DeviceAdminReceiver.java revision e95c2817f753aa4572dca38cfa29d988d692b00e
1/* 2 * Copyright (C) 2010 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package android.app.admin; 18 19import android.accounts.AccountManager; 20import android.annotation.IntDef; 21import android.annotation.SdkConstant; 22import android.annotation.SdkConstant.SdkConstantType; 23import android.annotation.SystemApi; 24import android.app.Service; 25import android.content.BroadcastReceiver; 26import android.content.ComponentName; 27import android.content.Context; 28import android.content.Intent; 29import android.net.Uri; 30import android.os.Bundle; 31import android.os.UserHandle; 32import android.security.KeyChain; 33 34import java.lang.annotation.Retention; 35import java.lang.annotation.RetentionPolicy; 36 37/** 38 * Base class for implementing a device administration component. This 39 * class provides a convenience for interpreting the raw intent actions 40 * that are sent by the system. 41 * 42 * <p>The callback methods, like the base 43 * {@link BroadcastReceiver#onReceive(Context, Intent) BroadcastReceiver.onReceive()} 44 * method, happen on the main thread of the process. Thus long running 45 * operations must be done on another thread. Note that because a receiver 46 * is done once returning from its receive function, such long-running operations 47 * should probably be done in a {@link Service}. 48 * 49 * <p>When publishing your DeviceAdmin subclass as a receiver, it must 50 * handle {@link #ACTION_DEVICE_ADMIN_ENABLED} and require the 51 * {@link android.Manifest.permission#BIND_DEVICE_ADMIN} permission. A typical 52 * manifest entry would look like:</p> 53 * 54 * {@sample development/samples/ApiDemos/AndroidManifest.xml device_admin_declaration} 55 * 56 * <p>The meta-data referenced here provides addition information specific 57 * to the device administrator, as parsed by the {@link DeviceAdminInfo} class. 58 * A typical file would be:</p> 59 * 60 * {@sample development/samples/ApiDemos/res/xml/device_admin_sample.xml meta_data} 61 * 62 * <div class="special reference"> 63 * <h3>Developer Guides</h3> 64 * <p>For more information about device administration, read the 65 * <a href="{@docRoot}guide/topics/admin/device-admin.html">Device Administration</a> 66 * developer guide.</p> 67 * </div> 68 */ 69public class DeviceAdminReceiver extends BroadcastReceiver { 70 private static String TAG = "DevicePolicy"; 71 private static boolean localLOGV = false; 72 73 /** 74 * This is the primary action that a device administrator must implement to be 75 * allowed to manage a device. This will be set to the receiver 76 * when the user enables it for administration. You will generally 77 * handle this in {@link DeviceAdminReceiver#onEnabled(Context, Intent)}. To be 78 * supported, the receiver must also require the 79 * {@link android.Manifest.permission#BIND_DEVICE_ADMIN} permission so 80 * that other applications can not abuse it. 81 */ 82 @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) 83 public static final String ACTION_DEVICE_ADMIN_ENABLED 84 = "android.app.action.DEVICE_ADMIN_ENABLED"; 85 86 /** 87 * Action sent to a device administrator when the user has requested to 88 * disable it, but before this has actually been done. This gives you 89 * a chance to supply a message to the user about the impact of 90 * disabling your admin, by setting the extra field 91 * {@link #EXTRA_DISABLE_WARNING} in the result Intent. If not set, 92 * no warning will be displayed. If set, the given text will be shown 93 * to the user before they disable your admin. 94 */ 95 @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) 96 public static final String ACTION_DEVICE_ADMIN_DISABLE_REQUESTED 97 = "android.app.action.DEVICE_ADMIN_DISABLE_REQUESTED"; 98 99 /** 100 * A CharSequence that can be shown to the user informing them of the 101 * impact of disabling your admin. 102 * 103 * @see #ACTION_DEVICE_ADMIN_DISABLE_REQUESTED 104 */ 105 public static final String EXTRA_DISABLE_WARNING = "android.app.extra.DISABLE_WARNING"; 106 107 /** 108 * Action sent to a device administrator when the user has disabled 109 * it. Upon return, the application no longer has access to the 110 * protected device policy manager APIs. You will generally 111 * handle this in {@link DeviceAdminReceiver#onDisabled(Context, Intent)}. Note 112 * that this action will be 113 * sent the receiver regardless of whether it is explicitly listed in 114 * its intent filter. 