public class DeviceAdminReceiver
extends BroadcastReceiver
java.lang.Object | ||
↳ | android.content.BroadcastReceiver | |
↳ | android.app.admin.DeviceAdminReceiver |
Base class for implementing a device administration component. This class provides a convenience for interpreting the raw intent actions that are sent by the system.
The callback methods, like the base BroadcastReceiver.onReceive()
method, happen on the main thread of the process. Thus long running operations must be done on another thread. Note that because a receiver is done once returning from its receive function, such long-running operations should probably be done in a Service
.
When publishing your DeviceAdmin subclass as a receiver, it must handle ACTION_DEVICE_ADMIN_ENABLED
and require the BIND_DEVICE_ADMIN
permission. A typical manifest entry would look like:
<receiver android:name=".app.DeviceAdminSample$DeviceAdminSampleReceiver" android:label="@string/sample_device_admin" android:description="@string/sample_device_admin_description" android:permission="android.permission.BIND_DEVICE_ADMIN"> <meta-data android:name="android.app.device_admin" android:resource="@xml/device_admin_sample" /> <intent-filter> <action android:name="android.app.action.DEVICE_ADMIN_ENABLED" /> </intent-filter> </receiver> <receiver android:name=".app.DeviceAdminSample$DeviceAdminSampleReceiver2" android:label="@string/sample_device_admin2" android:description="@string/sample_device_admin_description2" android:permission="android.permission.BIND_DEVICE_ADMIN"> <meta-data android:name="android.app.device_admin" android:resource="@xml/device_admin_sample" /> <intent-filter> <action android:name="android.app.action.DEVICE_ADMIN_ENABLED" /> </intent-filter> </receiver>
The meta-data referenced here provides addition information specific to the device administrator, as parsed by the DeviceAdminInfo
class. A typical file would be:
<device-admin xmlns:android="http://schemas.android.com/apk/res/android"> <uses-policies> <limit-password /> <watch-login /> <reset-password /> <force-lock /> <wipe-data /> <expire-password /> <encrypted-storage /> <disable-camera /> <disable-keyguard-features /> </uses-policies> </device-admin>
For more information about device administration, read the Device Administration developer guide.
Constants |
|
---|---|
String |
ACTION_DEVICE_ADMIN_DISABLED Action sent to a device administrator when the user has disabled it. |
String |
ACTION_DEVICE_ADMIN_DISABLE_REQUESTED Action sent to a device administrator when the user has requested to disable it, but before this has actually been done. |
String |
ACTION_DEVICE_ADMIN_ENABLED This is the primary action that a device administrator must implement to be allowed to manage a device. |
String |
ACTION_LOCK_TASK_ENTERING Action sent to a device administrator to notify that the device is entering lock task mode. |
String |
ACTION_LOCK_TASK_EXITING Action sent to a device administrator to notify that the device is exiting lock task mode. |
String |
ACTION_PASSWORD_CHANGED Action sent to a device administrator when the user has changed the password of their device or profile challenge. |
String |
ACTION_PASSWORD_EXPIRING Action periodically sent to a device administrator when the device or profile challenge password is expiring. |
String |
ACTION_PASSWORD_FAILED Action sent to a device administrator when the user has entered an incorrect device or profile challenge password. |
String |
ACTION_PASSWORD_SUCCEEDED Action sent to a device administrator when the user has successfully entered their device or profile challenge password, after failing one or more times. |
String |
ACTION_PROFILE_PROVISIONING_COMPLETE Broadcast Action: This broadcast is sent to indicate that provisioning of a managed profile or managed device has completed successfully. |
int |
BUGREPORT_FAILURE_FAILED_COMPLETING Bugreport completion process failed. |
int |
BUGREPORT_FAILURE_FILE_NO_LONGER_AVAILABLE Bugreport has been created, but is no longer available for collection. |
String |
DEVICE_ADMIN_META_DATA Name under which a DevicePolicy component publishes information about itself. |
String |
EXTRA_DISABLE_WARNING A CharSequence that can be shown to the user informing them of the impact of disabling your admin. |
String |
EXTRA_LOCK_TASK_PACKAGE A string containing the name of the package entering lock task mode. |
Public constructors |
|
---|---|
DeviceAdminReceiver() |
Public methods |
|
---|---|
DevicePolicyManager |
getManager(Context context) Retrieve the DevicePolicyManager interface for this administrator to work with the system. |
ComponentName |
getWho(Context context) Retrieve the ComponentName describing who this device administrator is, for use in |
void |
