DeviceAdminReceiver.java revision e95c2817f753aa4572dca38cfa29d988d692b00e 
1/*
2 * Copyright (C) 2010 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package android.app.admin;
18
19import android.accounts.AccountManager;
20import android.annotation.IntDef;
21import android.annotation.SdkConstant;
22import android.annotation.SdkConstant.SdkConstantType;
23import android.annotation.SystemApi;
24import android.app.Service;
25import android.content.BroadcastReceiver;
26import android.content.ComponentName;
27import android.content.Context;
28import android.content.Intent;
29import android.net.Uri;
30import android.os.Bundle;
31import android.os.UserHandle;
32import android.security.KeyChain;
33
34import java.lang.annotation.Retention;
35import java.lang.annotation.RetentionPolicy;
36
37/**
38 * Base class for implementing a device administration component.  This
39 * class provides a convenience for interpreting the raw intent actions
40 * that are sent by the system.
41 *
42 * <p>The callback methods, like the base
43 * {@link BroadcastReceiver#onReceive(Context, Intent) BroadcastReceiver.onReceive()}
44 * method, happen on the main thread of the process.  Thus long running
45 * operations must be done on another thread.  Note that because a receiver
46 * is done once returning from its receive function, such long-running operations
47 * should probably be done in a {@link Service}.
48 *
49 * <p>When publishing your DeviceAdmin subclass as a receiver, it must
50 * handle {@link #ACTION_DEVICE_ADMIN_ENABLED} and require the
51 * {@link android.Manifest.permission#BIND_DEVICE_ADMIN} permission.  A typical
52 * manifest entry would look like:</p>
53 *
54 * {@sample development/samples/ApiDemos/AndroidManifest.xml device_admin_declaration}
55 *
56 * <p>The meta-data referenced here provides addition information specific
57 * to the device administrator, as parsed by the {@link DeviceAdminInfo} class.
58 * A typical file would be:</p>
59 *
60 * {@sample development/samples/ApiDemos/res/xml/device_admin_sample.xml meta_data}
61 *
62 * <div class="special reference">
63 * <h3>Developer Guides</h3>
64 * <p>For more information about device administration, read the
65 * <a href="{@docRoot}guide/topics/admin/device-admin.html">Device Administration</a>
66 * developer guide.</p>
67 * </div>
68 */
69public class DeviceAdminReceiver extends BroadcastReceiver {
70    private static String TAG = "DevicePolicy";
71    private static boolean localLOGV = false;
72
73    /**
74     * This is the primary action that a device administrator must implement to be
75     * allowed to manage a device.  This will be set to the receiver
76     * when the user enables it for administration.  You will generally
77     * handle this in {@link DeviceAdminReceiver#onEnabled(Context, Intent)}.  To be
78     * supported, the receiver must also require the
79     * {@link android.Manifest.permission#BIND_DEVICE_ADMIN} permission so
80     * that other applications can not abuse it.
81     */
82    @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION)
83    public static final String ACTION_DEVICE_ADMIN_ENABLED
84            = "android.app.action.DEVICE_ADMIN_ENABLED";
85
86    /**
87     * Action sent to a device administrator when the user has requested to
88     * disable it, but before this has actually been done.  This gives you
89     * a chance to supply a message to the user about the impact of
90     * disabling your admin, by setting the extra field
91     * {@link #EXTRA_DISABLE_WARNING} in the result Intent.  If not set,
92     * no warning will be displayed.  If set, the given text will be shown
93     * to the user before they disable your admin.
94     */
95    @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION)
96    public static final String ACTION_DEVICE_ADMIN_DISABLE_REQUESTED
97            = "android.app.action.DEVICE_ADMIN_DISABLE_REQUESTED";
98
99    /**
100     * A CharSequence that can be shown to the user informing them of the
101     * impact of disabling your admin.
102     *
103     * @see #ACTION_DEVICE_ADMIN_DISABLE_REQUESTED
104     */
105    public static final String EXTRA_DISABLE_WARNING = "android.app.extra.DISABLE_WARNING";
106
107    /**
108     * Action sent to a device administrator when the user has disabled
109     * it.  Upon return, the application no longer has access to the
110     * protected device policy manager APIs.  You will generally
111     * handle this in {@link DeviceAdminReceiver#onDisabled(Context, Intent)}.  Note
112     * that this action will be
113     * sent the receiver regardless of whether it is explicitly listed in
114     * its intent filter.
