533 lines
24 KiB
Plaintext
533 lines
24 KiB
Plaintext
page.title=Device Administration
|
||
@jd:body
|
||
|
||
<div id="qv-wrapper">
|
||
<div id="qv">
|
||
<h2>In this document</h2>
|
||
<ol>
|
||
<li><a href="#overview">Device Administration API Overview</a>
|
||
<ol>
|
||
<li><a href="#how">How does it work?</a></li>
|
||
<li><a href="#policies">Policies</a></li>
|
||
</ol>
|
||
</li>
|
||
<li><a href="#sample">Sample Application</a></li>
|
||
<li><a href="#developing">Developing a Device Administration Application</a>
|
||
<ol>
|
||
<li><a href="#manifest">Creating the manifest</a></li>
|
||
<li><a href="#code">Implementing the code</a></li>
|
||
</ol>
|
||
</li>
|
||
|
||
</ol>
|
||
|
||
<h2>Key classes</h2>
|
||
<ol>
|
||
<li>{@link android.app.admin.DeviceAdminReceiver}</li>
|
||
<li>{@link android.app.admin.DevicePolicyManager}</li>
|
||
<li>{@link android.app.admin.DeviceAdminInfo}</li>
|
||
</ol>
|
||
</div>
|
||
</div>
|
||
|
||
<p>Android 2.2 introduces support for enterprise applications by offering the
|
||
Android Device Administration API. The Device Administration API provides device
|
||
administration features at the system level. These APIs allow you to create
|
||
security-aware applications that are useful in enterprise settings, in which IT
|
||
professionals require rich control over employee devices. For example, the
|
||
built-in Android Email application has leveraged the new APIs to improve
|
||
Exchange support. Through the Email application, Exchange administrators can
|
||
enforce password policies — including alphanumeric passwords or numeric
|
||
PINs — across devices. Administrators can also remotely wipe (that is,
|
||
restore factory defaults on) lost or stolen handsets. Exchange users can sync
|
||
their email and calendar data.</p>
|
||
|
||
<p>This document is intended for developers who want to develop enterprise
|
||
solutions for Android-powered devices. It discusses the various features
|
||
provided by the Device Administration API to provide stronger security for
|
||
employee devices that are powered by Android.</p>
|
||
|
||
|
||
<h2 id="overview">Device Administration API Overview</h2>
|
||
|
||
<p>Here are examples of the types of applications that might use the Device Administration API:</p>
|
||
<ul>
|
||
<li>Email clients.</li>
|
||
<li>Security applications that do remote wipe.</li>
|
||
<li>Device management services and applications.</li>
|
||
</ul>
|
||
|
||
<h3 id="how">How does it work?</h3>
|
||
<p>You use the Device Administration API to write device admin applications that users
|
||
install on their devices. The device admin application enforces the desired
|
||
policies. Here's how it works:</p> <ul>
|
||
<li>A system administrator writes a device admin application that enforces
|
||
remote/local device security policies. These policies could be hard-coded into
|
||
the app, or the application could dynamically fetch policies from a third-party
|
||
server. </li>
|
||
<li>The application is installed on users' devices. Android does
|
||
not currently have an automated provisioning solution. Some of the ways a sysadmin might
|
||
distribute the application to users are as follows:
|
||
<ul>
|
||
<li>Android Market.</li>
|
||
<li>Enabling non-market installation.</li>
|
||
<li>Distributing the application through other means, such as email or websites.</li>
|
||
|
||
</ul>
|
||
|
||
|
||
</li>
|
||
<li>The system prompts the user to enable the device admin application. How
|
||
and when this happens depends on how the application is implemented.</li>
|
||
<li>Once users enable the device admin application, they are subject to
|
||
its policies. Complying with those policies typically confers benefits, such as
|
||
access to sensitive systems and data.</li>
|
||
</ul>
|
||
<p>If users do not enable the device admin app, it remains on the device, but in an inactive state. Users will not be subject to its policies, and they will conversely not get any of the application's benefits—for example, they may not be able to sync data.</p>
|
||
<p>If a user fails to comply with the policies (for example, if a user sets a
|
||
password that violates the guidelines), it is up to the application to decide
|
||
how to handle this. However, typically this will result in the user not being
|
||
able to sync data.</p>
|
||
<p>If a device attempts to connect to a server that requires policies not
|
||
supported in the Device Administration API, the connection will not
|
||
be allowed. The Device Administration API does not currently allow partial
|
||
provisioning. In other words, if a device (for example, a legacy device) does
|
||
not support all of the stated policies, there is no way to allow the
|
||
device to connect.</p>
|
||
<p>If a device contains multiple enabled admin applications, the strictest policy is
|
||
enforced. There is no way to target a particular admin
|
||
application.</p>
|
||
<p>To uninstall an existing device admin application, users need to
|
||
first unregister the application as an administrator. </p>
|
||
|
||
|
||
<h3 id="policies">Policies</h3>
|
||
|
||
<p>In an enterprise setting, it's often the case that employee devices must
|
||
adhere to a strict set of policies that govern the use of the device. The
|
||
Device Administration API supports the policies listed in Table 1.