115 */ 116 @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) 117 public static final String ACTION_DEVICE_ADMIN_DISABLED 118 = "android.app.action.DEVICE_ADMIN_DISABLED"; 119 120 /** 121 * Action sent to a device administrator when the user has changed the password of their device 122 * or profile challenge. You can at this point check the characteristics 123 * of the new password with {@link DevicePolicyManager#isActivePasswordSufficient() 124 * DevicePolicyManager.isActivePasswordSufficient()}. 125 * You will generally 126 * handle this in {@link DeviceAdminReceiver#onPasswordChanged}. 127 * 128 * <p>The calling device admin must have requested 129 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to receive 130 * this broadcast. 131 */ 132 @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) 133 public static final String ACTION_PASSWORD_CHANGED 134 = "android.app.action.ACTION_PASSWORD_CHANGED"; 135 136 /** 137 * Action sent to a device administrator when the user has entered an incorrect device 138 * or profile challenge password. You can at this point check the 139 * number of failed password attempts there have been with 140 * {@link DevicePolicyManager#getCurrentFailedPasswordAttempts 141 * DevicePolicyManager.getCurrentFailedPasswordAttempts()}. You will generally 142 * handle this in {@link DeviceAdminReceiver#onPasswordFailed}. 143 * 144 * <p>The calling device admin must have requested 145 * {@link DeviceAdminInfo#USES_POLICY_WATCH_LOGIN} to receive 146 * this broadcast. 147 */ 148 @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) 149 public static final String ACTION_PASSWORD_FAILED 150 = "android.app.action.ACTION_PASSWORD_FAILED"; 151 152 /** 153 * Action sent to a device administrator when the user has successfully entered their device 154 * or profile challenge password, after failing one or more times. You will generally 155 * handle this in {@link DeviceAdminReceiver#onPasswordSucceeded}. 156 * 157 * <p>The calling device admin must have requested 158 * {@link DeviceAdminInfo#USES_POLICY_WATCH_LOGIN} to receive 159 * this broadcast. 160 */ 161 @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) 162 public static final String ACTION_PASSWORD_SUCCEEDED 163 = "android.app.action.ACTION_PASSWORD_SUCCEEDED"; 164 165 /** 166 * Action periodically sent to a device administrator when the device or profile challenge 167 * password is expiring. You will generally 168 * handle this in {@link DeviceAdminReceiver#onPasswordExpiring}. 169 * 170 * <p>The calling device admin must have requested 171 * {@link DeviceAdminInfo#USES_POLICY_EXPIRE_PASSWORD} to receive 172 * this broadcast. 173 */ 174 @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) 175 public static final String ACTION_PASSWORD_EXPIRING 176 = "android.app.action.ACTION_PASSWORD_EXPIRING"; 177 178 /** 179 * Action sent to a device administrator to notify that the device is entering 180 * lock task mode. The extra {@link #EXTRA_LOCK_TASK_PACKAGE} 181 * will describe the package using lock task mode. 182 * 183 * <p>The calling device admin must be the device owner or profile 184 * owner to receive this broadcast. 185 * 186 * @see DevicePolicyManager#isLockTaskPermitted(String) 187 */ 188 @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) 189 public static final String ACTION_LOCK_TASK_ENTERING 190 = "android.app.action.LOCK_TASK_ENTERING"; 191 192 /** 193 * Action sent to a device administrator to notify that the device is exiting 194 * lock task mode. 195 * 196 * <p>The calling device admin must be the device owner or profile 197 * owner to receive this broadcast. 