115     */
116    @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION)
117    public static final String ACTION_DEVICE_ADMIN_DISABLED
118            = "android.app.action.DEVICE_ADMIN_DISABLED";
119
120    /**
121     * Action sent to a device administrator when the user has changed the password of their device
122     * or profile challenge.  You can at this point check the characteristics
123     * of the new password with {@link DevicePolicyManager#isActivePasswordSufficient()
124     * DevicePolicyManager.isActivePasswordSufficient()}.
125     * You will generally
126     * handle this in {@link DeviceAdminReceiver#onPasswordChanged}.
127     *
128     * <p>The calling device admin must have requested
129     * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to receive
130     * this broadcast.
131     */
132    @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION)
133    public static final String ACTION_PASSWORD_CHANGED
134            = "android.app.action.ACTION_PASSWORD_CHANGED";
135
136    /**
137     * Action sent to a device administrator when the user has entered an incorrect device
138     * or profile challenge password.  You can at this point check the
139     * number of failed password attempts there have been with
140     * {@link DevicePolicyManager#getCurrentFailedPasswordAttempts
141     * DevicePolicyManager.getCurrentFailedPasswordAttempts()}.  You will generally
142     * handle this in {@link DeviceAdminReceiver#onPasswordFailed}.
143     *
144     * <p>The calling device admin must have requested
145     * {@link DeviceAdminInfo#USES_POLICY_WATCH_LOGIN} to receive
146     * this broadcast.
147     */
148    @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION)
149    public static final String ACTION_PASSWORD_FAILED
150            = "android.app.action.ACTION_PASSWORD_FAILED";
151
152    /**
153     * Action sent to a device administrator when the user has successfully entered their device
154     * or profile challenge password, after failing one or more times.  You will generally
155     * handle this in {@link DeviceAdminReceiver#onPasswordSucceeded}.
156     *
157     * <p>The calling device admin must have requested
158     * {@link DeviceAdminInfo#USES_POLICY_WATCH_LOGIN} to receive
159     * this broadcast.
160     */
161    @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION)
162    public static final String ACTION_PASSWORD_SUCCEEDED
163            = "android.app.action.ACTION_PASSWORD_SUCCEEDED";
164
165    /**
166     * Action periodically sent to a device administrator when the device or profile challenge
167     * password is expiring.  You will generally
168     * handle this in {@link DeviceAdminReceiver#onPasswordExpiring}.
169     *
170     * <p>The calling device admin must have requested
171     * {@link DeviceAdminInfo#USES_POLICY_EXPIRE_PASSWORD} to receive
172     * this broadcast.
173     */
174    @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION)
175    public static final String ACTION_PASSWORD_EXPIRING
176            = "android.app.action.ACTION_PASSWORD_EXPIRING";
177
178    /**
179     * Action sent to a device administrator to notify that the device is entering
180     * lock task mode.  The extra {@link #EXTRA_LOCK_TASK_PACKAGE}
181     * will describe the package using lock task mode.
182     *
183     * <p>The calling device admin must be the device owner or profile
184     * owner to receive this broadcast.
185     *
186     * @see DevicePolicyManager#isLockTaskPermitted(String)
187     */
188    @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION)
189    public static final String ACTION_LOCK_TASK_ENTERING
190            = "android.app.action.LOCK_TASK_ENTERING";
191
192    /**
193     * Action sent to a device administrator to notify that the device is exiting
194     * lock task mode.
195     *
196     * <p>The calling device admin must be the device owner or profile
197     * owner to receive this broadcast.
198     *
199     * @see DevicePolicyManager#isLockTaskPermitted(String)
200     */
201    @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION)
202    public static final String ACTION_LOCK_TASK_EXITING
203            = "android.app.action.LOCK_TASK_EXITING";
204
205    /**
206     * A string containing the name of the package entering lock task mode.
207     *
208     * @see #ACTION_LOCK_TASK_ENTERING
209     */
210    public static final String EXTRA_LOCK_TASK_PACKAGE =
211            "android.app.extra.LOCK_TASK_PACKAGE";
212
213    /**
214     * Broadcast Action: This broadcast is sent to indicate that provisioning of a managed profile
215     * or managed device has completed successfully.
