|
29 | 29 | apps running on the device.</para> |
30 | 30 | <para>This class contains three types of methods: |
31 | 31 | <ol><li>Those aimed at managing apps<li>Those aimed at the Device Policy Management Role Holder<li>Those aimed at apps which wish to respect device policy</ol></para> |
32 | | - <para>The intended caller for each API is indicated in its Javadoc. |
33 | | - |
34 | | - <p id="managingapps"><b>Managing Apps</b></para> |
| 32 | + <para>The intended caller for each API is indicated in its Javadoc.</para> |
| 33 | + <para><b>Managing Apps</b></para> |
35 | 34 | <para>Apps can be made capable of setting device policy ("Managing Apps") either by |
36 | 35 | being set as a Device Administrator, being set as a |
37 | 36 | Device Policy Controller, or by holding the |
38 | | - appropriate Permissions. |
39 | | - |
40 | | - <p id="deviceadmin">A <b>Device Administrator</b> is an app which is able to enforce device |
| 37 | + appropriate Permissions.</para> |
| 38 | + <para>A <b>Device Administrator</b> is an app which is able to enforce device |
41 | 39 | policies that it has declared in its device admin XML file. An app can prompt the user to give it |
42 | 40 | device administator privileges using the <c>#ACTION_ADD_DEVICE_ADMIN</c> action.</para> |
43 | 41 | <para>For more information about Device Administration, read the |
44 | 42 | <see href="https://developer.android.com/guide/topics/admin/device-admin.html">Device Administration</see> |
45 | | - developer guide. |
46 | | - |
47 | | - <p id="devicepolicycontroller">Through Managed Provisioning, |
| 43 | + developer guide.</para> |
| 44 | + <para>Through Managed Provisioning, |
48 | 45 | Device Administrator apps can also be recognised as <b> |
49 | 46 | Device Policy Controllers</b>. Device Policy Controllers can be one of |
50 | 47 | two types: |
|
74 | 71 | Controller</see>.</para> |
75 | 72 | <para>Permissions are generally only given to apps |
76 | 73 | fulfilling particular key roles on the device (such as managing <c>DeviceLockManager |
77 | | - device locks</c>). |
78 | | - |
79 | | - <p id="roleholder"><b>Device Policy Management Role Holder</b></para> |
| 74 | + device locks</c>).</para> |
| 75 | + <para><b>Device Policy Management Role Holder</b></para> |
80 | 76 | <para>One app on the device fulfills the <c>RoleManager#ROLE_DEVICE_POLICY_MANAGEMENT Device |
81 | 77 | Policy Management Role</c> and is trusted with managing the overall state of |
82 | 78 | Device Policy. This has access to much more powerful methods than |
83 | | - managing apps. |
84 | | - |
85 | | - <p id="querying"><b>Querying Device Policy</b></para> |
| 79 | + managing apps.</para> |
| 80 | + <para><b>Querying Device Policy</b></para> |
86 | 81 | <para>In most cases, regular apps do not need to concern themselves with device |
87 | 82 | policy, and restrictions will be enforced automatically. There are some cases |
88 | 83 | where an app may wish to query device policy to provide a better user |
89 | 84 | experience. Only a small number of policies allow apps to query them directly. |
90 | | - These APIs will typically have no special required permissions. |
91 | | - |
92 | | - <p id="managedprovisioning"><b>Managed Provisioning</b></para> |
| 85 | + These APIs will typically have no special required permissions.</para> |
| 86 | + <para><b>Managed Provisioning</b></para> |
93 | 87 | <para>Managed Provisioning is the process of recognising an app as a |
94 | 88 | Profile Owner. It |
95 | 89 | involves presenting education and consent screens to the user to ensure they |
96 | 90 | are aware of the capabilities this grants the Device Policy |
97 | 91 | Controller</para> |
98 | 92 | <para>For more information on provisioning, see <see href="https://developer.android.com/work/dpc/build-dpc">Building a |
99 | | - Device Policy Controller</see>. |
100 | | - |
101 | | - <p id="managed_profile">A <b>Managed Profile</b> enables data separation. For example to use |
| 93 | + Device Policy Controller</see>.</para> |
| 94 | + <para>A <b>Managed Profile</b> enables data separation. For example to use |
102 | 95 | a device both for personal and corporate usage. The managed profile and its |