198 * 199 * @see DevicePolicyManager#isLockTaskPermitted(String) 200 */ 201 @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) 202 public static final String ACTION_LOCK_TASK_EXITING 203 = "android.app.action.LOCK_TASK_EXITING"; 204 205 /** 206 * A string containing the name of the package entering lock task mode. 207 * 208 * @see #ACTION_LOCK_TASK_ENTERING 209 */ 210 public static final String EXTRA_LOCK_TASK_PACKAGE = 211 "android.app.extra.LOCK_TASK_PACKAGE"; 212 213 /** 214 * Broadcast Action: This broadcast is sent to indicate that provisioning of a managed profile 215 * or managed device has completed successfully. 216 * 217 * <p>The broadcast is limited to the profile that will be managed by the application that 218 * requested provisioning. In the device owner case the profile is the primary user. 219 * The broadcast will also be limited to the {@link DeviceAdminReceiver} component 220 * specified in the original intent or NFC bump that started the provisioning process 221 * (see {@link DevicePolicyManager#ACTION_PROVISION_MANAGED_PROFILE 222 * DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE}). 223 * 224 * <p>A device admin application which listens to this intent can find out if the device was 225 * provisioned for the device owner or profile owner case by calling respectively 226 * {@link android.app.admin.DevicePolicyManager#isDeviceOwnerApp} and 227 * {@link android.app.admin.DevicePolicyManager#isProfileOwnerApp}. You will generally handle 228 * this in {@link DeviceAdminReceiver#onProfileProvisioningComplete}. 229 * 230 * <p>Input: Nothing.</p> 231 * <p>Output: Nothing</p> 232 */ 233 @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) 234 public static final String ACTION_PROFILE_PROVISIONING_COMPLETE = 235 "android.app.action.PROFILE_PROVISIONING_COMPLETE"; 236 237 /** 238 * Action sent to a device administrator to notify that the device user 239 * has declined sharing a bugreport. 240 * 241 * <p>The calling device admin must be the device owner to receive this broadcast. 242 * @see DevicePolicyManager#requestBugreport 243 * @hide 244 */ 245 @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) 246 public static final String ACTION_BUGREPORT_SHARING_DECLINED = 247 "android.app.action.BUGREPORT_SHARING_DECLINED"; 248 249 /** 250 * Action sent to a device administrator to notify that the collection of a bugreport 251 * has failed. 252 * 253 * <p>The calling device admin must be the device owner to receive this broadcast. 254 * @see DevicePolicyManager#requestBugreport 255 * @hide 256 */ 257 @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) 258 public static final String ACTION_BUGREPORT_FAILED = "android.app.action.BUGREPORT_FAILED"; 259 260 /** 261 * Action sent to a device administrator to share the bugreport. 262 * 263 * <p>The calling device admin must be the device owner to receive this broadcast. 264 * @see DevicePolicyManager#requestBugreport 265 * @hide 266 */ 267 @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) 268 public static final String ACTION_BUGREPORT_SHARE = 269 "android.app.action.BUGREPORT_SHARE"; 270 271 /** 272 * Broadcast action: notify that a new batch of security logs is ready to be collected. 273 * @hide 274 */ 275 @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) 276 public static final String ACTION_SECURITY_LOGS_AVAILABLE 277 = "android.app.action.SECURITY_LOGS_AVAILABLE"; 278 279 /** 280 * Broadcast action: notify that a new batch of network logs is ready to be collected. 281 * @see DeviceAdminReceiver#onNetworkLogsAvailable 282 * @hide 283 */ 284 @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) 285 public static final String ACTION_NETWORK_LOGS_AVAILABLE 286 = "android.app.action.NETWORK_LOGS_AVAILABLE"; 287 288 /** 289 * A {@code long} containing a token of the current batch of network logs, that has to be used 290 * to retrieve the batch of logs by the device owner. 291 * 292 * @see #ACTION_NETWORK_LOGS_AVAILABLE 293 * @see DevicePolicyManager#retrieveNetworkLogs 294 * @hide 295 */ 296 public static final String EXTRA_NETWORK_LOGS_TOKEN = 297 "android.app.extra.EXTRA_NETWORK_LOGS_TOKEN"; 298 299 /** 300 * An {@code int} count representing a total count of network logs inside the current batch of 301 * network logs. 302 * 303 * @see #ACTION_NETWORK_LOGS_AVAILABLE 304 * @hide 305 */ 306 public static final String EXTRA_NETWORK_LOGS_COUNT = 307 "android.app.extra.EXTRA_NETWORK_LOGS_COUNT"; 308 309 /** 310 * Broadcast action: notify the device owner that a user or profile has been added. 