216     *
217     * <p>The broadcast is limited to the profile that will be managed by the application that
218     * requested provisioning. In the device owner case the profile is the primary user.
219     * The broadcast will also be limited to the {@link DeviceAdminReceiver} component
220     * specified in the original intent or NFC bump that started the provisioning process
221     * (see {@link DevicePolicyManager#ACTION_PROVISION_MANAGED_PROFILE
222     * DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE}).
223     *
224     * <p>A device admin application which listens to this intent can find out if the device was
225     * provisioned for the device owner or profile owner case by calling respectively
226     * {@link android.app.admin.DevicePolicyManager#isDeviceOwnerApp} and
227     * {@link android.app.admin.DevicePolicyManager#isProfileOwnerApp}. You will generally handle
228     * this in {@link DeviceAdminReceiver#onProfileProvisioningComplete}.
229     *
230     * <p>Input: Nothing.</p>
231     * <p>Output: Nothing</p>
232     */
233    @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION)
234    public static final String ACTION_PROFILE_PROVISIONING_COMPLETE =
235            "android.app.action.PROFILE_PROVISIONING_COMPLETE";
236
237    /**
238     * Action sent to a device administrator to notify that the device user
239     * has declined sharing a bugreport.
240     *
241     * <p>The calling device admin must be the device owner to receive this broadcast.
242     * @see DevicePolicyManager#requestBugreport
243     * @hide
244     */
245    @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION)
246    public static final String ACTION_BUGREPORT_SHARING_DECLINED =
247            "android.app.action.BUGREPORT_SHARING_DECLINED";
248
249    /**
250     * Action sent to a device administrator to notify that the collection of a bugreport
251     * has failed.
252     *
253     * <p>The calling device admin must be the device owner to receive this broadcast.
254     * @see DevicePolicyManager#requestBugreport
255     * @hide
256     */
257    @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION)
258    public static final String ACTION_BUGREPORT_FAILED = "android.app.action.BUGREPORT_FAILED";
259
260    /**
261     * Action sent to a device administrator to share the bugreport.
262     *
263     * <p>The calling device admin must be the device owner to receive this broadcast.
264     * @see DevicePolicyManager#requestBugreport
265     * @hide
266     */
267    @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION)
268    public static final String ACTION_BUGREPORT_SHARE =
269            "android.app.action.BUGREPORT_SHARE";
270
271    /**
272     * Broadcast action: notify that a new batch of security logs is ready to be collected.
273     * @hide
274     */
275    @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION)
276    public static final String ACTION_SECURITY_LOGS_AVAILABLE
277            = "android.app.action.SECURITY_LOGS_AVAILABLE";
278
279    /**
280     * Broadcast action: notify that a new batch of network logs is ready to be collected.
281     * @see DeviceAdminReceiver#onNetworkLogsAvailable
282     * @hide
283     */
284    @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION)
285    public static final String ACTION_NETWORK_LOGS_AVAILABLE
286            = "android.app.action.NETWORK_LOGS_AVAILABLE";
287
288    /**
289     * A {@code long} containing a token of the current batch of network logs, that has to be used
290     * to retrieve the batch of logs by the device owner.
291     *
292     * @see #ACTION_NETWORK_LOGS_AVAILABLE
293     * @see DevicePolicyManager#retrieveNetworkLogs
294     * @hide
295     */
296    public static final String EXTRA_NETWORK_LOGS_TOKEN =
297            "android.app.extra.EXTRA_NETWORK_LOGS_TOKEN";
298
299    /**
300     * An {@code int} count representing a total count of network logs inside the current batch of
301     * network logs.
302     *
303     * @see #ACTION_NETWORK_LOGS_AVAILABLE
304     * @hide
305     */
306    public static final String EXTRA_NETWORK_LOGS_COUNT =
307            "android.app.extra.EXTRA_NETWORK_LOGS_COUNT";
308
309    /**
310     * Broadcast action: notify the device owner that a user or profile has been added.
311     * Carries an extra {@link Intent#EXTRA_USER} that has the {@link UserHandle} of
312     * the new user.
313     * @hide
314     */
315    @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION)
316    public static final String ACTION_USER_ADDED  = "android.app.action.USER_ADDED";
317
318    /**
319     * Broadcast action: notify the device owner that a user or profile has been removed.