onBugreportFailed(Context context, Intent intent, int failureCode) Called when the bugreport collection flow has failed. |
void |
onBugreportShared(Context context, Intent intent, String bugreportHash) Called when the bugreport has been shared with the device administrator app. |
void |
onBugreportSharingDeclined(Context context, Intent intent) Called when sharing a bugreport has been cancelled by the user of the device. |
String |
onChoosePrivateKeyAlias(Context context, Intent intent, int uid, Uri uri, String alias) Allows this receiver to select the alias for a private key and certificate pair for authentication. |
CharSequence |
onDisableRequested(Context context, Intent intent) Called when the user has asked to disable the administrator, as a result of receiving |
void |
onDisabled(Context context, Intent intent) Called prior to the administrator being disabled, as a result of receiving |
void |
onEnabled(Context context, Intent intent) Called after the administrator is first enabled, as a result of receiving |
void |
onLockTaskModeEntering(Context context, Intent intent, String pkg) Called when a device is entering lock task mode. |
void |
onLockTaskModeExiting(Context context, Intent intent) Called when a device is exiting lock task mode. |
void |
onPasswordChanged(Context context, Intent intent) Called after the user has changed their device or profile challenge password, as a result of receiving |
void |
onPasswordExpiring(Context context, Intent intent) Called periodically when the device or profile challenge password is about to expire or has expired. |
void |
onPasswordFailed(Context context, Intent intent) Called after the user has failed at entering their device or profile challenge password, as a result of receiving |
void |
onPasswordSucceeded(Context context, Intent intent) Called after the user has succeeded at entering their device or profile challenge password, as a result of receiving |
void |
onProfileProvisioningComplete(Context context, Intent intent) Called when provisioning of a managed profile or managed device has completed successfully. |
void |
onReadyForUserInitialization(Context context, Intent intent) This method was deprecated in API level 24. Do not use |
void |
onReceive(Context context, Intent intent) Intercept standard device administrator broadcasts. |
void |
onSecurityLogsAvailable(Context context, Intent intent) Called when a new batch of security logs can be retrieved. |
void |
onSystemUpdatePending(Context context, Intent intent, long receivedTime) Allows the receiver to be notified when information about a pending system update is available from the system update service. |
Inherited methods |
|
---|---|
![]() android.content.BroadcastReceiver
|
|
![]() java.lang.Object
|
String ACTION_DEVICE_ADMIN_DISABLED
Action sent to a device administrator when the user has disabled it. Upon return, the application no longer has access to the protected device policy manager APIs. You will generally handle this in onDisabled(Context, Intent)
. Note that this action will be sent the receiver regardless of whether it is explicitly listed in its intent filter.
Constant Value: "android.app.action.DEVICE_ADMIN_DISABLED"
String ACTION_DEVICE_ADMIN_DISABLE_REQUESTED
Action sent to a device administrator when the user has requested to disable it, but before this has actually been done. This gives you a chance to supply a message to the user about the impact of disabling your admin, by setting the extra field EXTRA_DISABLE_WARNING
in the result Intent. If not set, no warning will be displayed. If set, the given text will be shown to the user before they disable your admin.
Constant Value: "android.app.action.DEVICE_ADMIN_DISABLE_REQUESTED"
String ACTION_DEVICE_ADMIN_ENABLED
This is the primary action that a device administrator must implement to be allowed to manage a device. This will be set to the receiver when the user enables it for administration. You will generally handle this in onEnabled(Context, Intent)
. To be supported, the receiver must also require the BIND_DEVICE_ADMIN
permission so that other applications can not abuse it.
Constant Value: "android.app.action.DEVICE_ADMIN_ENABLED"
String ACTION_LOCK_TASK_ENTERING
Action sent to a device administrator to notify that the device is entering lock task mode. The extra EXTRA_LOCK_TASK_PACKAGE
will describe the package using lock task mode.
The calling device admin must be the device owner or profile owner to receive this broadcast.
See also:
Constant Value: "android.app.action.LOCK_TASK_ENTERING"
String ACTION_LOCK_TASK_EXITING
Action sent to a device administrator to notify that the device is exiting lock task mode.
The calling device admin must be the device owner or profile owner to receive this broadcast.
