| java.lang.Object | ||
| ↳ | android.content.BroadcastReceiver | |
| ↳ | android.app.admin.DeviceAdminReceiver | |
Base class for implementing a device administration component. This class provides a convenience for interpreting the raw intent actions that are sent by the system.
The callback methods, like the base
BroadcastReceiver.onReceive()
method, happen on the main thread of the process. Thus long running
operations must be done on another thread. Note that because a receiver
is done once returning from its receive function, such long-running operations
should probably be done in a Service.
When publishing your DeviceAdmin subclass as a receiver, it must
handle ACTION_DEVICE_ADMIN_ENABLED and require the
BIND_DEVICE_ADMIN permission. A typical
manifest entry would look like:
Developers
<receiver android:name=".app.DeviceAdminSample$DeviceAdminSampleReceiver"
android:label="@string/sample_device_admin"
android:description="@string/sample_device_admin_description"
android:permission="android.permission.BIND_DEVICE_ADMIN">
<meta-data android:name="android.app.device_admin"
android:resource="@xml/device_admin_sample" />
<intent-filter>
<action android:name="android.app.action.DEVICE_ADMIN_ENABLED" />
</intent-filter>
</receiver>
The meta-data referenced here provides addition information specific
to the device administrator, as parsed by the DeviceAdminInfo class.
A typical file would be:
<device-admin xmlns:android="http://schemas.android.com/apk/res/android">
<uses-policies>
<limit-password />
<watch-login />
<reset-password />
<force-lock />
<wipe-data />
<expire-password />
<encrypted-storage />
<disable-camera />
<disable-keyguard-features />
</uses-policies>
</device-admin>
For more information about device administration, read the Device Administration developer guide.
| Constants | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| String | ACTION_DEVICE_ADMIN_DISABLED | Action sent to a device administrator when the user has disabled it. | |||||||||
| String | ACTION_DEVICE_ADMIN_DISABLE_REQUESTED | Action sent to a device administrator when the user has requested to disable it, but before this has actually been done. | |||||||||
| String | ACTION_DEVICE_ADMIN_ENABLED | This is the primary action that a device administrator must implement to be allowed to manage a device. | |||||||||
| String | ACTION_LOCK_TASK_ENTERING | Action sent to a device administrator to notify that the device is entering lock task mode. | |||||||||
| String | ACTION_LOCK_TASK_EXITING | Action sent to a device administrator to notify that the device is exiting lock task mode. | |||||||||
| String | ACTION_PASSWORD_CHANGED | Action sent to a device administrator when the user has changed the password of their device. | |||||||||
| String | ACTION_PASSWORD_EXPIRING | Action periodically sent to a device administrator when the device password is expiring. | |||||||||
| String | ACTION_PASSWORD_FAILED | Action sent to a device administrator when the user has failed at attempted to enter the password. | |||||||||
| String | ACTION_PASSWORD_SUCCEEDED | Action sent to a device administrator when the user has successfully entered their password, after failing one or more times. | |||||||||
| String | ACTION_PROFILE_PROVISIONING_COMPLETE | Broadcast Action: This broadcast is sent to indicate that provisioning of a managed profile or managed device has completed successfully. | |||||||||
| String | DEVICE_ADMIN_META_DATA | Name under which a DevicePolicy component publishes information about itself. | |||||||||
| String | EXTRA_DISABLE_WARNING | A CharSequence that can be shown to the user informing them of the impact of disabling your admin. | |||||||||
| String | EXTRA_LOCK_TASK_PACKAGE | A string containing the name of the package entering lock task mode. | |||||||||
| Public Constructors | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Public Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Retrieve the DevicePolicyManager interface for this administrator to work
with the system.
| |||||||||||
Retrieve the ComponentName describing who this device administrator is, for
use in
DevicePolicyManager APIs that require the administrator to
identify itself.
| |||||||||||
Allows this receiver to select the alias for a private key and certificate pair for
authentication.
| |||||||||||
Called when the user has asked to disable the administrator, as a result of
receiving
ACTION_DEVICE_ADMIN_DISABLE_REQUESTED, giving you
a chance to present a warning message to them.
| |||||||||||
Called prior to the administrator being disabled, as a result of
receiving
ACTION_DEVICE_ADMIN_DISABLED.
| |||||||||||
Called after the administrator is first enabled, as a result of
receiving
ACTION_DEVICE_ADMIN_ENABLED.
| |||||||||||
Called when a device is entering lock task mode.
| |||||||||||
Called when a device is exiting lock task mode.
| |||||||||||
Called after the user has changed their password, as a result of
receiving
ACTION_PASSWORD_CHANGED.
| |||||||||||
Called periodically when the password is about to expire or has expired.
| |||||||||||
Called after the user has failed at entering their current password, as a result of
receiving
ACTION_PASSWORD_FAILED.
| |||||||||||
Called after the user has succeeded at entering their current password,
as a result of receiving
ACTION_PASSWORD_SUCCEEDED.
