1 /* 2 * Copyright (C) 2010 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.app.admin; 18 19 import android.accounts.AccountManager; 20 import android.annotation.IntDef; 21 import android.annotation.SdkConstant; 22 import android.annotation.SdkConstant.SdkConstantType; 23 import android.annotation.SystemApi; 24 import android.app.Service; 25 import android.content.BroadcastReceiver; 26 import android.content.ComponentName; 27 import android.content.Context; 28 import android.content.Intent; 29 import android.net.Uri; 30 import android.os.Bundle; 31 import android.security.KeyChain; 32 33 import java.lang.annotation.Retention; 34 import java.lang.annotation.RetentionPolicy; 35 36 /** 37 * Base class for implementing a device administration component. This 38 * class provides a convenience for interpreting the raw intent actions 39 * that are sent by the system. 40 * 41 * <p>The callback methods, like the base 42 * {@link BroadcastReceiver#onReceive(Context, Intent) BroadcastReceiver.onReceive()} 43 * method, happen on the main thread of the process. Thus long running 44 * operations must be done on another thread. Note that because a receiver 45 * is done once returning from its receive function, such long-running operations 46 * should probably be done in a {@link Service}. 47 * 48 * <p>When publishing your DeviceAdmin subclass as a receiver, it must 49 * handle {@link #ACTION_DEVICE_ADMIN_ENABLED} and require the 50 * {@link android.Manifest.permission#BIND_DEVICE_ADMIN} permission. A typical 51 * manifest entry would look like:</p> 52 * 53 * {@sample development/samples/ApiDemos/AndroidManifest.xml device_admin_declaration} 54 * 55 * <p>The meta-data referenced here provides addition information specific 56 * to the device administrator, as parsed by the {@link DeviceAdminInfo} class. 57 * A typical file would be:</p> 58 * 59 * {@sample development/samples/ApiDemos/res/xml/device_admin_sample.xml meta_data} 60 * 61 * <div class="special reference"> 62 * <h3>Developer Guides</h3> 63 * <p>For more information about device administration, read the 64 * <a href="{@docRoot}guide/topics/admin/device-admin.html">Device Administration</a> 65 * developer guide.</p> 66 * </div> 67 */ 68 public class DeviceAdminReceiver extends BroadcastReceiver { 69 private static String TAG = "DevicePolicy"; 70 private static boolean localLOGV = false; 71 72 /** 73 * This is the primary action that a device administrator must implement to be 74 * allowed to manage a device. This will be set to the receiver 75 * when the user enables it for administration. You will generally 76 * handle this in {@link DeviceAdminReceiver#onEnabled(Context, Intent)}. To be 77 * supported, the receiver must also require the 78 * {@link android.Manifest.permission#BIND_DEVICE_ADMIN} permission so 79 * that other applications can not abuse it. 80 */ 81 @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) 82 public static final String ACTION_DEVICE_ADMIN_ENABLED 83 = "android.app.action.DEVICE_ADMIN_ENABLED"; 84 85 /** 86 * Action sent to a device administrator when the user has requested to 87 * disable it, but before this has actually been done. This gives you 88 * a chance to supply a message to the user about the impact of 89 * disabling your admin, by setting the extra field 90 * {@link #EXTRA_DISABLE_WARNING} in the result Intent. If not set, 91 * no warning will be displayed. If set, the given text will be shown 92 * to the user before they disable your admin. 93 */ 94 @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) 95 public static final String ACTION_DEVICE_ADMIN_DISABLE_REQUESTED 96 = "android.app.action.DEVICE_ADMIN_DISABLE_REQUESTED"; 97 98 /** 99 * A CharSequence that can be shown to the user informing them of the 100 * impact of disabling your admin. 101 * 102 * @see #ACTION_DEVICE_ADMIN_DISABLE_REQUESTED 103 */ 104 public static final String EXTRA_DISABLE_WARNING = "android.app.extra.DISABLE_WARNING"; 105 106 /** 107 * Action sent to a device administrator when the user has disabled 108 * it. Upon return, the application no longer has access to the 109 * protected device policy manager APIs. You will generally 110 * handle this in {@link DeviceAdminReceiver#onDisabled(Context, Intent)}. Note 111 * that this action will be 112 * sent the receiver regardless of whether it is explicitly listed in 113 * its intent filter. 