See also:
Constant Value: "android.app.action.LOCK_TASK_EXITING"
String ACTION_PASSWORD_CHANGED
Action sent to a device administrator when the user has changed the password of their device or profile challenge. You can at this point check the characteristics of the new password with DevicePolicyManager.isActivePasswordSufficient()
. You will generally handle this in onPasswordChanged(Context, Intent)
.
The calling device admin must have requested USES_POLICY_LIMIT_PASSWORD
to receive this broadcast.
Constant Value: "android.app.action.ACTION_PASSWORD_CHANGED"
String ACTION_PASSWORD_EXPIRING
Action periodically sent to a device administrator when the device or profile challenge password is expiring. You will generally handle this in onPasswordExpiring(Context, Intent)
.
The calling device admin must have requested USES_POLICY_EXPIRE_PASSWORD
to receive this broadcast.
Constant Value: "android.app.action.ACTION_PASSWORD_EXPIRING"
String ACTION_PASSWORD_FAILED
Action sent to a device administrator when the user has entered an incorrect device or profile challenge password. You can at this point check the number of failed password attempts there have been with DevicePolicyManager.getCurrentFailedPasswordAttempts()
. You will generally handle this in onPasswordFailed(Context, Intent)
.
The calling device admin must have requested USES_POLICY_WATCH_LOGIN
to receive this broadcast.
Constant Value: "android.app.action.ACTION_PASSWORD_FAILED"
String ACTION_PASSWORD_SUCCEEDED
Action sent to a device administrator when the user has successfully entered their device or profile challenge password, after failing one or more times. You will generally handle this in onPasswordSucceeded(Context, Intent)
.
The calling device admin must have requested USES_POLICY_WATCH_LOGIN
to receive this broadcast.
Constant Value: "android.app.action.ACTION_PASSWORD_SUCCEEDED"
String ACTION_PROFILE_PROVISIONING_COMPLETE
Broadcast Action: This broadcast is sent to indicate that provisioning of a managed profile or managed device has completed successfully.
The broadcast is limited to the profile that will be managed by the application that requested provisioning. In the device owner case the profile is the primary user. The broadcast will also be limited to the DeviceAdminReceiver
component specified in the original intent or NFC bump that started the provisioning process (see DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE
).
A device admin application which listens to this intent can find out if the device was provisioned for the device owner or profile owner case by calling respectively isDeviceOwnerApp(String)
and isProfileOwnerApp(String)
. You will generally handle this in onProfileProvisioningComplete(Context, Intent)
.
Input: Nothing.
Output: Nothing
Constant Value: "android.app.action.PROFILE_PROVISIONING_COMPLETE"
int BUGREPORT_FAILURE_FAILED_COMPLETING
Bugreport completion process failed.
If this error code is received, the requesting of bugreport can be retried.
See also:
Constant Value: 0 (0x00000000)
int BUGREPORT_FAILURE_FILE_NO_LONGER_AVAILABLE
Bugreport has been created, but is no longer available for collection.
This error likely occurs because the user of the device hasn't consented to share the bugreport for a long period after its creation.
If this error code is received, the requesting of bugreport can be retried.
See also:
Constant Value: 1 (0x00000001)
String DEVICE_ADMIN_META_DATA
Name under which a DevicePolicy component publishes information about itself. This meta-data must reference an XML resource containing a device-admin tag.
Constant Value: "android.app.device_admin"
String EXTRA_DISABLE_WARNING
A CharSequence that can be shown to the user informing them of the impact of disabling your admin.
See also:
Constant Value: "android.app.extra.DISABLE_WARNING"
String EXTRA_LOCK_TASK_PACKAGE
A string containing the name of the package entering lock task mode.
See also:
Constant Value: "android.app.extra.LOCK_TASK_PACKAGE"
DevicePolicyManager getManager (Context context)
Retrieve the DevicePolicyManager interface for this administrator to work with the system.
Parameters | |
---|---|
context |
Context
|
Returns | |
---|---|
DevicePolicyManager |
ComponentName getWho (Context context)
Retrieve the ComponentName describing who this device administrator is, for use in DevicePolicyManager
APIs that require the administrator to identify itself.
Parameters | |
---|---|
context |
Context
|
Returns | |
---|---|
ComponentName |
void onBugreportFailed (Context context, Intent intent, int failureCode)
Called when the bugreport collection flow has failed.