311 * Carries an extra {@link Intent#EXTRA_USER} that has the {@link UserHandle} of 312 * the new user. 313 * @hide 314 */ 315 @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) 316 public static final String ACTION_USER_ADDED = "android.app.action.USER_ADDED"; 317 318 /** 319 * Broadcast action: notify the device owner that a user or profile has been removed. 320 * Carries an extra {@link Intent#EXTRA_USER} that has the {@link UserHandle} of 321 * the new user. 322 * @hide 323 */ 324 @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) 325 public static final String ACTION_USER_REMOVED = "android.app.action.USER_REMOVED"; 326 327 /** 328 * A string containing the SHA-256 hash of the bugreport file. 329 * 330 * @see #ACTION_BUGREPORT_SHARE 331 * @hide 332 */ 333 public static final String EXTRA_BUGREPORT_HASH = "android.app.extra.BUGREPORT_HASH"; 334 335 /** 336 * An {@code int} failure code representing the reason of the bugreport failure. One of 337 * {@link #BUGREPORT_FAILURE_FAILED_COMPLETING} 338 * or {@link #BUGREPORT_FAILURE_FILE_NO_LONGER_AVAILABLE} 339 * 340 * @see #ACTION_BUGREPORT_FAILED 341 * @hide 342 */ 343 public static final String EXTRA_BUGREPORT_FAILURE_REASON = 344 "android.app.extra.BUGREPORT_FAILURE_REASON"; 345 346 /** 347 * An interface representing reason of bugreport failure. 348 * 349 * @see #EXTRA_BUGREPORT_FAILURE_REASON 350 * @hide 351 */ 352 @Retention(RetentionPolicy.SOURCE) 353 @IntDef({ 354 BUGREPORT_FAILURE_FAILED_COMPLETING, 355 BUGREPORT_FAILURE_FILE_NO_LONGER_AVAILABLE 356 }) 357 public @interface BugreportFailureCode {} 358 359 /** 360 * Bugreport completion process failed. 361 * 362 * <p>If this error code is received, the requesting of bugreport can be retried. 363 * @see DevicePolicyManager#requestBugreport 364 */ 365 public static final int BUGREPORT_FAILURE_FAILED_COMPLETING = 0; 366 367 /** 368 * Bugreport has been created, but is no longer available for collection. 369 * 370 * <p>This error likely occurs because the user of the device hasn't consented to share 371 * the bugreport for a long period after its creation. 372 * 373 * <p>If this error code is received, the requesting of bugreport can be retried. 374 * @see DevicePolicyManager#requestBugreport 375 */ 376 public static final int BUGREPORT_FAILURE_FILE_NO_LONGER_AVAILABLE = 1; 377 378 /** @hide */ 379 public static final String ACTION_CHOOSE_PRIVATE_KEY_ALIAS = 380 "android.app.action.CHOOSE_PRIVATE_KEY_ALIAS"; 381 382 /** @hide */ 383 public static final String EXTRA_CHOOSE_PRIVATE_KEY_SENDER_UID = 384 "android.app.extra.CHOOSE_PRIVATE_KEY_SENDER_UID"; 385 386 /** @hide */ 387 public static final String EXTRA_CHOOSE_PRIVATE_KEY_URI = 388 "android.app.extra.CHOOSE_PRIVATE_KEY_URI"; 389 390 /** @hide */ 391 public static final String EXTRA_CHOOSE_PRIVATE_KEY_ALIAS = 392 "android.app.extra.CHOOSE_PRIVATE_KEY_ALIAS"; 393 394 /** @hide */ 395 public static final String EXTRA_CHOOSE_PRIVATE_KEY_RESPONSE = 396 "android.app.extra.CHOOSE_PRIVATE_KEY_RESPONSE"; 397 398 /** 399 * Broadcast action: notify device owner that there is a pending system update. 400 * @hide 401 */ 402 @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) 403 public static final String ACTION_NOTIFY_PENDING_SYSTEM_UPDATE = 404 "android.app.action.NOTIFY_PENDING_SYSTEM_UPDATE"; 405 406 /** 407 * A long type extra for {@link #onSystemUpdatePending} recording the system time as given by 408 * {@link System#currentTimeMillis()} when the current pending system update is first available. 409 * @hide 410 */ 411 public static final String EXTRA_SYSTEM_UPDATE_RECEIVED_TIME = 412 "android.app.extra.SYSTEM_UPDATE_RECEIVED_TIME"; 413 414 /** 415 * Name under which a DevicePolicy component publishes information 416 * about itself. This meta-data must reference an XML resource containing 417 * a device-admin tag. 418 */ 419 // TO DO: describe syntax. 420 public static final String DEVICE_ADMIN_META_DATA = "android.app.device_admin"; 421 422 private DevicePolicyManager mManager; 423 private ComponentName mWho; 424 425 /** 426 * Retrieve the DevicePolicyManager interface for this administrator to work 427 * with the system. 