114 */ 115 @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) 116 public static final String ACTION_DEVICE_ADMIN_DISABLED 117 = "android.app.action.DEVICE_ADMIN_DISABLED"; 118 119 /** 120 * Action sent to a device administrator when the user has changed the password of their device 121 * or profile challenge. You can at this point check the characteristics 122 * of the new password with {@link DevicePolicyManager#isActivePasswordSufficient() 123 * DevicePolicyManager.isActivePasswordSufficient()}. 124 * You will generally 125 * handle this in {@link DeviceAdminReceiver#onPasswordChanged}. 126 * 127 * <p>The calling device admin must have requested 128 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to receive 129 * this broadcast. 130 */ 131 @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) 132 public static final String ACTION_PASSWORD_CHANGED 133 = "android.app.action.ACTION_PASSWORD_CHANGED"; 134 135 /** 136 * Action sent to a device administrator when the user has entered an incorrect device 137 * or profile challenge password. You can at this point check the 138 * number of failed password attempts there have been with 139 * {@link DevicePolicyManager#getCurrentFailedPasswordAttempts 140 * DevicePolicyManager.getCurrentFailedPasswordAttempts()}. You will generally 141 * handle this in {@link DeviceAdminReceiver#onPasswordFailed}. 142 * 143 * <p>The calling device admin must have requested 144 * {@link DeviceAdminInfo#USES_POLICY_WATCH_LOGIN} to receive 145 * this broadcast. 146 */ 147 @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) 148 public static final String ACTION_PASSWORD_FAILED 149 = "android.app.action.ACTION_PASSWORD_FAILED"; 150 151 /** 152 * Action sent to a device administrator when the user has successfully entered their device 153 * or profile challenge password, after failing one or more times. You will generally 154 * handle this in {@link DeviceAdminReceiver#onPasswordSucceeded}. 155 * 156 * <p>The calling device admin must have requested 157 * {@link DeviceAdminInfo#USES_POLICY_WATCH_LOGIN} to receive 158 * this broadcast. 159 */ 160 @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) 161 public static final String ACTION_PASSWORD_SUCCEEDED 162 = "android.app.action.ACTION_PASSWORD_SUCCEEDED"; 163 164 /** 165 * Action periodically sent to a device administrator when the device or profile challenge 166 * password is expiring. You will generally 167 * handle this in {@link DeviceAdminReceiver#onPasswordExpiring}. 168 * 169 * <p>The calling device admin must have requested 170 * {@link DeviceAdminInfo#USES_POLICY_EXPIRE_PASSWORD} to receive 171 * this broadcast. 172 */ 173 @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) 174 public static final String ACTION_PASSWORD_EXPIRING 175 = "android.app.action.ACTION_PASSWORD_EXPIRING"; 176 177 /** 178 * Action sent to a device administrator to notify that the device is entering 179 * lock task mode. The extra {@link #EXTRA_LOCK_TASK_PACKAGE} 180 * will describe the package using lock task mode. 181 * 182 * <p>The calling device admin must be the device owner or profile 183 * owner to receive this broadcast. 184 * 185 * @see DevicePolicyManager#isLockTaskPermitted(String) 186 */ 187 @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) 188 public static final String ACTION_LOCK_TASK_ENTERING 189 = "android.app.action.LOCK_TASK_ENTERING"; 190 191 /** 192 * Action sent to a device administrator to notify that the device is exiting 193 * lock task mode. 194 * 195 * <p>The calling device admin must be the device owner or profile 196 * owner to receive this broadcast. 