This callback is only applicable to device owners.
Parameters | |
---|---|
context |
Context : The running context as per onReceive(Context, Intent) . |
intent |
Intent : The received intent as per onReceive(Context, Intent) . |
failureCode |
int : int containing failure code. One of BUGREPORT_FAILURE_FAILED_COMPLETING or BUGREPORT_FAILURE_FILE_NO_LONGER_AVAILABLE |
See also:
void onBugreportShared (Context context, Intent intent, String bugreportHash)
Called when the bugreport has been shared with the device administrator app.
This callback is only applicable to device owners.
Parameters | |
---|---|
context |
Context : The running context as per onReceive(Context, Intent) . |
intent |
Intent : The received intent as per onReceive(Context, Intent) . Contains the URI of the bugreport file (with MIME type "application/vnd.android.bugreport"), that can be accessed by calling getData() |
bugreportHash |
String : SHA-256 hash of the bugreport file. |
See also:
void onBugreportSharingDeclined (Context context, Intent intent)
Called when sharing a bugreport has been cancelled by the user of the device.
This callback is only applicable to device owners.
Parameters | |
---|---|
context |
Context : The running context as per onReceive(Context, Intent) . |
intent |
Intent : The received intent as per onReceive(Context, Intent) . |
See also:
String onChoosePrivateKeyAlias (Context context, Intent intent, int uid, Uri uri, String alias)
Allows this receiver to select the alias for a private key and certificate pair for authentication. If this method returns null, the default Activity
will be shown that lets the user pick a private key and certificate pair.
Parameters | |
---|---|
context |
Context : The running context as per onReceive(Context, Intent) . |
intent |
Intent : The received intent as per onReceive(Context, Intent) . |
uid |
int : The uid asking for the private key and certificate pair. |
uri |
Uri : The URI to authenticate, may be null. |
alias |
String : The alias preselected by the client, or null. |
Returns | |
---|---|
String |
The private key alias to return and grant access to. |
CharSequence onDisableRequested (Context context, Intent intent)
Called when the user has asked to disable the administrator, as a result of receiving ACTION_DEVICE_ADMIN_DISABLE_REQUESTED
, giving you a chance to present a warning message to them. The message is returned as the result; if null is returned (the default implementation), no message will be displayed.
Parameters | |
---|---|
context |
Context : The running context as per onReceive(Context, Intent) . |
intent |
Intent : The received intent as per onReceive(Context, Intent) . |
Returns | |
---|---|
CharSequence |
Return the warning message to display to the user before being disabled; if null is returned, no message is displayed. |
void onDisabled (Context context, Intent intent)
Called prior to the administrator being disabled, as a result of receiving ACTION_DEVICE_ADMIN_DISABLED
. Upon return, you can no longer use the protected parts of the DevicePolicyManager
API.
Parameters | |
---|---|
context |
Context : The running context as per onReceive(Context, Intent) . |
intent |
Intent : The received intent as per onReceive(Context, Intent) . |
void onEnabled (Context context, Intent intent)
Called after the administrator is first enabled, as a result of receiving ACTION_DEVICE_ADMIN_ENABLED
. At this point you can use DevicePolicyManager
to set your desired policies.
If the admin is activated by a device owner, then the intent may contain private extras that are relevant to user setup.
Parameters | |
---|---|
context |
Context : The running context as per onReceive(Context, Intent) . |
intent |
Intent : The received intent as per onReceive(Context, Intent) . |
void onLockTaskModeEntering (Context context, Intent intent, String pkg)
Called when a device is entering lock task mode.
Parameters | |
---|---|
context |
Context : The running context as per onReceive(Context, Intent) . |
intent |
Intent : The received intent as per onReceive(Context, Intent) . |
pkg |
String : If entering, the authorized package using lock task mode, otherwise null. |
void onLockTaskModeExiting (Context context, Intent intent)
Called when a device is exiting lock task mode.
Parameters | |
---|---|
context |
Context : The running context as per onReceive(Context, Intent) . |
intent |
Intent : The received intent as per onReceive(Context, Intent) . |
void onPasswordChanged (Context context, Intent intent)
Called after the user has changed their device or profile challenge password, as a result of receiving ACTION_PASSWORD_CHANGED
. At this point you can use getPasswordQuality(android.content.ComponentName)
to retrieve the active password characteristics.