428 */ 429 public DevicePolicyManager getManager(Context context) { 430 if (mManager != null) { 431 return mManager; 432 } 433 mManager = (DevicePolicyManager)context.getSystemService( 434 Context.DEVICE_POLICY_SERVICE); 435 return mManager; 436 } 437 438 /** 439 * Retrieve the ComponentName describing who this device administrator is, for 440 * use in {@link DevicePolicyManager} APIs that require the administrator to 441 * identify itself. 442 */ 443 public ComponentName getWho(Context context) { 444 if (mWho != null) { 445 return mWho; 446 } 447 mWho = new ComponentName(context, getClass()); 448 return mWho; 449 } 450 451 /** 452 * Called after the administrator is first enabled, as a result of 453 * receiving {@link #ACTION_DEVICE_ADMIN_ENABLED}. At this point you 454 * can use {@link DevicePolicyManager} to set your desired policies. 455 * 456 * <p> If the admin is activated by a device owner, then the intent 457 * may contain private extras that are relevant to user setup. 458 * {@see DevicePolicyManager#createAndManageUser(ComponentName, String, ComponentName, 459 * PersistableBundle, int)} 460 * 461 * @param context The running context as per {@link #onReceive}. 462 * @param intent The received intent as per {@link #onReceive}. 463 */ 464 public void onEnabled(Context context, Intent intent) { 465 } 466 467 /** 468 * Called when the user has asked to disable the administrator, as a result of 469 * receiving {@link #ACTION_DEVICE_ADMIN_DISABLE_REQUESTED}, giving you 470 * a chance to present a warning message to them. The message is returned 471 * as the result; if null is returned (the default implementation), no 472 * message will be displayed. 473 * @param context The running context as per {@link #onReceive}. 474 * @param intent The received intent as per {@link #onReceive}. 475 * @return Return the warning message to display to the user before 476 * being disabled; if null is returned, no message is displayed. 477 */ 478 public CharSequence onDisableRequested(Context context, Intent intent) { 479 return null; 480 } 481 482 /** 483 * Called prior to the administrator being disabled, as a result of 484 * receiving {@link #ACTION_DEVICE_ADMIN_DISABLED}. Upon return, you 485 * can no longer use the protected parts of the {@link DevicePolicyManager} 486 * API. 487 * @param context The running context as per {@link #onReceive}. 488 * @param intent The received intent as per {@link #onReceive}. 489 */ 490 public void onDisabled(Context context, Intent intent) { 491 } 492 493 /** 494 * Called after the user has changed their device or profile challenge password, as a result of 495 * receiving {@link #ACTION_PASSWORD_CHANGED}. At this point you 496 * can use {@link DevicePolicyManager#getPasswordQuality(android.content.ComponentName)} 497 * to retrieve the active password characteristics. 498 * @param context The running context as per {@link #onReceive}. 499 * @param intent The received intent as per {@link #onReceive}. 500 */ 501 public void onPasswordChanged(Context context, Intent intent) { 502 } 503 504 /** 505 * Called after the user has failed at entering their device or profile challenge password, 506 * as a result of receiving {@link #ACTION_PASSWORD_FAILED}. At this point you can use 507 * {@link DevicePolicyManager#getCurrentFailedPasswordAttempts()} to retrieve the number of 508 * failed password attempts. 509 * @param context The running context as per {@link #onReceive}. 510 * @param intent The received intent as per {@link #onReceive}. 511 */ 512 public void onPasswordFailed(Context context, Intent intent) { 513 } 514 515 /** 516 * Called after the user has succeeded at entering their device or profile challenge password, 517 * as a result of receiving {@link #ACTION_PASSWORD_SUCCEEDED}. This will 518 * only be received the first time they succeed after having previously 519 * failed. 520 * @param context The running context as per {@link #onReceive}. 521 * @param intent The received intent as per {@link #onReceive}. 