197 * 198 * @see DevicePolicyManager#isLockTaskPermitted(String) 199 */ 200 @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) 201 public static final String ACTION_LOCK_TASK_EXITING 202 = "android.app.action.LOCK_TASK_EXITING"; 203 204 /** 205 * A string containing the name of the package entering lock task mode. 206 * 207 * @see #ACTION_LOCK_TASK_ENTERING 208 */ 209 public static final String EXTRA_LOCK_TASK_PACKAGE = 210 "android.app.extra.LOCK_TASK_PACKAGE"; 211 212 /** 213 * Broadcast Action: This broadcast is sent to indicate that provisioning of a managed profile 214 * or managed device has completed successfully. 215 * 216 * <p>The broadcast is limited to the profile that will be managed by the application that 217 * requested provisioning. In the device owner case the profile is the primary user. 218 * The broadcast will also be limited to the {@link DeviceAdminReceiver} component 219 * specified in the original intent or NFC bump that started the provisioning process 220 * (see {@link DevicePolicyManager#ACTION_PROVISION_MANAGED_PROFILE 221 * DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE}). 222 * 223 * <p>A device admin application which listens to this intent can find out if the device was 224 * provisioned for the device owner or profile owner case by calling respectively 225 * {@link android.app.admin.DevicePolicyManager#isDeviceOwnerApp} and 226 * {@link android.app.admin.DevicePolicyManager#isProfileOwnerApp}. You will generally handle 227 * this in {@link DeviceAdminReceiver#onProfileProvisioningComplete}. 228 * 229 * <p>Input: Nothing.</p> 230 * <p>Output: Nothing</p> 231 */ 232 @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) 233 public static final String ACTION_PROFILE_PROVISIONING_COMPLETE = 234 "android.app.action.PROFILE_PROVISIONING_COMPLETE"; 235 236 /** 237 * Action sent to a device administrator to notify that the device user 238 * has declined sharing a bugreport. 239 * 240 * <p>The calling device admin must be the device owner to receive this broadcast. 241 * @see DevicePolicyManager#requestBugreport 242 * @hide 243 */ 244 @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) 245 public static final String ACTION_BUGREPORT_SHARING_DECLINED = 246 "android.app.action.BUGREPORT_SHARING_DECLINED"; 247 248 /** 249 * Action sent to a device administrator to notify that the collection of a bugreport 250 * has failed. 251 * 252 * <p>The calling device admin must be the device owner to receive this broadcast. 253 * @see DevicePolicyManager#requestBugreport 254 * @hide 255 */ 256 @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) 257 public static final String ACTION_BUGREPORT_FAILED = "android.app.action.BUGREPORT_FAILED"; 258 259 /** 260 * Action sent to a device administrator to share the bugreport. 261 * 262 * <p>The calling device admin must be the device owner to receive this broadcast. 263 * @see DevicePolicyManager#requestBugreport 264 * @hide 265 */ 266 @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) 267 public static final String ACTION_BUGREPORT_SHARE = 268 "android.app.action.BUGREPORT_SHARE"; 269 270 /** 271 * Broadcast action: notify that a new batch of security logs is ready to be collected. 272 * @hide 273 */ 274 @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) 275 public static final String ACTION_SECURITY_LOGS_AVAILABLE 276 = "android.app.action.SECURITY_LOGS_AVAILABLE"; 277 278 /** 279 * Broadcast action: notify that a new batch of network logs is ready to be collected. 280 * @see DeviceAdminReceiver#onNetworkLogsAvailable 281 * @hide 282 */ 283 @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) 284 public static final String ACTION_NETWORK_LOGS_AVAILABLE 285 = "android.app.action.NETWORK_LOGS_AVAILABLE"; 286 287 /** 288 * A {@code long} containing a token of the current batch of network logs, that has to be used 289 * to retrieve the batch of logs by the device owner. 