| |||||||||||
Called when provisioning of a managed profile or managed device has completed successfully.
| |||||||||||
Called during provisioning of a managed device to allow the device initializer to perform
user setup steps.
| |||||||||||
Intercept standard device administrator broadcasts.
| |||||||||||
Allows the receiver to be notified when information about a pending system update is
available from the system update service.
| |||||||||||
|
[Expand]
Inherited Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
From class
android.content.BroadcastReceiver
| |||||||||||
|
From class
java.lang.Object
| |||||||||||
Action sent to a device administrator when the user has disabled
it. Upon return, the application no longer has access to the
protected device policy manager APIs. You will generally
handle this in onDisabled(Context, Intent). Note
that this action will be
sent the receiver regardless of whether it is explicitly listed in
its intent filter.
Action sent to a device administrator when the user has requested to
disable it, but before this has actually been done. This gives you
a chance to supply a message to the user about the impact of
disabling your admin, by setting the extra field
EXTRA_DISABLE_WARNING in the result Intent. If not set,
no warning will be displayed. If set, the given text will be shown
to the user before they disable your admin.
This is the primary action that a device administrator must implement to be
allowed to manage a device. This will be set to the receiver
when the user enables it for administration. You will generally
handle this in onEnabled(Context, Intent). To be
supported, the receiver must also require the
BIND_DEVICE_ADMIN permission so
that other applications can not abuse it.
Action sent to a device administrator to notify that the device is entering
lock task mode. The extra EXTRA_LOCK_TASK_PACKAGE
will describe the package using lock task mode.
The calling device admin must be the device owner or profile owner to receive this broadcast.
Action sent to a device administrator to notify that the device is exiting lock task mode.
The calling device admin must be the device owner or profile owner to receive this broadcast.
Action sent to a device administrator when the user has changed the
password of their device. You can at this point check the characteristics
of the new password with DevicePolicyManager.isActivePasswordSufficient().
You will generally
handle this in onPasswordChanged(Context, Intent).
The calling device admin must have requested
USES_POLICY_LIMIT_PASSWORD to receive
this broadcast.
Action periodically sent to a device administrator when the device password is expiring.
The calling device admin must have requested
USES_POLICY_EXPIRE_PASSWORD to receive
this broadcast.
Action sent to a device administrator when the user has failed at
attempted to enter the password. You can at this point check the
number of failed password attempts there have been with
DevicePolicyManager.getCurrentFailedPasswordAttempts(). You will generally
handle this in onPasswordFailed(Context, Intent).
The calling device admin must have requested
USES_POLICY_WATCH_LOGIN to receive
this broadcast.
Action sent to a device administrator when the user has successfully entered their password, after failing one or more times.
The calling device admin must have requested
USES_POLICY_WATCH_LOGIN to receive
this broadcast.
Broadcast Action: This broadcast is sent to indicate that provisioning of a managed profile or managed device has completed successfully.
The broadcast is limited to the profile that will be managed by the application that
requested provisioning. In the device owner case the profile is the primary user.
The broadcast will also be limited to the DeviceAdminReceiver component
specified in the original intent or NFC bump that started the provisioning process
(see DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE).
A device admin application which listens to this intent can find out if the device was
provisioned for the device owner or profile owner case by calling respectively
isDeviceOwnerApp(String) and
isProfileOwnerApp(String). You will generally handle
this in onProfileProvisioningComplete(Context, Intent).
Input: Nothing.
Output: Nothing
Name under which a DevicePolicy component publishes information about itself. This meta-data must reference an XML resource containing a device-admin tag.
A CharSequence that can be shown to the user informing them of the impact of disabling your admin.
A string containing the name of the package entering lock task mode.
Retrieve the DevicePolicyManager interface for this administrator to work with the system.
Retrieve the ComponentName describing who this device administrator is, for
use in DevicePolicyManager APIs that require the administrator to
identify itself.
Allows this receiver to select the alias for a private key and certificate pair for
authentication. If this method returns null, the default Activity will be
shown that lets the user pick a private key and certificate pair.
| context | The running context as per onReceive(Context, Intent). |
|---|---|
| intent | The received intent as per onReceive(Context, Intent). |
| uid | The uid asking for the private key and certificate pair. |
| uri | The URI to authenticate, may be null. |
| alias | The alias preselected by the client, or null. |
Called when the user has asked to disable the administrator, as a result of
receiving ACTION_DEVICE_ADMIN_DISABLE_REQUESTED, giving you
a chance to present a warning message to them. The message is returned
as the result; if null is returned (the default implementation), no
message will be displayed.
| context | The running context as per onReceive(Context, Intent). |
|---|---|
| intent | The received intent as per onReceive(Context, Intent). |
Called prior to the administrator being disabled, as a result of
receiving ACTION_DEVICE_ADMIN_DISABLED. Upon return, you
can no longer use the protected parts of the DevicePolicyManager
API.
| context | The running context as per onReceive(Context, Intent). |
|---|---|
| intent | The received intent as per onReceive(Context, Intent).
|
Called after the administrator is first enabled, as a result of
receiving ACTION_DEVICE_ADMIN_ENABLED. At this point you
can use DevicePolicyManager to set your desired policies.