522 */ 523 public void onPasswordSucceeded(Context context, Intent intent) { 524 } 525 526 /** 527 * Called periodically when the device or profile challenge password is about to expire 528 * or has expired. It will typically be called at these times: on device boot, once per day 529 * before the password expires, and at the time when the password expires. 530 * 531 * <p>If the password is not updated by the user, this method will continue to be called 532 * once per day until the password is changed or the device admin disables password expiration. 533 * 534 * <p>The admin will typically post a notification requesting the user to change their password 535 * in response to this call. The actual password expiration time can be obtained by calling 536 * {@link DevicePolicyManager#getPasswordExpiration(ComponentName) } 537 * 538 * <p>The admin should be sure to take down any notifications it posted in response to this call 539 * when it receives {@link DeviceAdminReceiver#onPasswordChanged(Context, Intent) }. 540 * 541 * @param context The running context as per {@link #onReceive}. 542 * @param intent The received intent as per {@link #onReceive}. 543 */ 544 public void onPasswordExpiring(Context context, Intent intent) { 545 } 546 547 /** 548 * Called when provisioning of a managed profile or managed device has completed successfully. 549 * 550 * <p> As a prerequisite for the execution of this callback the {@link DeviceAdminReceiver} has 551 * to declare an intent filter for {@link #ACTION_PROFILE_PROVISIONING_COMPLETE}. 552 * Its component must also be specified in the {@link DevicePolicyManager#EXTRA_DEVICE_ADMIN} 553 * of the {@link DevicePolicyManager#ACTION_PROVISION_MANAGED_PROFILE} intent that started the 554 * managed provisioning. 555 * 556 * <p>When provisioning of a managed profile is complete, the managed profile is hidden until 557 * the profile owner calls {DevicePolicyManager#setProfileEnabled(ComponentName admin)}. 558 * Typically a profile owner will enable the profile when it has finished any additional setup 559 * such as adding an account by using the {@link AccountManager} and calling apis to bring the 560 * profile into the desired state. 561 * 562 * <p> Note that provisioning completes without waiting for any server interactions, so the 563 * profile owner needs to wait for data to be available if required (e.g. android device ids or 564 * other data that is set as a result of server interactions). 565 * 566 * @param context The running context as per {@link #onReceive}. 567 * @param intent The received intent as per {@link #onReceive}. 568 */ 569 public void onProfileProvisioningComplete(Context context, Intent intent) { 570 } 571 572 /** 573 * Called during provisioning of a managed device to allow the device initializer to perform 574 * user setup steps. 575 * 576 * @param context The running context as per {@link #onReceive}. 577 * @param intent The received intent as per {@link #onReceive}. 578 * @deprecated Do not use 579 */ 580 @Deprecated 581 @SystemApi 582 public void onReadyForUserInitialization(Context context, Intent intent) { 583 } 584 585 /** 586 * Called when a device is entering lock task mode. 587 * 588 * @param context The running context as per {@link #onReceive}. 589 * @param intent The received intent as per {@link #onReceive}. 590 * @param pkg If entering, the authorized package using lock task mode, otherwise null. 591 */ 592 public void onLockTaskModeEntering(Context context, Intent intent, String pkg) { 593 } 594 595 /** 596 * Called when a device is exiting lock task mode. 597 * 598 * @param context The running context as per {@link #onReceive}. 599 * @param intent The received intent as per {@link #onReceive}. 600 */ 601 public void onLockTaskModeExiting(Context context, Intent intent) { 602 } 603 604 /** 605 * Allows this receiver to select the alias for a private key and certificate pair for 606 * authentication. If this method returns null, the default {@link android.app.Activity} will be 607 * shown that lets the user pick a private key and certificate pair. 608 * 609 * @param context The running context as per {@link #onReceive}. 610 * @param intent The received intent as per {@link #onReceive}. 