290 * 291 * @see #ACTION_NETWORK_LOGS_AVAILABLE 292 * @see DevicePolicyManager#retrieveNetworkLogs 293 * @hide 294 */ 295 public static final String EXTRA_NETWORK_LOGS_TOKEN = 296 "android.app.extra.EXTRA_NETWORK_LOGS_TOKEN"; 297 298 /** 299 * An {@code int} count representing a total count of network logs inside the current batch of 300 * network logs. 301 * 302 * @see #ACTION_NETWORK_LOGS_AVAILABLE 303 * @hide 304 */ 305 public static final String EXTRA_NETWORK_LOGS_COUNT = 306 "android.app.extra.EXTRA_NETWORK_LOGS_COUNT"; 307 308 /** 309 * A string containing the SHA-256 hash of the bugreport file. 310 * 311 * @see #ACTION_BUGREPORT_SHARE 312 * @hide 313 */ 314 public static final String EXTRA_BUGREPORT_HASH = "android.app.extra.BUGREPORT_HASH"; 315 316 /** 317 * An {@code int} failure code representing the reason of the bugreport failure. One of 318 * {@link #BUGREPORT_FAILURE_FAILED_COMPLETING} 319 * or {@link #BUGREPORT_FAILURE_FILE_NO_LONGER_AVAILABLE} 320 * 321 * @see #ACTION_BUGREPORT_FAILED 322 * @hide 323 */ 324 public static final String EXTRA_BUGREPORT_FAILURE_REASON = 325 "android.app.extra.BUGREPORT_FAILURE_REASON"; 326 327 /** 328 * An interface representing reason of bugreport failure. 329 * 330 * @see #EXTRA_BUGREPORT_FAILURE_REASON 331 * @hide 332 */ 333 @Retention(RetentionPolicy.SOURCE) 334 @IntDef({ 335 BUGREPORT_FAILURE_FAILED_COMPLETING, 336 BUGREPORT_FAILURE_FILE_NO_LONGER_AVAILABLE 337 }) 338 public @interface BugreportFailureCode {} 339 340 /** 341 * Bugreport completion process failed. 342 * 343 * <p>If this error code is received, the requesting of bugreport can be retried. 344 * @see DevicePolicyManager#requestBugreport 345 */ 346 public static final int BUGREPORT_FAILURE_FAILED_COMPLETING = 0; 347 348 /** 349 * Bugreport has been created, but is no longer available for collection. 350 * 351 * <p>This error likely occurs because the user of the device hasn't consented to share 352 * the bugreport for a long period after its creation. 353 * 354 * <p>If this error code is received, the requesting of bugreport can be retried. 355 * @see DevicePolicyManager#requestBugreport 356 */ 357 public static final int BUGREPORT_FAILURE_FILE_NO_LONGER_AVAILABLE = 1; 358 359 /** @hide */ 360 public static final String ACTION_CHOOSE_PRIVATE_KEY_ALIAS = "android.app.action.CHOOSE_PRIVATE_KEY_ALIAS"; 361 362 /** @hide */ 363 public static final String EXTRA_CHOOSE_PRIVATE_KEY_SENDER_UID = "android.app.extra.CHOOSE_PRIVATE_KEY_SENDER_UID"; 364 365 /** @hide */ 366 public static final String EXTRA_CHOOSE_PRIVATE_KEY_URI = "android.app.extra.CHOOSE_PRIVATE_KEY_URI"; 367 368 /** @hide */ 369 public static final String EXTRA_CHOOSE_PRIVATE_KEY_ALIAS = "android.app.extra.CHOOSE_PRIVATE_KEY_ALIAS"; 370 371 /** @hide */ 372 public static final String EXTRA_CHOOSE_PRIVATE_KEY_RESPONSE = "android.app.extra.CHOOSE_PRIVATE_KEY_RESPONSE"; 373 374 /** 375 * Broadcast action: notify device owner that there is a pending system update. 376 * @hide 377 */ 378 @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) 379 public static final String ACTION_NOTIFY_PENDING_SYSTEM_UPDATE = "android.app.action.NOTIFY_PENDING_SYSTEM_UPDATE"; 380 381 /** 382 * A long type extra for {@link #onSystemUpdatePending} recording the system time as given by 383 * {@link System#currentTimeMillis()} when the current pending system update is first available. 384 * @hide 385 */ 386 public static final String EXTRA_SYSTEM_UPDATE_RECEIVED_TIME = "android.app.extra.SYSTEM_UPDATE_RECEIVED_TIME"; 387 388 /** 389 * Name under which a DevicePolicy component publishes information 390 * about itself. This meta-data must reference an XML resource containing 391 * a device-admin tag. 392 */ 393 // TO DO: describe syntax. 394 public static final String DEVICE_ADMIN_META_DATA = "android.app.device_admin"; 395 396 private DevicePolicyManager mManager; 397 private ComponentName mWho; 398 399 /** 400 * Retrieve the DevicePolicyManager interface for this administrator to work 401 * with the system. 402 */ getManager(Context context)403 public DevicePolicyManager getManager(Context context) { 404 if (mManager != null) { 405 return mManager; 406 } 407 mManager = (DevicePolicyManager)context.getSystemService( 408 Context.DEVICE_POLICY_SERVICE); 409 return mManager; 410 } 411 412 /** 413 * Retrieve the ComponentName describing who this device administrator is, for 414 * use in {@link DevicePolicyManager} APIs that require the administrator to 415 * identify itself. 