If the admin is activated by a device owner, then the intent may contain private extras that are relevant to user setup.
| context | The running context as per onReceive(Context, Intent). |
|---|---|
| intent | The received intent as per onReceive(Context, Intent).
|
Called when a device is entering lock task mode.
| context | The running context as per onReceive(Context, Intent). |
|---|---|
| intent | The received intent as per onReceive(Context, Intent). |
| pkg | If entering, the authorized package using lock task mode, otherwise null. |
Called when a device is exiting lock task mode.
| context | The running context as per onReceive(Context, Intent). |
|---|---|
| intent | The received intent as per onReceive(Context, Intent).
|
Called after the user has changed their password, as a result of
receiving ACTION_PASSWORD_CHANGED. At this point you
can use DevicePolicyManager.getCurrentFailedPasswordAttempts()
to retrieve the active password characteristics.
| context | The running context as per onReceive(Context, Intent). |
|---|---|
| intent | The received intent as per onReceive(Context, Intent).
|
Called periodically when the password is about to expire or has expired. It will typically be called at these times: on device boot, once per day before the password expires, and at the time when the password expires.
If the password is not updated by the user, this method will continue to be called once per day until the password is changed or the device admin disables password expiration.
The admin will typically post a notification requesting the user to change their password
in response to this call. The actual password expiration time can be obtained by calling
getPasswordExpiration(ComponentName)
The admin should be sure to take down any notifications it posted in response to this call
when it receives onPasswordChanged(Context, Intent).
| context | The running context as per onReceive(Context, Intent). |
|---|---|
| intent | The received intent as per onReceive(Context, Intent).
|
Called after the user has failed at entering their current password, as a result of
receiving ACTION_PASSWORD_FAILED. At this point you
can use DevicePolicyManager to retrieve the number of failed
password attempts.
| context | The running context as per onReceive(Context, Intent). |
|---|---|
| intent | The received intent as per onReceive(Context, Intent).
|
Called after the user has succeeded at entering their current password,
as a result of receiving ACTION_PASSWORD_SUCCEEDED. This will
only be received the first time they succeed after having previously
failed.
| context | The running context as per onReceive(Context, Intent). |
|---|---|
| intent | The received intent as per onReceive(Context, Intent).
|
Called when provisioning of a managed profile or managed device has completed successfully.
As a prerequisite for the execution of this callback the DeviceAdminReceiver has
to declare an intent filter for ACTION_PROFILE_PROVISIONING_COMPLETE.
Its component must also be specified in the EXTRA_DEVICE_ADMIN
of the ACTION_PROVISION_MANAGED_PROFILE intent that started the
managed provisioning.
When provisioning of a managed profile is complete, the managed profile is hidden until
the profile owner calls {DevicePolicyManager#setProfileEnabled(ComponentName admin)}.
Typically a profile owner will enable the profile when it has finished any additional setup
such as adding an account by using the AccountManager and calling apis to bring the
profile into the desired state.
Note that provisioning completes without waiting for any server interactions, so the profile owner needs to wait for data to be available if required (e.g. android device ids or other data that is set as a result of server interactions).
| context | The running context as per onReceive(Context, Intent). |
|---|---|
| intent | The received intent as per onReceive(Context, Intent).
|
Called during provisioning of a managed device to allow the device initializer to perform user setup steps. Only device initializers should override this method.
Called when the DeviceAdminReceiver receives an
android.app.action.ACTION_READY_FOR_USER_INITIALIZATION broadcast. As a prerequisite for the
execution of this callback the DeviceAdminReceiver has
to declare an intent filter for android.app.action.ACTION_READY_FOR_USER_INITIALIZATION. Only
the component specified in the device initializer component name field of the
original intent or NFC bump that started the provisioning process will receive this callback.
It is not assumed that the device initializer is finished when it returns from
this call, as it may do additional setup asynchronously. The device initializer must enable
the current user when it has finished any additional setup (such as adding an account by
using the AccountManager) in order for the user to be functional.
| context | The running context as per onReceive(Context, Intent). |
|---|---|
| intent | The received intent as per onReceive(Context, Intent).
|
Intercept standard device administrator broadcasts. Implementations should not override this method; it is better to implement the convenience callbacks for each action.
| context | The Context in which the receiver is running. |
|---|---|
| intent | The Intent being received. |
Allows the receiver to be notified when information about a pending system update is available from the system update service. The same pending system update can trigger multiple calls to this method, so it is necessary to examine the incoming parameters for details about the update.
This callback is only applicable to device owners.
| context | The running context as per onReceive(Context, Intent). |
|---|---|
| intent | The received intent as per onReceive(Context, Intent). |
| receivedTime | The time as given by currentTimeMillis() indicating when
the current pending update was first available. -1 if no pending update is available.
|