320     * Carries an extra {@link Intent#EXTRA_USER} that has the {@link UserHandle} of
321     * the new user.
322     * @hide
323     */
324    @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION)
325    public static final String ACTION_USER_REMOVED = "android.app.action.USER_REMOVED";
326
327    /**
328     * A string containing the SHA-256 hash of the bugreport file.
329     *
330     * @see #ACTION_BUGREPORT_SHARE
331     * @hide
332     */
333    public static final String EXTRA_BUGREPORT_HASH = "android.app.extra.BUGREPORT_HASH";
334
335    /**
336     * An {@code int} failure code representing the reason of the bugreport failure. One of
337     * {@link #BUGREPORT_FAILURE_FAILED_COMPLETING}
338     * or {@link #BUGREPORT_FAILURE_FILE_NO_LONGER_AVAILABLE}
339     *
340     * @see #ACTION_BUGREPORT_FAILED
341     * @hide
342     */
343    public static final String EXTRA_BUGREPORT_FAILURE_REASON =
344            "android.app.extra.BUGREPORT_FAILURE_REASON";
345
346    /**
347     * An interface representing reason of bugreport failure.
348     *
349     * @see #EXTRA_BUGREPORT_FAILURE_REASON
350     * @hide
351     */
352    @Retention(RetentionPolicy.SOURCE)
353    @IntDef({
354        BUGREPORT_FAILURE_FAILED_COMPLETING,
355        BUGREPORT_FAILURE_FILE_NO_LONGER_AVAILABLE
356    })
357    public @interface BugreportFailureCode {}
358
359    /**
360     * Bugreport completion process failed.
361     *
362     * <p>If this error code is received, the requesting of bugreport can be retried.
363     * @see DevicePolicyManager#requestBugreport
364     */
365    public static final int BUGREPORT_FAILURE_FAILED_COMPLETING = 0;
366
367    /**
368     * Bugreport has been created, but is no longer available for collection.
369     *
370     * <p>This error likely occurs because the user of the device hasn't consented to share
371     * the bugreport for a long period after its creation.
372     *
373     * <p>If this error code is received, the requesting of bugreport can be retried.
374     * @see DevicePolicyManager#requestBugreport
375     */
376    public static final int BUGREPORT_FAILURE_FILE_NO_LONGER_AVAILABLE = 1;
377
378    /** @hide */
379    public static final String ACTION_CHOOSE_PRIVATE_KEY_ALIAS =
380            "android.app.action.CHOOSE_PRIVATE_KEY_ALIAS";
381
382    /** @hide */
383    public static final String EXTRA_CHOOSE_PRIVATE_KEY_SENDER_UID =
384            "android.app.extra.CHOOSE_PRIVATE_KEY_SENDER_UID";
385
386    /** @hide */
387    public static final String EXTRA_CHOOSE_PRIVATE_KEY_URI =
388            "android.app.extra.CHOOSE_PRIVATE_KEY_URI";
389
390    /** @hide */
391    public static final String EXTRA_CHOOSE_PRIVATE_KEY_ALIAS =
392            "android.app.extra.CHOOSE_PRIVATE_KEY_ALIAS";
393
394    /** @hide */
395    public static final String EXTRA_CHOOSE_PRIVATE_KEY_RESPONSE =
396            "android.app.extra.CHOOSE_PRIVATE_KEY_RESPONSE";
397
398    /**
399     * Broadcast action: notify device owner that there is a pending system update.
400     * @hide
401     */
402    @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION)
403    public static final String ACTION_NOTIFY_PENDING_SYSTEM_UPDATE =
404            "android.app.action.NOTIFY_PENDING_SYSTEM_UPDATE";
405
406    /**
407     * A long type extra for {@link #onSystemUpdatePending} recording the system time as given by
408     * {@link System#currentTimeMillis()} when the current pending system update is first available.
409     * @hide
410     */
411    public static final String EXTRA_SYSTEM_UPDATE_RECEIVED_TIME =
412            "android.app.extra.SYSTEM_UPDATE_RECEIVED_TIME";
413
414    /**
415     * Name under which a DevicePolicy component publishes information
416     * about itself.  This meta-data must reference an XML resource containing
417     * a device-admin tag.
418     */
419    //  TO DO: describe syntax.