|
||
Note that the Device Administration API currently only supports passwords for screen
|
||
lock:</p>
|
||
<p class="table-caption"><strong>Table 1.</strong> Policies supported by the Device Administration API.</p>
|
||
<table border="1">
|
||
<tr>
|
||
<th>Policy</th>
|
||
<th>Description</th>
|
||
</tr>
|
||
<tr>
|
||
<td>Password enabled</td>
|
||
<td>Requires that devices ask for PIN or passwords.</td>
|
||
</tr>
|
||
<tr>
|
||
<td>Minimum password length</td>
|
||
<td>Set the required number of characters for the password. For example, you
|
||
can require PIN or passwords to have at least six characters. </td> </tr>
|
||
<tr>
|
||
<td>Alphanumeric password required</td>
|
||
<td>Requires that passwords have a
|
||
combination of letters and numbers. They may include symbolic characters.
|
||
</td>
|
||
</tr>
|
||
<tr>
|
||
<td>Maximum failed password attempts </td>
|
||
<td>Specifies how many times a user can enter the wrong password before the
|
||
device wipes its data. The Device Administration API also allows administrators to
|
||
remotely reset the device to factory defaults. This secures data in case the
|
||
device is lost or stolen.</td>
|
||
</tr>
|
||
<tr>
|
||
<td>Maximum inactivity time lock</td>
|
||
<td>Sets the length of time since the user last touched the screen or
|
||
pressed a button before the device locks the screen. When this happens, users
|
||
need to enter their PIN or passwords again before they can use their devices and
|
||
access data. The value can be between 1 and 60 minutes.</td> </tr>
|
||
</table>
|
||
|
||
<h4>Other features</h4>
|
||
|
||
<p>In addition to supporting the policies listed in the above table, the Device
|
||
Administration API lets you do the following:</p> <ul>
|
||
<li>Prompt user to set a new password.</li>
|
||
<li>Lock device immediately.</li>
|
||
<li>Wipe the device's data (that is, restore the device to its factory defaults).</li>
|
||
</ul>
|
||
|
||
|
||
<h2 id="sample">Sample Application</h2>
|
||
|
||
<p>The examples used in this document are based on the <a
|
||
href="{@docRoot}resources/samples/ApiDemos/src/com/example/android/apis/app/DeviceAdminSample.html">
|
||
Device Administration API
|
||
sample</a>, which is included in the SDK samples. For information on downloading and
|
||
installing the SDK samples, see <a
|
||
href="{@docRoot}resources/samples/get.html">
|
||
Getting the Samples</a>. Here is the <a
|
||
href="{@docRoot}resources/samples/ApiDemos/src/com/example/android/apis/app/DeviceAdminSample.html">
|
||
complete code</a> for
|
||
the sample. </p>
|
||
<p>The
|
||
sample application offers a demo of device admin features. It presents users
|
||
with a user interface that lets them enable the device admin application. Once
|
||
they've enabled the application, they can use the buttons in the user interface
|
||
to do the following:</p>
|
||
<ul>
|
||
<li>Set password quality.</li>
|
||
<li>Specify the minimum length for the user's password.</li>
|
||
<li>Set the password. If the password does not conform to the specified
|
||
policies, the system returns an error.</li>
|
||