416 */ getWho(Context context)417 public ComponentName getWho(Context context) { 418 if (mWho != null) { 419 return mWho; 420 } 421 mWho = new ComponentName(context, getClass()); 422 return mWho; 423 } 424 425 /** 426 * Called after the administrator is first enabled, as a result of 427 * receiving {@link #ACTION_DEVICE_ADMIN_ENABLED}. At this point you 428 * can use {@link DevicePolicyManager} to set your desired policies. 429 * 430 * <p> If the admin is activated by a device owner, then the intent 431 * may contain private extras that are relevant to user setup. 432 * {@see DevicePolicyManager#createAndManageUser(ComponentName, String, ComponentName, 433 * PersistableBundle, int)} 434 * 435 * @param context The running context as per {@link #onReceive}. 436 * @param intent The received intent as per {@link #onReceive}. 437 */ onEnabled(Context context, Intent intent)438 public void onEnabled(Context context, Intent intent) { 439 } 440 441 /** 442 * Called when the user has asked to disable the administrator, as a result of 443 * receiving {@link #ACTION_DEVICE_ADMIN_DISABLE_REQUESTED}, giving you 444 * a chance to present a warning message to them. The message is returned 445 * as the result; if null is returned (the default implementation), no 446 * message will be displayed. 447 * @param context The running context as per {@link #onReceive}. 448 * @param intent The received intent as per {@link #onReceive}. 449 * @return Return the warning message to display to the user before 450 * being disabled; if null is returned, no message is displayed. 451 */ onDisableRequested(Context context, Intent intent)452 public CharSequence onDisableRequested(Context context, Intent intent) { 453 return null; 454 } 455 456 /** 457 * Called prior to the administrator being disabled, as a result of 458 * receiving {@link #ACTION_DEVICE_ADMIN_DISABLED}. Upon return, you 459 * can no longer use the protected parts of the {@link DevicePolicyManager} 460 * API. 461 * @param context The running context as per {@link #onReceive}. 462 * @param intent The received intent as per {@link #onReceive}. 463 */ onDisabled(Context context, Intent intent)464 public void onDisabled(Context context, Intent intent) { 465 } 466 467 /** 468 * Called after the user has changed their device or profile challenge password, as a result of 469 * receiving {@link #ACTION_PASSWORD_CHANGED}. At this point you 470 * can use {@link DevicePolicyManager#getPasswordQuality(android.content.ComponentName)} 471 * to retrieve the active password characteristics. 472 * @param context The running context as per {@link #onReceive}. 473 * @param intent The received intent as per {@link #onReceive}. 474 */ onPasswordChanged(Context context, Intent intent)475 public void onPasswordChanged(Context context, Intent intent) { 476 } 477 478 /** 479 * Called after the user has failed at entering their device or profile challenge password, 480 * as a result of receiving {@link #ACTION_PASSWORD_FAILED}. At this point you can use 481 * {@link DevicePolicyManager#getCurrentFailedPasswordAttempts()} to retrieve the number of 482 * failed password attempts. 483 * @param context The running context as per {@link #onReceive}. 484 * @param intent The received intent as per {@link #onReceive}. 485 */ onPasswordFailed(Context context, Intent intent)486 public void onPasswordFailed(Context context, Intent intent) { 487 } 488 489 /** 490 * Called after the user has succeeded at entering their device or profile challenge password, 491 * as a result of receiving {@link #ACTION_PASSWORD_SUCCEEDED}. This will 492 * only be received the first time they succeed after having previously 493 * failed. 494 * @param context The running context as per {@link #onReceive}. 495 * @param intent The received intent as per {@link #onReceive}. 496 */ onPasswordSucceeded(Context context, Intent intent)497 public void onPasswordSucceeded(Context context, Intent intent) { 498 } 499 500 /** 501 * Called periodically when the device or profile challenge password is about to expire 502 * or has expired. It will typically be called at these times: on device boot, once per day 503 * before the password expires, and at the time when the password expires. 