420    public static final String DEVICE_ADMIN_META_DATA = "android.app.device_admin";
421
422    private DevicePolicyManager mManager;
423    private ComponentName mWho;
424
425    /**
426     * Retrieve the DevicePolicyManager interface for this administrator to work
427     * with the system.
428     */
429    public DevicePolicyManager getManager(Context context) {
430        if (mManager != null) {
431            return mManager;
432        }
433        mManager = (DevicePolicyManager)context.getSystemService(
434                Context.DEVICE_POLICY_SERVICE);
435        return mManager;
436    }
437
438    /**
439     * Retrieve the ComponentName describing who this device administrator is, for
440     * use in {@link DevicePolicyManager} APIs that require the administrator to
441     * identify itself.
442     */
443    public ComponentName getWho(Context context) {
444        if (mWho != null) {
445            return mWho;
446        }
447        mWho = new ComponentName(context, getClass());
448        return mWho;
449    }
450
451    /**
452     * Called after the administrator is first enabled, as a result of
453     * receiving {@link #ACTION_DEVICE_ADMIN_ENABLED}.  At this point you
454     * can use {@link DevicePolicyManager} to set your desired policies.
455     *
456     * <p> If the admin is activated by a device owner, then the intent
457     * may contain private extras that are relevant to user setup.
458     * {@see DevicePolicyManager#createAndManageUser(ComponentName, String, ComponentName,
459     *      PersistableBundle, int)}
460     *
461     * @param context The running context as per {@link #onReceive}.
462     * @param intent The received intent as per {@link #onReceive}.
463     */
464    public void onEnabled(Context context, Intent intent) {
465    }
466
467    /**
468     * Called when the user has asked to disable the administrator, as a result of
469     * receiving {@link #ACTION_DEVICE_ADMIN_DISABLE_REQUESTED}, giving you
470     * a chance to present a warning message to them.  The message is returned
471     * as the result; if null is returned (the default implementation), no
472     * message will be displayed.
473     * @param context The running context as per {@link #onReceive}.
474     * @param intent The received intent as per {@link #onReceive}.
475     * @return Return the warning message to display to the user before
476     * being disabled; if null is returned, no message is displayed.
477     */
478    public CharSequence onDisableRequested(Context context, Intent intent) {
479        return null;
480    }
481
482    /**
483     * Called prior to the administrator being disabled, as a result of
484     * receiving {@link #ACTION_DEVICE_ADMIN_DISABLED}.  Upon return, you
485     * can no longer use the protected parts of the {@link DevicePolicyManager}
486     * API.
487     * @param context The running context as per {@link #onReceive}.
488     * @param intent The received intent as per {@link #onReceive}.
489     */
490    public void onDisabled(Context context, Intent intent) {
491    }
492
493    /**
494     * Called after the user has changed their device or profile challenge password, as a result of
495     * receiving {@link #ACTION_PASSWORD_CHANGED}.  At this point you
496     * can use {@link DevicePolicyManager#getPasswordQuality(android.content.ComponentName)}
497     * to retrieve the active password characteristics.
498     * @param context The running context as per {@link #onReceive}.
499     * @param intent The received intent as per {@link #onReceive}.
500     */
501    public void onPasswordChanged(Context context, Intent intent) {
502    }
503
504    /**
505     * Called after the user has failed at entering their device or profile challenge password,
506     * as a result of receiving {@link #ACTION_PASSWORD_FAILED}.  At this point you can use
507     * {@link DevicePolicyManager#getCurrentFailedPasswordAttempts()} to retrieve the number of
508     * failed password attempts.
509     * @param context The running context as per {@link #onReceive}.
510     * @param intent The received intent as per {@link #onReceive}.
511     */
512    public void onPasswordFailed(Context context, Intent intent) {
513    }
514
515    /**
516     * Called after the user has succeeded at entering their device or profile challenge password,
517     * as a result of receiving {@link #ACTION_PASSWORD_SUCCEEDED}.  This will
518     * only be received the first time they succeed after having previously
519     * failed.
520     * @param context The running context as per {@link #onReceive}.
521     * @param intent The received intent as per {@link #onReceive}.
522     */
523    public void onPasswordSucceeded(Context context, Intent intent) {
524    }
525
526    /**
527     * Called periodically when the device or profile challenge password is about to expire
528     * or has expired.  It will typically be called at these times: on device boot, once per day
529     * before the password expires, and at the time when the password expires.
