in {@link #transferOwnership(ComponentName, ComponentName, PersistableBundle)}. The bundle is persisted until the profile owner or device owner is removed. <p>This is the same <code>bundle</code> received in the {@link android.app.admin.DeviceAdminReceiver#onTransferOwnershipComplete(Context, PersistableBundle)}. Use this method to retrieve it after the transfer as long as the new administrator is the active device or profile owner. <p>Returns <code>null</code> if no ownership transfer was started for the calling user. @see #transferOwnership @see DeviceAdminReceiver#onTransferOwnershipComplete(Context, PersistableBundle) @throws SecurityException if the caller is not a device or profile owner. */ getTransferOwnershipBundle : function( ) {}, /**Sets the global Private DNS mode to opportunistic. May only be called by the device owner. <p>In this mode, the DNS subsystem will attempt a TLS handshake to the network-supplied resolver prior to attempting name resolution in cleartext. @param {Object {ComponentName}} admin which {@link DeviceAdminReceiver} this request is associated with. @return {Number} {@code PRIVATE_DNS_SET_NO_ERROR} if the mode was set successfully, or {@code PRIVATE_DNS_SET_ERROR_FAILURE_SETTING} if it could not be set. @throws SecurityException if the caller is not the device owner. */ setGlobalPrivateDnsModeOpportunistic : function( ) {}, /**Sets the global Private DNS host to be used. May only be called by the device owner. <p>Note that the method is blocking as it will perform a connectivity check to the resolver, to ensure it is valid. Because of that, the method should not be called on any thread that relates to user interaction, such as the UI thread. <p>In case a VPN is used in conjunction with Private DNS resolver, the Private DNS resolver must be reachable both from within and outside the VPN. Otherwise, the device may lose the ability to resolve hostnames as system traffic to the resolver may not go through the VPN. @param {Object {ComponentName}} admin which {@link DeviceAdminReceiver} this request is associated with. @param {String} privateDnsHost The hostname of a server that implements DNS over TLS (RFC7858). @return {Number} {@code PRIVATE_DNS_SET_NO_ERROR} if the mode was set successfully, {@code PRIVATE_DNS_SET_ERROR_FAILURE_SETTING} if it could not be set or {@code PRIVATE_DNS_SET_ERROR_HOST_NOT_SERVING} if the specified host does not implement RFC7858. @throws IllegalArgumentException if the {@code privateDnsHost} is not a valid hostname. @throws SecurityException if the caller is not the device owner. */ setGlobalPrivateDnsModeSpecifiedHost : function( ) {}, /**Called by device owner to install a system update from the given file. The device will be rebooted in order to finish installing the update. Note that if the device is rebooted, this doesn't necessarily mean that the update has been applied successfully. The caller should additionally check the system version with {@link android.os.Build#FINGERPRINT} or {@link android.os.Build.VERSION}. If an error occurs during processing the OTA before the reboot, the caller will be notified by {@link android.app.admin.DevicePolicyManager.InstallSystemUpdateCallback}. If device does not have sufficient battery level, the installation will fail with error {@link android.app.admin.DevicePolicyManager.InstallSystemUpdateCallback#UPDATE_ERROR_BATTERY_LOW}. @param {Object {ComponentName}} admin The {@link DeviceAdminReceiver} that this request is associated with. @param {Object {Uri}} updateFilePath An Uri of the file that contains the update. The file should be readable by the calling app. @param {Object {Executor}} executor The executor through which the callback should be invoked. @param {Object {DevicePolicyManager.InstallSystemUpdateCallback}} callback A callback object that will inform the caller when installing an update fails. */ installSystemUpdate : function( ) {}, /**Returns the system-wide Private DNS mode. @param {Object {ComponentName}} admin which {@link DeviceAdminReceiver} this request is associated with. @return {Number} one of {@code PRIVATE_DNS_MODE_OFF}, {@code PRIVATE_DNS_MODE_OPPORTUNISTIC}, {@code PRIVATE_DNS_MODE_PROVIDER_HOSTNAME} or {@code PRIVATE_DNS_MODE_UNKNOWN}. @throws SecurityException if the caller is not the device owner. */ getGlobalPrivateDnsMode : function( ) {}, /**Returns the system-wide Private DNS host. @param {Object {ComponentName}} admin which {@link DeviceAdminReceiver} this request is associated with. @return {String} The hostname used for Private DNS queries, null if none is set. @throws SecurityException if the caller is not the device owner. */ getGlobalPrivateDnsHost : function( ) {}, /**Grants the profile owner of the given user access to device identifiers (such as serial number, IMEI and MEID). <p>This lets the profile owner request inclusion of device identifiers when calling {@link generateKeyPair}. <p>This grant is necessary to guarantee that profile owners can access device identifiers. <p>Privileged system API - meant to be called by the system, particularly the managed provisioning app, when a work profile is set up. @hide */ setProfileOwnerCanAccessDeviceIds : function( ) {}, /**Allows a set of packages to access cross-profile calendar APIs. <p>Called by a profile owner of a managed profile. <p>Calling with a {@code null} value