504 * 505 * <p>If the password is not updated by the user, this method will continue to be called 506 * once per day until the password is changed or the device admin disables password expiration. 507 * 508 * <p>The admin will typically post a notification requesting the user to change their password 509 * in response to this call. The actual password expiration time can be obtained by calling 510 * {@link DevicePolicyManager#getPasswordExpiration(ComponentName) } 511 * 512 * <p>The admin should be sure to take down any notifications it posted in response to this call 513 * when it receives {@link DeviceAdminReceiver#onPasswordChanged(Context, Intent) }. 514 * 515 * @param context The running context as per {@link #onReceive}. 516 * @param intent The received intent as per {@link #onReceive}. 517 */ onPasswordExpiring(Context context, Intent intent)518 public void onPasswordExpiring(Context context, Intent intent) { 519 } 520 521 /** 522 * Called when provisioning of a managed profile or managed device has completed successfully. 523 * 524 * <p> As a prerequisite for the execution of this callback the {@link DeviceAdminReceiver} has 525 * to declare an intent filter for {@link #ACTION_PROFILE_PROVISIONING_COMPLETE}. 526 * Its component must also be specified in the {@link DevicePolicyManager#EXTRA_DEVICE_ADMIN} 527 * of the {@link DevicePolicyManager#ACTION_PROVISION_MANAGED_PROFILE} intent that started the 528 * managed provisioning. 529 * 530 * <p>When provisioning of a managed profile is complete, the managed profile is hidden until 531 * the profile owner calls {DevicePolicyManager#setProfileEnabled(ComponentName admin)}. 532 * Typically a profile owner will enable the profile when it has finished any additional setup 533 * such as adding an account by using the {@link AccountManager} and calling apis to bring the 534 * profile into the desired state. 535 * 536 * <p> Note that provisioning completes without waiting for any server interactions, so the 537 * profile owner needs to wait for data to be available if required (e.g. android device ids or 538 * other data that is set as a result of server interactions). 539 * 540 * @param context The running context as per {@link #onReceive}. 541 * @param intent The received intent as per {@link #onReceive}. 542 */ onProfileProvisioningComplete(Context context, Intent intent)543 public void onProfileProvisioningComplete(Context context, Intent intent) { 544 } 545 546 /** 547 * Called during provisioning of a managed device to allow the device initializer to perform 548 * user setup steps. 549 * 550 * @param context The running context as per {@link #onReceive}. 551 * @param intent The received intent as per {@link #onReceive}. 552 * @deprecated Do not use 553 */ 554 @Deprecated 555 @SystemApi onReadyForUserInitialization(Context context, Intent intent)556 public void onReadyForUserInitialization(Context context, Intent intent) { 557 } 558 559 /** 560 * Called when a device is entering lock task mode. 561 * 562 * @param context The running context as per {@link #onReceive}. 563 * @param intent The received intent as per {@link #onReceive}. 564 * @param pkg If entering, the authorized package using lock task mode, otherwise null. 565 */ onLockTaskModeEntering(Context context, Intent intent, String pkg)566 public void onLockTaskModeEntering(Context context, Intent intent, String pkg) { 567 } 568 569 /** 570 * Called when a device is exiting lock task mode. 571 * 572 * @param context The running context as per {@link #onReceive}. 573 * @param intent The received intent as per {@link #onReceive}. 574 */ onLockTaskModeExiting(Context context, Intent intent)575 public void onLockTaskModeExiting(Context context, Intent intent) { 576 } 577 578 /** 579 * Allows this receiver to select the alias for a private key and certificate pair for 580 * authentication. If this method returns null, the default {@link android.app.Activity} will be 581 * shown that lets the user pick a private key and certificate pair. 582 * 583 * @param context The running context as per {@link #onReceive}. 