<li>Set how many failed password attempts can occur before the device is wiped
|
||
(that is, restored to factory settings).</li>
|
||
<li>Set the maximum amount of inactive time that can elapse before the device
|
||
locks.</li>
|
||
<li>Make the device lock immediately.</li>
|
||
<li>Wipe the device's data (that is, restore factory settings).</li>
|
||
</ul>
|
||
|
||
<img src="{@docRoot}images/admin/device-admin-app.png"/>
|
||
<p class="img-caption"><strong>Figure 1.</strong> Screenshot of the Sample Application</p>
|
||
|
||
|
||
|
||
<h2 id="developing">Developing a Device Administration Application</h2>
|
||
|
||
<p>System administrators can use the Device Administration API to write an application
|
||
that enforces remote/local device security policy enforcement. This section
|
||
summarizes the steps involved in creating a device administration
|
||
application.</p>
|
||
|
||
<h3 id="manifest">Creating the manifest</h3>
|
||
|
||
<p>To use the Device Administration API, the application's
|
||
manifest must include the following:</p>
|
||
<ul>
|
||
<li>A subclass of {@link android.app.admin.DeviceAdminReceiver} that includes the following:
|
||
<ul>
|
||
<li>The {@link android.Manifest.permission#BIND_DEVICE_ADMIN} permission.</li>
|
||
<li>The ability to respond to the {@link android.app.admin.DeviceAdminReceiver#ACTION_DEVICE_ADMIN_ENABLED}
|
||
intent, expressed in the manifest as an intent filter.</li>
|
||
</ul>
|
||
</li>
|
||
<li>A declaration of security policies used in metadata.</li>
|
||
</ul>
|
||
<p>Here is an excerpt from the Device Administration sample manifest:</p>
|
||
<pre><activity android:name=".app.DeviceAdminSample$Controller"
|
||
android:label="@string/activity_sample_device_admin">
|
||
<intent-filter>
|
||
<action android:name="android.intent.action.MAIN" />
|
||
<category android:name="android.intent.category.SAMPLE_CODE" />
|
||
</intent-filter>
|
||
</activity>
|
||
|
||
<receiver android:name=".app.DeviceAdminSample"
|
||
android:label="@string/sample_device_admin"
|
||
android:description="@string/sample_device_admin_description"
|
||
android:permission="android.permission.BIND_DEVICE_ADMIN">
|
||
<meta-data android:name="android.app.device_admin"
|
||
android:resource="@xml/device_admin_sample" />
|
||
<intent-filter>
|
||
<action android:name="android.app.action.DEVICE_ADMIN_ENABLED" />
|
||
</intent-filter>
|
||
</receiver></pre>
|
||
|
||
<p>Note that:</p>
|
||
<ul>
|
||
<li>The activity in the sample application is an {@link android.app.Activity}
|
||
subclass called <code>Controller</code>. The syntax
|
||
<code>".app.DeviceAdminSample$Controller"</code> indicates that
|
||
<code>Controller</code> is an inner class that is nested inside the
|
||
<code>DeviceAdminSample</code> class. Note that an Activity does not need to be
|
||
an inner class; it just is in this example.</li>
|
||
|
||
<li>The following attributes refer to string resources that for the sample application reside in
|
||
<code>ApiDemos/res/values/strings.xml</code>. For more information about resources, see
|
||
<a
|
||
href="{@docRoot}guide/topics/resources/index.html">Application Resources</a>.