530     *
531     * <p>If the password is not updated by the user, this method will continue to be called
532     * once per day until the password is changed or the device admin disables password expiration.
533     *
534     * <p>The admin will typically post a notification requesting the user to change their password
535     * in response to this call. The actual password expiration time can be obtained by calling
536     * {@link DevicePolicyManager#getPasswordExpiration(ComponentName) }
537     *
538     * <p>The admin should be sure to take down any notifications it posted in response to this call
539     * when it receives {@link DeviceAdminReceiver#onPasswordChanged(Context, Intent) }.
540     *
541     * @param context The running context as per {@link #onReceive}.
542     * @param intent The received intent as per {@link #onReceive}.
543     */
544    public void onPasswordExpiring(Context context, Intent intent) {
545    }
546
547    /**
548     * Called when provisioning of a managed profile or managed device has completed successfully.
549     *
550     * <p> As a prerequisite for the execution of this callback the {@link DeviceAdminReceiver} has
551     * to declare an intent filter for {@link #ACTION_PROFILE_PROVISIONING_COMPLETE}.
552     * Its component must also be specified in the {@link DevicePolicyManager#EXTRA_DEVICE_ADMIN}
553     * of the {@link DevicePolicyManager#ACTION_PROVISION_MANAGED_PROFILE} intent that started the
554     * managed provisioning.
555     *
556     * <p>When provisioning of a managed profile is complete, the managed profile is hidden until
557     * the profile owner calls {DevicePolicyManager#setProfileEnabled(ComponentName admin)}.
558     * Typically a profile owner will enable the profile when it has finished any additional setup
559     * such as adding an account by using the {@link AccountManager} and calling apis to bring the
560     * profile into the desired state.
561     *
562     * <p> Note that provisioning completes without waiting for any server interactions, so the
563     * profile owner needs to wait for data to be available if required (e.g. android device ids or
564     * other data that is set as a result of server interactions).
565     *
566     * @param context The running context as per {@link #onReceive}.
567     * @param intent The received intent as per {@link #onReceive}.
568     */
569    public void onProfileProvisioningComplete(Context context, Intent intent) {
570    }
571
572    /**
573     * Called during provisioning of a managed device to allow the device initializer to perform
574     * user setup steps.
575     *
576     * @param context The running context as per {@link #onReceive}.
577     * @param intent The received intent as per {@link #onReceive}.
578     * @deprecated Do not use
579     */
580    @Deprecated
581    @SystemApi
582    public void onReadyForUserInitialization(Context context, Intent intent) {
583    }
584
585    /**
586     * Called when a device is entering lock task mode.
587     *
588     * @param context The running context as per {@link #onReceive}.
589     * @param intent The received intent as per {@link #onReceive}.
590     * @param pkg If entering, the authorized package using lock task mode, otherwise null.
591     */
592    public void onLockTaskModeEntering(Context context, Intent intent, String pkg) {
593    }
594
595    /**
596     * Called when a device is exiting lock task mode.
597     *
598     * @param context The running context as per {@link #onReceive}.
599     * @param intent The received intent as per {@link #onReceive}.
600     */
601    public void onLockTaskModeExiting(Context context, Intent intent) {
602    }
603
604    /**
605     * Allows this receiver to select the alias for a private key and certificate pair for
606     * authentication. If this method returns null, the default {@link android.app.Activity} will be
607     * shown that lets the user pick a private key and certificate pair.
608     *
609     * @param context The running context as per {@link #onReceive}.
610     * @param intent The received intent as per {@link #onReceive}.
611     * @param uid The uid asking for the private key and certificate pair.
612     * @param uri The URI to authenticate, may be null.
613     * @param alias The alias preselected by the client, or null.
614     * @return The private key alias to return and grant access to.
615     * @see KeyChain#choosePrivateKeyAlias
616     */
617    public String onChoosePrivateKeyAlias(Context context, Intent intent, int uid, Uri uri,
618            String alias) {
619        return null;
620    }
621
622    /**
623     * Allows the receiver to be notified when information about a pending system update is
624     * available from the system update service. The same pending system update can trigger multiple
625     * calls to this method, so it is necessary to examine the incoming parameters for details about
626     * the update.
627     * <p>
628     * This callback is only applicable to device owners.