103 | | - <c>UserManager#getProfileParent parent</c> share a launcher. |
104 | | - |
105 | | - <p id="affiliated"><b>Affiliation</b></para> |
| 96 | + <c>UserManager#getProfileParent parent</c> share a launcher.</para> |
| 97 | + <para><b>Affiliation</b></para> |
106 | 98 | <para>Using the <c>#setAffiliationIds</c> method, a |
107 | 99 | Device Owner can set a list of affiliation ids for the |
108 | 100 | <c>UserManager#isSystemUser System User</c>. Any Profile Owner on |
|
116 | 108 | that of the Device Owner. It also allows use of the |
117 | 109 | <c>#bindDeviceAdminServiceAsUser</c> APIs for direct communication between the |
118 | 110 | Device Owner and |
119 | | - affiliated Profile Owners. |
120 | | - |
121 | | - <p id="organization-owned"><b>Organization Owned</b></para> |
| 111 | + affiliated Profile Owners.</para> |
| 112 | + <para><b>Organization Owned</b></para> |
122 | 113 | <para>An organization owned device is one which is not owned by the person making use of the device and |
123 | 114 | is instead owned by an organization such as their employer or education provider. These devices |
124 | 115 | are recognised as being organization owned either by the presence of a |
125 | 116 | device owner or of a |
126 | 117 | <c>#isOrganizationOwnedDeviceWithManagedProfile profile which has a profile owner is marked |
127 | | - as organization owned</c>. |
128 | | - |
129 | | - <p id="profile-on-parent-organization-owned">Profile owners running on an |
| 118 | + as organization owned</c>.</para> |
| 119 | + <para>Profile owners running on an |
130 | 120 | organization owned device can exercise additional capabilities |
131 | 121 | using the <c>#getParentProfileInstance(ComponentName)</c> API which apply to the parent user. |
132 | | - Each API will indicate if it is usable in this way. |
133 | | - |
134 | | - <p id="automotive"><b>Android Automotive</b></para> |
| 122 | + Each API will indicate if it is usable in this way.</para> |
| 123 | + <para><b>Android Automotive</b></para> |
135 | 124 | <para>On <c>android.content.pm.PackageManager#FEATURE_AUTOMOTIVE |
136 | 125 | "Android Automotive builds"</c>, some methods can throw |
137 | 126 | <c>UnsafeStateException "an exception"</c> if an action is unsafe (for example, if the vehicle |
|
351 | 340 | <remarks> |
352 | 341 | <para>Broadcast Action: Sent after application delegation scopes are changed. The new delegation |
353 | 342 | scopes will be sent in an <c>ArrayList<String></c> extra identified by the |
354 | | - <c>#EXTRA_DELEGATION_SCOPES</c> key. |
355 | | - |
356 | | - <p class="note"><b>Note:</b> This is a protected intent that can only be sent by the |
357 | | - system.</p></para> |
| 343 | + <c>#EXTRA_DELEGATION_SCOPES</c> key.</para> |
| 344 | + <para><b>Note:</b> This is a protected intent that can only be sent by the |
| 345 | + system.</para> |
358 | 346 | <para> |
359 | 347 | <format type="text/html"> |
360 | 348 | <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager#ACTION_APPLICATION_DELEGATION_SCOPES_CHANGED" title="Reference documentation">Java documentation for <code>android.app.admin.DevicePolicyManager.ACTION_APPLICATION_DELEGATION_SCOPES_CHANGED</code>.</a> |
|
12461 | 12449 | A device owner app is a special device admin that cannot be deactivated by the user, once |
12462 | 12450 | activated as a device admin. It also cannot be uninstalled. To check whether a particular |
12463 | 12451 | package is currently registered as the device owner app, pass in the package name from |
12464 | | - <c>Context#getPackageName()</c> to this method.<p/>This is useful for device |
| 12452 | + <c>Context#getPackageName()</c> to this method.</para> |
| 12453 | + <para>This is useful for device |
12465 | 12454 | admin apps that want to check whether they are also registered as the device owner app. The |
12466 | 12455 | exact mechanism by which a device admin app is registered as a device owner app is defined by |
12467 | 12456 | the setup process.</para> |
@@ -22223,20 +22212,16 @@ |
22223 | 22212 | cannot manage it through the UI, and <c>#PERMISSION_GRANT_STATE_GRANTED granted</c> in which |
22224 | 22213 | the permission is granted and the user cannot manage it through the UI. This method can only |