611 * @param uid The uid asking for the private key and certificate pair. 612 * @param uri The URI to authenticate, may be null. 613 * @param alias The alias preselected by the client, or null. 614 * @return The private key alias to return and grant access to. 615 * @see KeyChain#choosePrivateKeyAlias 616 */ 617 public String onChoosePrivateKeyAlias(Context context, Intent intent, int uid, Uri uri, 618 String alias) { 619 return null; 620 } 621 622 /** 623 * Allows the receiver to be notified when information about a pending system update is 624 * available from the system update service. The same pending system update can trigger multiple 625 * calls to this method, so it is necessary to examine the incoming parameters for details about 626 * the update. 627 * <p> 628 * This callback is only applicable to device owners. 629 * 630 * @param context The running context as per {@link #onReceive}. 631 * @param intent The received intent as per {@link #onReceive}. 632 * @param receivedTime The time as given by {@link System#currentTimeMillis()} indicating when 633 * the current pending update was first available. -1 if no pending update is available. 634 */ 635 public void onSystemUpdatePending(Context context, Intent intent, long receivedTime) { 636 } 637 638 /** 639 * Called when sharing a bugreport has been cancelled by the user of the device. 640 * 641 * <p>This callback is only applicable to device owners. 642 * 643 * @param context The running context as per {@link #onReceive}. 644 * @param intent The received intent as per {@link #onReceive}. 645 * @see DevicePolicyManager#requestBugreport 646 */ 647 public void onBugreportSharingDeclined(Context context, Intent intent) { 648 } 649 650 /** 651 * Called when the bugreport has been shared with the device administrator app. 652 * 653 * <p>This callback is only applicable to device owners. 654 * 655 * @param context The running context as per {@link #onReceive}. 656 * @param intent The received intent as per {@link #onReceive}. Contains the URI of 657 * the bugreport file (with MIME type "application/vnd.android.bugreport"), that can be accessed 658 * by calling {@link Intent#getData()} 659 * @param bugreportHash SHA-256 hash of the bugreport file. 660 * @see DevicePolicyManager#requestBugreport 661 */ 662 public void onBugreportShared(Context context, Intent intent, String bugreportHash) { 663 } 664 665 /** 666 * Called when the bugreport collection flow has failed. 667 * 668 * <p>This callback is only applicable to device owners. 669 * 670 * @param context The running context as per {@link #onReceive}. 671 * @param intent The received intent as per {@link #onReceive}. 672 * @param failureCode int containing failure code. One of 673 * {@link #BUGREPORT_FAILURE_FAILED_COMPLETING} 674 * or {@link #BUGREPORT_FAILURE_FILE_NO_LONGER_AVAILABLE} 675 * @see DevicePolicyManager#requestBugreport 676 */ 677 public void onBugreportFailed(Context context, Intent intent, 678 @BugreportFailureCode int failureCode) { 679 } 680 681 /** 682 * Called when a new batch of security logs can be retrieved. 683 * 684 * <p>This callback is only applicable to device owners. 685 * 686 * @param context The running context as per {@link #onReceive}. 687 * @param intent The received intent as per {@link #onReceive}. 688 * @see DevicePolicyManager#retrieveSecurityLogs(ComponentName) 689 */ 690 public void onSecurityLogsAvailable(Context context, Intent intent) { 691 } 692 693 /** 694 * Called each time a new batch of network logs can be retrieved. This callback method will only 695 * ever be called when network logging is enabled. The logs can only be retrieved while network 696 * logging is enabled. 697 * 698 * <p>This callback is only applicable to device owners. 699 * 700 * @param context The running context as per {@link #onReceive}. 701 * @param intent The received intent as per {@link #onReceive}. 702 * @param batchToken The token representing the current batch of network logs. 703 * @param networkLogsCount The total count of events in the current batch of network logs. 704 * @see DevicePolicyManager#retrieveNetworkLogs(ComponentName) 705 * 706 * @hide 707 */ 708 public void onNetworkLogsAvailable(Context context, Intent intent, long batchToken, 709 int networkLogsCount) { 710 } 711 712 /** 713 * Called when a user or profile is created. 