|
||
<ul>
|
||
<li><code>android:label="@string/activity_sample_device_admin"</code> refers to the
|
||
user-readable label for the activity.</li>
|
||
|
||
<li><code>android:label="@string/sample_device_admin"</code> refers to the
|
||
user-readable label for the permission.</li>
|
||
|
||
<li><code>android:description="@string/sample_device_admin_description"</code> refers to
|
||
the user-readable description of the permission. A descripton is typically longer and more
|
||
informative than
|
||
a label.</li>
|
||
</ul>
|
||
|
||
|
||
<li><code>android:permission="android.permission.BIND_DEVICE_ADMIN"
|
||
</code> is a permission that a {@link android.app.admin.DeviceAdminReceiver} subclass must
|
||
have, to ensure that only the system can interact with the receiver (no application can be granted this permission). This
|
||
prevents other applications from abusing your device admin app.</li>
|
||
<li><code>android.app.action.DEVICE_ADMIN_ENABLED</code> is the the primary
|
||
action that a {@link android.app.admin.DeviceAdminReceiver} subclass must handle to be
|
||
allowed to manage a device. This is set to the receiver when the user enables
|
||
the device admin app. Your code typically handles this in
|
||
{@link android.app.admin.DeviceAdminReceiver#onEnabled onEnabled()}. To be supported, the receiver must also
|
||
require the {@link android.Manifest.permission#BIND_DEVICE_ADMIN} permission so that other applications
|
||
cannot abuse it. </li>
|
||
<li>When a user enables the device admin application, that gives the receiver
|
||
permission to perform actions in response to the broadcast of particular system
|
||
events. When suitable event arises, the application can impose a policy. For
|
||
example, if the user attempts to set a new password that doesn't meet the policy
|
||
requirements, the application can prompt the user to pick a different password
|
||
that does meet the requirements.</li>
|
||
|
||
<li><code>android:resource="@xml/device_admin_sample"</code>
|
||
declares the security policies used in metadata. The metadata provides additional
|
||
information specific to the device administrator, as parsed by the {@link
|
||
android.app.admin.DeviceAdminInfo} class. Here are the contents of
|
||
<code>device_admin_sample.xml</code>:</li>
|
||
</ul>
|
||
<pre><device-admin xmlns:android="http://schemas.android.com/apk/res/android">
|
||
<uses-policies>
|
||
<limit-password />
|
||
<watch-login />
|
||
<reset-password />
|
||
<force-lock />
|
||
<wipe-data />
|
||
</uses-policies>
|
||
</device-admin>
|
||
</pre>
|
||
<p> In designing your device administration application, you don't need to
|
||
include all of the policies, just the ones that are relevant for your app.
|
||
</p>
|
||
For more discussion of the manifest file, see the <a
|
||
href="{@docRoot}guide/topics/manifest/manifest-intro.html">Android Developers Guide</a>.
|
||
|
||
|
||
|
||
<h3 id="code">Implementing the code</h3>
|
||
|
||
<p>The Device Administration API includes the following classes:</p>
|
||
<dl>
|
||
<dt>{@link android.app.admin.DeviceAdminReceiver}</dt>
|
||
<dd>Base class for implementing a device administration component. This class provides
|
||
a convenience for interpreting the raw intent actions that are sent by the
|
||
system. Your Device Administration application must include a
|
||
{@link android.app.admin.DeviceAdminReceiver} subclass.</dd>
|
||
<dt>{@link android.app.admin.DevicePolicyManager}</dt>
|
||
<dd>A class for managing policies enforced on a device. Most clients of
|
||
this class must have published a {@link android.app.admin.DeviceAdminReceiver} that the user
|
||
has currently enabled. The {@link android.app.admin.DevicePolicyManager} manages policies for
|
||
one or more {@link android.app.admin.DeviceAdminReceiver} instances</dd>
|
||
<dt>{@link android.app.admin.DeviceAdminInfo}</dt>
|
||
<dd>This class is used to specify metadata
|
||
for a device administrator component.</dd>
|
||
</dl>
|
||
<p>These classes provide the foundation for a fully functional device administration application.
|
||
The rest of this section describes how you use the {@link
|
||
android.app.admin.DeviceAdminReceiver} and
|
||
{@link android.app.admin.DevicePolicyManager} APIs to write a device admin application.</p>
|
||
|
||
<h4 id="receiver">Subclassing DeviceAdminReceiver</h4>
|
||
<p>To create a device admin application, you must subclass
|
||
{@link android.app.admin.DeviceAdminReceiver}. The {@link android.app.admin.DeviceAdminReceiver} class
|
||
consists of a series of callbacks that are triggered when particular events
|
||
occur.</p>
|
||
<p>In its {@link android.app.admin.DeviceAdminReceiver} subclass, the sample application
|
||
simply displays a {@link android.widget.Toast} notification in response to particular
|
||
events. For example:</p>
|
||
<pre>public class DeviceAdminSample extends DeviceAdminReceiver {
|
||
|
||
...
|
||
@Override
|
||
public void onEnabled(Context context, Intent intent) {
|
||
showToast(context, "Sample Device Admin: enabled");
|
||
}
|
||
|
||
@Override
|
||
public CharSequence onDisableRequested(Context context, Intent intent) {
|
||
return "This is an optional message to warn the user about disabling.";
|
||
}
|
||
|
||
@Override
|
||
public void onDisabled(Context context, Intent intent) {
|
||
showToast(context, "Sample Device Admin: disabled");
|
||
}
|
||
|
||
@Override
|
||
public void onPasswordChanged(Context context, Intent intent) {
|
||
showToast(context, "Sample Device Admin: pw changed");
|
||
}
|
||
|
||
void showToast(Context context, CharSequence msg) {
|
||
Toast.makeText(context, msg, Toast.LENGTH_SHORT).show();
|
||
}
|
||
...