for the set disables the restriction so that all packages are allowed to access cross-profile calendar APIs. Calling with an empty set disallows all packages from accessing cross-profile calendar APIs. If this method isn't called, no package is allowed to access cross-profile calendar APIs by default. @param {Object {ComponentName}} admin which {@link DeviceAdminReceiver} this request is associated with @param {Object {java.util.Set}} packageNames set of packages to be whitelisted @throws SecurityException if {@code admin} is not a profile owner @see #getCrossProfileCalendarPackages(ComponentName) */ setCrossProfileCalendarPackages : function( ) {}, /**Gets a set of package names that are allowed to access cross-profile calendar APIs. <p>Called by a profile owner of a managed profile. @param {Object {ComponentName}} admin which {@link DeviceAdminReceiver} this request is associated with @return {Object {java.util.Set}} the set of names of packages that were previously allowed via {@link #setCrossProfileCalendarPackages(ComponentName, Set)}, or an empty set if none have been allowed @throws SecurityException if {@code admin} is not a profile owner @see #setCrossProfileCalendarPackages(ComponentName, Set) */ getCrossProfileCalendarPackages : function( ) {}, /**Returns if a package is allowed to access cross-profile calendar APIs. <p>A package is allowed to access cross-profile calendar APIs if it's allowed by admins via {@link #setCrossProfileCalendarPackages(ComponentName, Set)} and {@link android.provider.Settings.Secure#CROSS_PROFILE_CALENDAR_ENABLED} is turned on in the managed profile. <p>To query for a specific user, use {@link Context#createPackageContextAsUser(String, int, UserHandle)} to create a context for that user, and get a {@link android.app.admin.DevicePolicyManager} from this context. @param {String} packageName the name of the package @return {Boolean} {@code true} if the package is allowed to access cross-profile calendar APIs, {@code false} otherwise @see #setCrossProfileCalendarPackages(ComponentName, Set) @see #getCrossProfileCalendarPackages(ComponentName) @hide */ isPackageAllowedToAccessCalendar : function( ) {}, /**Gets a set of package names that are allowed to access cross-profile calendar APIs. <p>To query for a specific user, use {@link Context#createPackageContextAsUser(String, int, UserHandle)} to create a context for that user, and get a {@link android.app.admin.DevicePolicyManager} from this context. @return {Object {java.util.Set}} the set of names of packages that were previously allowed via {@link #setCrossProfileCalendarPackages(ComponentName, Set)}, or an empty set if none have been allowed @see #setCrossProfileCalendarPackages(ComponentName, Set) @see #getCrossProfileCalendarPackages(ComponentName) @hide */ getCrossProfileCalendarPackages : function( ) {}, /**Returns whether the device is being used as a managed kiosk. These requirements are as follows: <ul> <li>The device is in Lock Task (therefore there is also a Device Owner app on the device)</li> <li>The Lock Task feature {@link android.app.admin.DevicePolicyManager#LOCK_TASK_FEATURE_SYSTEM_INFO} is not enabled, so the system info in the status bar is not visible</li> <li>The device does not have a secure lock screen (e.g. it has no lock screen or has swipe-to-unlock)</li> <li>The device is not in the middle of an ephemeral user session</li> </ul> <p>Publicly-accessible dedicated devices don't have the same privacy model as personally-used devices. In particular, user consent popups don't make sense as a barrier to accessing persistent data on these devices since the user giving consent and the user whose data is on the device are unlikely to be the same. These consent popups prevent the true remote management of these devices. <p>This condition is not sufficient to cover APIs that would access data that only lives for the duration of the user's session, since the user has an expectation of privacy in these conditions that more closely resembles use of a personal device. In those cases, see {@link #isUnattendedManagedKiosk}(). @hide */ isManagedKiosk : function( ) {}, /**Returns whether the device is being used as an unattended managed kiosk. These requirements are as follows: <ul> <li>The device is being used as a managed kiosk, as defined at {@link #isManagedKiosk}()</li> <li>The device has not received user input for at least 30 minutes</li> </ul> <p>See {@link #isManagedKiosk}() for context. This is a stronger requirement that also ensures that the device hasn't been interacted with recently, making it an appropriate check for privacy-sensitive APIs that wouldn't be appropriate during an active user session. @hide */ isUnattendedManagedKiosk : function( ) {}, /**Starts an activity to view calendar events in the managed profile. @param {Number} eventId the id of the event to be viewed @param {Number} start the start time of the event @param {Number} end the end time of the event @param {Boolean} allDay if the event is an all-day event @param {Number} flags flags to be set for the intent @return {Boolean} {@code true} if the activity is started successfully, {@code false} otherwise @see CalendarContract#startViewCalendarEventInManagedProfile(Context, String, long, long, long, boolean, int) @hide */ startViewCalendarEventInManagedProfile : function( ) {}, };