22225 | 22214 | be called by a profile owner, device owner, or a delegate given the |
22226 | | - <c>#DELEGATION_PERMISSION_GRANT</c> scope via <c>#setDelegatedScopes</c>. |
22227 | | - <p/> |
22228 | | - Note that user cannot manage other permissions in the affected group through the UI |
| 22215 | + <c>#DELEGATION_PERMISSION_GRANT</c> scope via <c>#setDelegatedScopes</c>.</para> |
| 22216 | + <para>Note that user cannot manage other permissions in the affected group through the UI |
22229 | 22217 | either and their granted state will be kept as the current value. Thus, it's recommended that |
22230 | | - you set the grant state of all the permissions in the affected group. |
22231 | | - <p/> |
22232 | | - Setting the grant state to <c>#PERMISSION_GRANT_STATE_DEFAULT default</c> does not revoke |
22233 | | - the permission. It retains the previous grant, if any. |
22234 | | - <p/> |
22235 | | - Device admins with a <c>targetSdkVersion</c> &lt; <c>android.os.Build.VERSION_CODES#Q</c> |
| 22218 | + you set the grant state of all the permissions in the affected group.</para> |
| 22219 | + <para>Setting the grant state to <c>#PERMISSION_GRANT_STATE_DEFAULT default</c> does not revoke |
| 22220 | + the permission. It retains the previous grant, if any.</para> |
| 22221 | + <para>Device admins with a <c>targetSdkVersion</c> &lt; <c>android.os.Build.VERSION_CODES#Q</c> |
22236 | 22222 | cannot grant and revoke permissions for applications built with a <c>targetSdkVersion</c> |
22237 | | - &lt; <c>android.os.Build.VERSION_CODES#M</c>. |
22238 | | - <p/> |
22239 | | - Admins with a <c>targetSdkVersion</c> &ge; <c>android.os.Build.VERSION_CODES#Q</c> can |
| 22223 | + &lt; <c>android.os.Build.VERSION_CODES#M</c>.</para> |
| 22224 | + <para>Admins with a <c>targetSdkVersion</c> &ge; <c>android.os.Build.VERSION_CODES#Q</c> can |
22240 | 22225 | grant and revoke permissions of all apps. Similar to the user revoking a permission from a |
22241 | 22226 | application built with a <c>targetSdkVersion</c> &lt; |
22242 | 22227 | <c>android.os.Build.VERSION_CODES#M</c> the app-op matching the permission is set to |
|
22338 | 22323 | can allow automatic granting or denying of runtime permission requests by an application. |
22339 | 22324 | This also applies to new permissions declared by app updates. When a permission is denied or |
22340 | 22325 | granted this way, the effect is equivalent to setting the permission * grant state via |
22341 | | - <c>#setPermissionGrantState</c>. |
22342 | | - <p/> |
22343 | | - As this policy only acts on runtime permission requests, it only applies to applications |
| 22326 | + <c>#setPermissionGrantState</c>.</para> |
| 22327 | + <para>As this policy only acts on runtime permission requests, it only applies to applications |
22344 | 22328 | built with a <c>targetSdkVersion</c> of <c>android.os.Build.VERSION_CODES#M</c> or later.</para> |
22345 | 22329 | <para>NOTE: On devices running <c>android.os.Build.VERSION_CODES#S</c> and above, an auto-grant |
22346 | 22330 | policy will not apply to certain sensors-related permissions on some configurations. |
|
22960 | 22944 | local or remote administrator of the user.</summary> |
22961 | 22945 | <remarks> |
22962 | 22946 | <para>Designates a specific service component as the provider for making permission requests of a |
22963 | | - local or remote administrator of the user. |
22964 | | - <p/> |
22965 | | - Only a device owner or profile owner can designate the restrictions provider.</para> |
| 22947 | + local or remote administrator of the user.</para> |
| 22948 | + <para>Only a device owner or profile owner can designate the restrictions provider.</para> |
22966 | 22949 | <para> |
22967 | 22950 | <format type="text/html"> |
22968 | 22951 | <a href="https://developer.android.com/reference/android/app/admin/DevicePolicyManager#setRestrictionsProvider(android.content.ComponentName,%20android.content.ComponentName)" title="Reference documentation">Java documentation for <code>android.app.admin.DevicePolicyManager.setRestrictionsProvider(android.content.ComponentName, android.content.ComponentName)</code>.</a> |
|
0 commit comments