|
||
}</pre>
|
||
|
||
<h4 id="enabling">Enabling the application</h4>
|
||
<p>One of the major events a device admin application has to handle is the user
|
||
enabling the application. The user must explicitly enable the application for
|
||
the policies to be enforced. If the user chooses not to enable the application
|
||
it will still be present on the device, but its policies will not be enforced, and the user will not
|
||
get any of the application's benefits.</p>
|
||
<p>The process of enabling the application begins when the user performs an
|
||
action that triggers the {@link android.app.admin.DevicePolicyManager#ACTION_ADD_DEVICE_ADMIN}
|
||
intent. In the
|
||
sample application, this happens when the user clicks the <strong>Enable
|
||
Admin</strong> button. </p>
|
||
<p>When the user clicks the <strong>Enable Admin</strong> button, the display
|
||
changes to prompt the user to enable the device admin application, as shown in figure
|
||
2.</p>
|
||
|
||
<img src="{@docRoot}images/admin/device-admin-activate-prompt.png"/>
|
||
<p class="img-caption"><strong>Figure 2.</strong> Sample Application: Activating the Application</p>
|
||
<p>Below is the code that gets executed when the user clicks the <strong>Enable
|
||
Admin</strong> button shown in figure 1. </p>
|
||
|
||
<pre> private OnClickListener mEnableListener = new OnClickListener() {
|
||
public void onClick(View v) {
|
||
// Launch the activity to have the user enable our admin.
|
||
Intent intent = new Intent(DevicePolicyManager.ACTION_ADD_DEVICE_ADMIN);
|
||
intent.putExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN,
|
||
mDeviceAdminSample);
|
||
intent.putExtra(DevicePolicyManager.EXTRA_ADD_EXPLANATION,
|
||
"Additional text explaining why this needs to be added.");
|
||
startActivityForResult(intent, RESULT_ENABLE);
|
||
}
|
||
};
|
||
|
||
...
|
||
// This code checks whether the device admin app was successfully enabled.
|
||
@Override
|
||
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
|
||
switch (requestCode) {
|
||
case RESULT_ENABLE:
|
||
if (resultCode == Activity.RESULT_OK) {
|
||
Log.i("DeviceAdminSample", "Administration enabled!");
|
||
} else {
|
||
Log.i("DeviceAdminSample", "Administration enable FAILED!");
|
||
}
|
||
return;
|
||
}
|
||
super.onActivityResult(requestCode, resultCode, data);
|
||
}</pre>
|
||
|
||
<p>The line
|
||
<code>intent.putExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN,
|
||
mDeviceAdminSample)</code> states that <code>mDeviceAdminSample</code> (which is
|
||
a {@link android.app.admin.DeviceAdminReceiver} component) is the target policy.
|
||
This line invokes the user interface shown in figure 2, which guides users through
|
||
adding the device administrator to the system (or allows them to reject it).</p>
|
||
|
||
<p>When the application needs to perform an operation that is contingent on the
|
||
device admin application being enabled, it confirms that the application is
|
||
active. To do this it uses the {@link android.app.admin.DevicePolicyManager} method
|
||
{@link android.app.admin.DevicePolicyManager#isAdminActive(android.content.ComponentName) isAdminActive()}. Notice that the {@link android.app.admin.DevicePolicyManager}
|
||
method {@link android.app.admin.DevicePolicyManager#isAdminActive(android.content.ComponentName) isAdminActive()} takes a {@link android.app.admin.DeviceAdminReceiver}
|
||
component as its argument:</p>
|
||
<pre>
|
||
DevicePolicyManager mDPM;
|
||
...
|
||
boolean active = mDPM.isAdminActive(mDeviceAdminSample);
|
||
if (active) {
|
||
// Admin app is active, so do some admin stuff
|
||
...