629     *
630     * @param context The running context as per {@link #onReceive}.
631     * @param intent The received intent as per {@link #onReceive}.
632     * @param receivedTime The time as given by {@link System#currentTimeMillis()} indicating when
633     *        the current pending update was first available. -1 if no pending update is available.
634     */
635    public void onSystemUpdatePending(Context context, Intent intent, long receivedTime) {
636    }
637
638    /**
639     * Called when sharing a bugreport has been cancelled by the user of the device.
640     *
641     * <p>This callback is only applicable to device owners.
642     *
643     * @param context The running context as per {@link #onReceive}.
644     * @param intent The received intent as per {@link #onReceive}.
645     * @see DevicePolicyManager#requestBugreport
646     */
647    public void onBugreportSharingDeclined(Context context, Intent intent) {
648    }
649
650    /**
651     * Called when the bugreport has been shared with the device administrator app.
652     *
653     * <p>This callback is only applicable to device owners.
654     *
655     * @param context The running context as per {@link #onReceive}.
656     * @param intent The received intent as per {@link #onReceive}. Contains the URI of
657     * the bugreport file (with MIME type "application/vnd.android.bugreport"), that can be accessed
658     * by calling {@link Intent#getData()}
659     * @param bugreportHash SHA-256 hash of the bugreport file.
660     * @see DevicePolicyManager#requestBugreport
661     */
662    public void onBugreportShared(Context context, Intent intent, String bugreportHash) {
663    }
664
665    /**
666     * Called when the bugreport collection flow has failed.
667     *
668     * <p>This callback is only applicable to device owners.
669     *
670     * @param context The running context as per {@link #onReceive}.
671     * @param intent The received intent as per {@link #onReceive}.
672     * @param failureCode int containing failure code. One of
673     * {@link #BUGREPORT_FAILURE_FAILED_COMPLETING}
674     * or {@link #BUGREPORT_FAILURE_FILE_NO_LONGER_AVAILABLE}
675     * @see DevicePolicyManager#requestBugreport
676     */
677    public void onBugreportFailed(Context context, Intent intent,
678            @BugreportFailureCode int failureCode) {
679    }
680
681    /**
682     * Called when a new batch of security logs can be retrieved.
683     *
684     * <p>This callback is only applicable to device owners.
685     *
686     * @param context The running context as per {@link #onReceive}.
687     * @param intent The received intent as per {@link #onReceive}.
688     * @see DevicePolicyManager#retrieveSecurityLogs(ComponentName)
689     */
690    public void onSecurityLogsAvailable(Context context, Intent intent) {
691    }
692
693    /**
694     * Called each time a new batch of network logs can be retrieved. This callback method will only
695     * ever be called when network logging is enabled. The logs can only be retrieved while network
696     * logging is enabled.
697     *
698     * <p>This callback is only applicable to device owners.
699     *
700     * @param context The running context as per {@link #onReceive}.
701     * @param intent The received intent as per {@link #onReceive}.
702     * @param batchToken The token representing the current batch of network logs.
703     * @param networkLogsCount The total count of events in the current batch of network logs.
704     * @see DevicePolicyManager#retrieveNetworkLogs(ComponentName)
705     *
706     * @hide
707     */
708    public void onNetworkLogsAvailable(Context context, Intent intent, long batchToken,
709            int networkLogsCount) {
710    }
711
712     /**
713      * Called when a user or profile is created.
714      *
715      * <p>This callback is only applicable to device owners.
716      *
717      * @param context The running context as per {@link #onReceive}.
718      * @param intent The received intent as per {@link #onReceive}.
719      * @param newUser The {@link UserHandle} of the user that has just been added.
720      */
721     public void onUserAdded(Context context, Intent intent, UserHandle newUser) {
722     }
723
724     /**
725      * Called when a user or profile is removed.
726      *
727      * <p>This callback is only applicable to device owners.
728      *
729      * @param context The running context as per {@link #onReceive}.
730      * @param intent The received intent as per {@link #onReceive}.
731      * @param removedUser The {@link UserHandle} of the user that has just been removed.
732      */
733     public void onUserRemoved(Context context, Intent intent, UserHandle removedUser) {
734     }
735
736    /**
737     * Intercept standard device administrator broadcasts.  Implementations
738     * should not override this method; it is better to implement the
739     * convenience callbacks for each action.