584 * @param intent The received intent as per {@link #onReceive}. 585 * @param uid The uid asking for the private key and certificate pair. 586 * @param uri The URI to authenticate, may be null. 587 * @param alias The alias preselected by the client, or null. 588 * @return The private key alias to return and grant access to. 589 * @see KeyChain#choosePrivateKeyAlias 590 */ onChoosePrivateKeyAlias(Context context, Intent intent, int uid, Uri uri, String alias)591 public String onChoosePrivateKeyAlias(Context context, Intent intent, int uid, Uri uri, 592 String alias) { 593 return null; 594 } 595 596 /** 597 * Allows the receiver to be notified when information about a pending system update is 598 * available from the system update service. The same pending system update can trigger multiple 599 * calls to this method, so it is necessary to examine the incoming parameters for details about 600 * the update. 601 * <p> 602 * This callback is only applicable to device owners. 603 * 604 * @param context The running context as per {@link #onReceive}. 605 * @param intent The received intent as per {@link #onReceive}. 606 * @param receivedTime The time as given by {@link System#currentTimeMillis()} indicating when 607 * the current pending update was first available. -1 if no pending update is available. 608 */ onSystemUpdatePending(Context context, Intent intent, long receivedTime)609 public void onSystemUpdatePending(Context context, Intent intent, long receivedTime) { 610 } 611 612 /** 613 * Called when sharing a bugreport has been cancelled by the user of the device. 614 * 615 * <p>This callback is only applicable to device owners. 616 * 617 * @param context The running context as per {@link #onReceive}. 618 * @param intent The received intent as per {@link #onReceive}. 619 * @see DevicePolicyManager#requestBugreport 620 */ onBugreportSharingDeclined(Context context, Intent intent)621 public void onBugreportSharingDeclined(Context context, Intent intent) { 622 } 623 624 /** 625 * Called when the bugreport has been shared with the device administrator app. 626 * 627 * <p>This callback is only applicable to device owners. 628 * 629 * @param context The running context as per {@link #onReceive}. 630 * @param intent The received intent as per {@link #onReceive}. Contains the URI of 631 * the bugreport file (with MIME type "application/vnd.android.bugreport"), that can be accessed 632 * by calling {@link Intent#getData()} 633 * @param bugreportHash SHA-256 hash of the bugreport file. 634 * @see DevicePolicyManager#requestBugreport 635 */ onBugreportShared(Context context, Intent intent, String bugreportHash)636 public void onBugreportShared(Context context, Intent intent, String bugreportHash) { 637 } 638 639 /** 640 * Called when the bugreport collection flow has failed. 641 * 642 * <p>This callback is only applicable to device owners. 643 * 644 * @param context The running context as per {@link #onReceive}. 645 * @param intent The received intent as per {@link #onReceive}. 646 * @param failureCode int containing failure code. One of 647 * {@link #BUGREPORT_FAILURE_FAILED_COMPLETING} 648 * or {@link #BUGREPORT_FAILURE_FILE_NO_LONGER_AVAILABLE} 649 * @see DevicePolicyManager#requestBugreport 650 */ onBugreportFailed(Context context, Intent intent, @BugreportFailureCode int failureCode)651 public void onBugreportFailed(Context context, Intent intent, 652 @BugreportFailureCode int failureCode) { 653 } 654 655 /** 656 * Called when a new batch of security logs can be retrieved. 657 * 658 * <p>This callback is only applicable to device owners. 659 * 660 * @param context The running context as per {@link #onReceive}. 661 * @param intent The received intent as per {@link #onReceive}. 