Parameters | |
---|---|
context |
Context : The running context as per onReceive(Context, Intent) . |
intent |
Intent : The received intent as per onReceive(Context, Intent) . |
void onPasswordExpiring (Context context, Intent intent)
Called periodically when the device or profile challenge password is about to expire or has expired. It will typically be called at these times: on device boot, once per day before the password expires, and at the time when the password expires.
If the password is not updated by the user, this method will continue to be called once per day until the password is changed or the device admin disables password expiration.
The admin will typically post a notification requesting the user to change their password in response to this call. The actual password expiration time can be obtained by calling getPasswordExpiration(ComponentName)
The admin should be sure to take down any notifications it posted in response to this call when it receives onPasswordChanged(Context, Intent)
.
Parameters | |
---|---|
context |
Context : The running context as per onReceive(Context, Intent) . |
intent |
Intent : The received intent as per onReceive(Context, Intent) . |
void onPasswordFailed (Context context, Intent intent)
Called after the user has failed at entering their device or profile challenge password, as a result of receiving ACTION_PASSWORD_FAILED
. At this point you can use getCurrentFailedPasswordAttempts()
to retrieve the number of failed password attempts.
Parameters | |
---|---|
context |
Context : The running context as per onReceive(Context, Intent) . |
intent |
Intent : The received intent as per onReceive(Context, Intent) . |
void onPasswordSucceeded (Context context, Intent intent)
Called after the user has succeeded at entering their device or profile challenge password, as a result of receiving ACTION_PASSWORD_SUCCEEDED
. This will only be received the first time they succeed after having previously failed.
Parameters | |
---|---|
context |
Context : The running context as per onReceive(Context, Intent) . |
intent |
Intent : The received intent as per onReceive(Context, Intent) . |
void onProfileProvisioningComplete (Context context, Intent intent)
Called when provisioning of a managed profile or managed device has completed successfully.
As a prerequisite for the execution of this callback the DeviceAdminReceiver
has to declare an intent filter for ACTION_PROFILE_PROVISIONING_COMPLETE
. Its component must also be specified in the EXTRA_DEVICE_ADMIN
of the ACTION_PROVISION_MANAGED_PROFILE
intent that started the managed provisioning.
When provisioning of a managed profile is complete, the managed profile is hidden until the profile owner calls {DevicePolicyManager#setProfileEnabled(ComponentName admin)}. Typically a profile owner will enable the profile when it has finished any additional setup such as adding an account by using the AccountManager
and calling apis to bring the profile into the desired state.
Note that provisioning completes without waiting for any server interactions, so the profile owner needs to wait for data to be available if required (e.g. android device ids or other data that is set as a result of server interactions).
Parameters | |
---|---|
context |
Context : The running context as per onReceive(Context, Intent) . |
intent |
Intent : The received intent as per onReceive(Context, Intent) . |
void onReadyForUserInitialization (Context context, Intent intent)
This method was deprecated in API level 24.
Do not use
Called during provisioning of a managed device to allow the device initializer to perform user setup steps.
Parameters | |
---|---|
context |
Context : The running context as per onReceive(Context, Intent) . |
intent |
Intent : The received intent as per onReceive(Context, Intent) . |
void onReceive (Context context, Intent intent)
Intercept standard device administrator broadcasts. Implementations should not override this method; it is better to implement the convenience callbacks for each action.
Parameters | |
---|---|
context |
Context : The Context in which the receiver is running. |
intent |
Intent : The Intent being received. |
void onSecurityLogsAvailable (Context context, Intent intent)
Called when a new batch of security logs can be retrieved.
This callback is only applicable to device owners.
Parameters | |
---|---|
context |
Context : The running context as per onReceive(Context, Intent) . |
intent |
Intent : The received intent as per onReceive(Context, Intent) . |
See also:
void onSystemUpdatePending (Context context, Intent intent, long receivedTime)
Allows the receiver to be notified when information about a pending system update is available from the system update service. The same pending system update can trigger multiple calls to this method, so it is necessary to examine the incoming parameters for details about the update.
This callback is only applicable to device owners.
Parameters | |
---|---|
context |
Context : The running context as per onReceive(Context, Intent) . |
intent |
Intent : The received intent as per onReceive(Context, Intent) . |
receivedTime |
long : The time as given by currentTimeMillis() indicating when the current pending update was first available. -1 if no pending update is available. |