740     */
741    @Override
742    public void onReceive(Context context, Intent intent) {
743        String action = intent.getAction();
744
745        if (ACTION_PASSWORD_CHANGED.equals(action)) {
746            onPasswordChanged(context, intent);
747        } else if (ACTION_PASSWORD_FAILED.equals(action)) {
748            onPasswordFailed(context, intent);
749        } else if (ACTION_PASSWORD_SUCCEEDED.equals(action)) {
750            onPasswordSucceeded(context, intent);
751        } else if (ACTION_DEVICE_ADMIN_ENABLED.equals(action)) {
752            onEnabled(context, intent);
753        } else if (ACTION_DEVICE_ADMIN_DISABLE_REQUESTED.equals(action)) {
754            CharSequence res = onDisableRequested(context, intent);
755            if (res != null) {
756                Bundle extras = getResultExtras(true);
757                extras.putCharSequence(EXTRA_DISABLE_WARNING, res);
758            }
759        } else if (ACTION_DEVICE_ADMIN_DISABLED.equals(action)) {
760            onDisabled(context, intent);
761        } else if (ACTION_PASSWORD_EXPIRING.equals(action)) {
762            onPasswordExpiring(context, intent);
763        } else if (ACTION_PROFILE_PROVISIONING_COMPLETE.equals(action)) {
764            onProfileProvisioningComplete(context, intent);
765        } else if (ACTION_CHOOSE_PRIVATE_KEY_ALIAS.equals(action)) {
766            int uid = intent.getIntExtra(EXTRA_CHOOSE_PRIVATE_KEY_SENDER_UID, -1);
767            Uri uri = intent.getParcelableExtra(EXTRA_CHOOSE_PRIVATE_KEY_URI);
768            String alias = intent.getStringExtra(EXTRA_CHOOSE_PRIVATE_KEY_ALIAS);
769            String chosenAlias = onChoosePrivateKeyAlias(context, intent, uid, uri, alias);
770            setResultData(chosenAlias);
771        } else if (ACTION_LOCK_TASK_ENTERING.equals(action)) {
772            String pkg = intent.getStringExtra(EXTRA_LOCK_TASK_PACKAGE);
773            onLockTaskModeEntering(context, intent, pkg);
774        } else if (ACTION_LOCK_TASK_EXITING.equals(action)) {
775            onLockTaskModeExiting(context, intent);
776        } else if (ACTION_NOTIFY_PENDING_SYSTEM_UPDATE.equals(action)) {
777            long receivedTime = intent.getLongExtra(EXTRA_SYSTEM_UPDATE_RECEIVED_TIME, -1);
778            onSystemUpdatePending(context, intent, receivedTime);
779        } else if (ACTION_BUGREPORT_SHARING_DECLINED.equals(action)) {
780            onBugreportSharingDeclined(context, intent);
781        } else if (ACTION_BUGREPORT_SHARE.equals(action)) {
782            String bugreportFileHash = intent.getStringExtra(EXTRA_BUGREPORT_HASH);
783            onBugreportShared(context, intent, bugreportFileHash);
784        } else if (ACTION_BUGREPORT_FAILED.equals(action)) {
785            int failureCode = intent.getIntExtra(EXTRA_BUGREPORT_FAILURE_REASON,
786                    BUGREPORT_FAILURE_FAILED_COMPLETING);
787            onBugreportFailed(context, intent, failureCode);
788        } else if (ACTION_SECURITY_LOGS_AVAILABLE.equals(action)) {
789            onSecurityLogsAvailable(context, intent);
790        } else if (ACTION_NETWORK_LOGS_AVAILABLE.equals(action)) {
791            long batchToken = intent.getLongExtra(EXTRA_NETWORK_LOGS_TOKEN, -1);
792            int networkLogsCount = intent.getIntExtra(EXTRA_NETWORK_LOGS_COUNT, 0);
793            onNetworkLogsAvailable(context, intent, batchToken, networkLogsCount);
794        } else if (ACTION_USER_ADDED.equals(action)) {
795            onUserAdded(context, intent, intent.getParcelableExtra(Intent.EXTRA_USER));
796        } else if (ACTION_USER_REMOVED.equals(action)) {
797            onUserRemoved(context, intent, intent.getParcelableExtra(Intent.EXTRA_USER));
798        }
799    }
800}
801