662 * @see DevicePolicyManager#retrieveSecurityLogs(ComponentName) 663 */ onSecurityLogsAvailable(Context context, Intent intent)664 public void onSecurityLogsAvailable(Context context, Intent intent) { 665 } 666 667 /** 668 * Called each time a new batch of network logs can be retrieved. This callback method will only 669 * ever be called when network logging is enabled. The logs can only be retrieved while network 670 * logging is enabled. 671 * 672 * <p>This callback is only applicable to device owners. 673 * 674 * @param context The running context as per {@link #onReceive}. 675 * @param intent The received intent as per {@link #onReceive}. 676 * @param batchToken The token representing the current batch of network logs. 677 * @param networkLogsCount The total count of events in the current batch of network logs. 678 * @see DevicePolicyManager#retrieveNetworkLogs(ComponentName) 679 * 680 * @hide 681 */ onNetworkLogsAvailable(Context context, Intent intent, long batchToken, int networkLogsCount)682 public void onNetworkLogsAvailable(Context context, Intent intent, long batchToken, 683 int networkLogsCount) { 684 } 685 686 /** 687 * Intercept standard device administrator broadcasts. Implementations 688 * should not override this method; it is better to implement the 689 * convenience callbacks for each action. 690 */ 691 @Override onReceive(Context context, Intent intent)692 public void onReceive(Context context, Intent intent) { 693 String action = intent.getAction(); 694 695 if (ACTION_PASSWORD_CHANGED.equals(action)) { 696 onPasswordChanged(context, intent); 697 } else if (ACTION_PASSWORD_FAILED.equals(action)) { 698 onPasswordFailed(context, intent); 699 } else if (ACTION_PASSWORD_SUCCEEDED.equals(action)) { 700 onPasswordSucceeded(context, intent); 701 } else if (ACTION_DEVICE_ADMIN_ENABLED.equals(action)) { 702 onEnabled(context, intent); 703 } else if (ACTION_DEVICE_ADMIN_DISABLE_REQUESTED.equals(action)) { 704 CharSequence res = onDisableRequested(context, intent); 705 if (res != null) { 706 Bundle extras = getResultExtras(true); 707 extras.putCharSequence(EXTRA_DISABLE_WARNING, res); 708 } 709 } else if (ACTION_DEVICE_ADMIN_DISABLED.equals(action)) { 710 onDisabled(context, intent); 711 } else if (ACTION_PASSWORD_EXPIRING.equals(action)) { 712 onPasswordExpiring(context, intent); 713 } else if (ACTION_PROFILE_PROVISIONING_COMPLETE.equals(action)) { 714 onProfileProvisioningComplete(context, intent); 715 } else if (ACTION_CHOOSE_PRIVATE_KEY_ALIAS.equals(action)) { 716 int uid = intent.getIntExtra(EXTRA_CHOOSE_PRIVATE_KEY_SENDER_UID, -1); 717 Uri uri = intent.getParcelableExtra(EXTRA_CHOOSE_PRIVATE_KEY_URI); 718 String alias = intent.getStringExtra(EXTRA_CHOOSE_PRIVATE_KEY_ALIAS); 719 String chosenAlias = onChoosePrivateKeyAlias(context, intent, uid, uri, alias); 720 setResultData(chosenAlias); 721 } else if (ACTION_LOCK_TASK_ENTERING.equals(action)) { 722 String pkg = intent.getStringExtra(EXTRA_LOCK_TASK_PACKAGE); 723 onLockTaskModeEntering(context, intent, pkg); 724 } else if (ACTION_LOCK_TASK_EXITING.equals(action)) { 725 onLockTaskModeExiting(context, intent); 726 } else if (ACTION_NOTIFY_PENDING_SYSTEM_UPDATE.equals(action)) { 727 long receivedTime = intent.getLongExtra(EXTRA_SYSTEM_UPDATE_RECEIVED_TIME, -1); 728 onSystemUpdatePending(context, intent, receivedTime); 729 } else if (ACTION_BUGREPORT_SHARING_DECLINED.equals(action)) { 730 onBugreportSharingDeclined(context, intent); 731 } else if (ACTION_BUGREPORT_SHARE.equals(action)) { 732 String bugreportFileHash = intent.getStringExtra(EXTRA_BUGREPORT_HASH); 733 onBugreportShared(context, intent, bugreportFileHash); 734 } else if (ACTION_BUGREPORT_FAILED.equals(action)) { 735 int failureCode = intent.getIntExtra(EXTRA_BUGREPORT_FAILURE_REASON, 736 BUGREPORT_FAILURE_FAILED_COMPLETING); 737 onBugreportFailed(context, intent, failureCode); 738 } else if (ACTION_SECURITY_LOGS_AVAILABLE.equals(action)) { 739 onSecurityLogsAvailable(context, intent); 740 } else if (ACTION_NETWORK_LOGS_AVAILABLE.equals(action)) { 741 long batchToken = intent.getLongExtra(EXTRA_NETWORK_LOGS_TOKEN, -1); 742 int networkLogsCount = intent.getIntExtra(EXTRA_NETWORK_LOGS_COUNT, 0); 743 onNetworkLogsAvailable(context, intent, batchToken, networkLogsCount); 744 } 745 } 746 } 747