714 * 715 * <p>This callback is only applicable to device owners. 716 * 717 * @param context The running context as per {@link #onReceive}. 718 * @param intent The received intent as per {@link #onReceive}. 719 * @param newUser The {@link UserHandle} of the user that has just been added. 720 */ 721 public void onUserAdded(Context context, Intent intent, UserHandle newUser) { 722 } 723 724 /** 725 * Called when a user or profile is removed. 726 * 727 * <p>This callback is only applicable to device owners. 728 * 729 * @param context The running context as per {@link #onReceive}. 730 * @param intent The received intent as per {@link #onReceive}. 731 * @param removedUser The {@link UserHandle} of the user that has just been removed. 732 */ 733 public void onUserRemoved(Context context, Intent intent, UserHandle removedUser) { 734 } 735 736 /** 737 * Intercept standard device administrator broadcasts. Implementations 738 * should not override this method; it is better to implement the 739 * convenience callbacks for each action. 740 */ 741 @Override 742 public void onReceive(Context context, Intent intent) { 743 String action = intent.getAction(); 744 745 if (ACTION_PASSWORD_CHANGED.equals(action)) { 746 onPasswordChanged(context, intent); 747 } else if (ACTION_PASSWORD_FAILED.equals(action)) { 748 onPasswordFailed(context, intent); 749 } else if (ACTION_PASSWORD_SUCCEEDED.equals(action)) { 750 onPasswordSucceeded(context, intent); 751 } else if (ACTION_DEVICE_ADMIN_ENABLED.equals(action)) { 752 onEnabled(context, intent); 753 } else if (ACTION_DEVICE_ADMIN_DISABLE_REQUESTED.equals(action)) { 754 CharSequence res = onDisableRequested(context, intent); 755 if (res != null) { 756 Bundle extras = getResultExtras(true); 757 extras.putCharSequence(EXTRA_DISABLE_WARNING, res); 758 } 759 } else if (ACTION_DEVICE_ADMIN_DISABLED.equals(action)) { 760 onDisabled(context, intent); 761 } else if (ACTION_PASSWORD_EXPIRING.equals(action)) { 762 onPasswordExpiring(context, intent); 763 } else if (ACTION_PROFILE_PROVISIONING_COMPLETE.equals(action)) { 764 onProfileProvisioningComplete(context, intent); 765 } else if (ACTION_CHOOSE_PRIVATE_KEY_ALIAS.equals(action)) { 766 int uid = intent.getIntExtra(EXTRA_CHOOSE_PRIVATE_KEY_SENDER_UID, -1); 767 Uri uri = intent.getParcelableExtra(EXTRA_CHOOSE_PRIVATE_KEY_URI); 768 String alias = intent.getStringExtra(EXTRA_CHOOSE_PRIVATE_KEY_ALIAS); 769 String chosenAlias = onChoosePrivateKeyAlias(context, intent, uid, uri, alias); 770 setResultData(chosenAlias); 771 } else if (ACTION_LOCK_TASK_ENTERING.equals(action)) { 772 String pkg = intent.getStringExtra(EXTRA_LOCK_TASK_PACKAGE); 773 onLockTaskModeEntering(context, intent, pkg); 774 } else if (ACTION_LOCK_TASK_EXITING.equals(action)) { 775 onLockTaskModeExiting(context, intent); 776 } else if (ACTION_NOTIFY_PENDING_SYSTEM_UPDATE.equals(action)) { 777 long receivedTime = intent.getLongExtra(EXTRA_SYSTEM_UPDATE_RECEIVED_TIME, -1); 778 onSystemUpdatePending(context, intent, receivedTime); 779 } else if (ACTION_BUGREPORT_SHARING_DECLINED.equals(action)) { 780 onBugreportSharingDeclined(context, intent); 781 } else if (ACTION_BUGREPORT_SHARE.equals(action)) { 782 String bugreportFileHash = intent.getStringExtra(EXTRA_BUGREPORT_HASH); 783 onBugreportShared(context, intent, bugreportFileHash); 784 } else if (ACTION_BUGREPORT_FAILED.equals(action)) { 785 int failureCode = intent.getIntExtra(EXTRA_BUGREPORT_FAILURE_REASON, 786 BUGREPORT_FAILURE_FAILED_COMPLETING); 787 onBugreportFailed(context, intent, failureCode); 788 } else if (ACTION_SECURITY_LOGS_AVAILABLE.equals(action)) { 789 onSecurityLogsAvailable(context, intent); 790 } else if (ACTION_NETWORK_LOGS_AVAILABLE.equals(action)) { 791 long batchToken = intent.getLongExtra(EXTRA_NETWORK_LOGS_TOKEN, -1); 792 int networkLogsCount = intent.getIntExtra(EXTRA_NETWORK_LOGS_COUNT, 0); 793 onNetworkLogsAvailable(context, intent, batchToken, networkLogsCount); 794 } else if (ACTION_USER_ADDED.equals(action)) { 795 onUserAdded(context, intent, intent.getParcelableExtra(Intent.EXTRA_USER)); 796 } else if (ACTION_USER_REMOVED.equals(action)) { 797 onUserRemoved(context, intent, intent.getParcelableExtra(Intent.EXTRA_USER)); 798 } 799 } 800} 801