|
||
} else {
|
||
// do something else
|
||
}
|
||
</pre>
|
||
|
||
<h3 id="admin_ops">Managing policies</h3>
|
||
<p>{@link android.app.admin.DevicePolicyManager} is a public class for managing policies
|
||
enforced on a device. {@link android.app.admin.DevicePolicyManager} manages policies for one
|
||
or more {@link android.app.admin.DeviceAdminReceiver} instances. </p>
|
||
<p>You get a handle to the {@link android.app.admin.DevicePolicyManager} as follows: </p>
|
||
<pre>
|
||
DevicePolicyManager mDPM =
|
||
(DevicePolicyManager)getSystemService(Context.DEVICE_POLICY_SERVICE);
|
||
</pre>
|
||
<p>This section describes how to use {@link android.app.admin.DevicePolicyManager} to perform
|
||
administrative tasks:</p>
|
||
<ul>
|
||
<li><a href="#pwd">Set password policies</a></li>
|
||
<li><a href="#lock">Set device lock</a></li>
|
||
<li><a href="#wipe">Perform data wipe</a></li>
|
||
</ul>
|
||
|
||
<h4 id="pwd">Set password policies</h4>
|
||
<p>{@link android.app.admin.DevicePolicyManager} includes APIs for setting and enforcing the
|
||
device password policy. In the Device Administration API, the password only applies to
|
||
screen lock. This section describes common password-related tasks.</p>
|
||
|
||
<h5>Set a password for the device</h5>
|
||
<p>This code displays a user interface prompting the user to set a password:</p>
|
||
<pre>Intent intent = new Intent(DevicePolicyManager.ACTION_SET_NEW_PASSWORD);
|
||
startActivity(intent);
|
||
</pre>
|
||
|
||
<h5>Set the password quality</h5>
|
||
<p>The password quality can be one of the following {@link android.app.admin.DevicePolicyManager} constants: </p>
|
||
<dl>
|
||
<dt>{@link android.app.admin.DevicePolicyManager#PASSWORD_QUALITY_ALPHABETIC}</dt><dd>The user must enter a
|
||
password containing at least alphabetic (or other symbol) characters.</dd>
|
||
<dt>{@link android.app.admin.DevicePolicyManager#PASSWORD_QUALITY_ALPHANUMERIC}</dt><dd>The user must enter a
|
||
password containing at least <em>both</em> numeric <em>and</em> alphabetic (or
|
||
other symbol) characters.</dd>
|
||
<dt>{@link android.app.admin.DevicePolicyManager#PASSWORD_QUALITY_NUMERIC}</dt><dd>The user must enter a password
|
||
containing at least numeric characters.</dd>
|
||
<dt>{@link android.app.admin.DevicePolicyManager#PASSWORD_QUALITY_SOMETHING}</dt><dd>The policy requires some kind
|
||
of password, but doesn't care what it is.</dd>
|
||
<dt>{@link android.app.admin.DevicePolicyManager#PASSWORD_QUALITY_UNSPECIFIED}</dt><dd>
|
||
The policy has no requirements for the password. </dd>
|
||
</dl>
|
||
<p>For example, this is how you would set the password policy to require an alphanumeric password:</p>
|
||
<pre>
|
||
DevicePolicyManager mDPM;
|
||
ComponentName mDeviceAdminSample;
|
||
...
|
||
mDPM.setPasswordQuality(mDeviceAdminSample, DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC);
|
||
</pre>
|
||
|
||
<h5>Set the minimum password length</h5>
|
||
<p>You can specify that a password must be at least the specified minimum
|
||
length. For example:</p>
|
||
<pre>DevicePolicyManager mDPM;
|
||
ComponentName mDeviceAdminSample;
|
||
int pwLength;
|
||
...
|
||
mDPM.setPasswordMinimumLength(mDeviceAdminSample, pwLength);
|
||
</pre>
|
||
|
||
<h5>Set maximum failed password attempts</h5>
|
||
<p>You can set the maximum number of allowed failed password attempts before the
|
||
device is wiped (that is, reset to factory settings). For example:</p>
|
||
<pre>DevicePolicyManager mDPM;
|
||
ComponentName mDeviceAdminSample;
|
||
int maxFailedPw;
|
||
...
|
||
mDPM.setMaximumFailedPasswordsForWipe(mDeviceAdminSample, maxFailedPw);</pre>
|
||
|
||
<h4 id="lock">Set device lock</h4>
|
||
<p>You can set the maximum period of user inactivity that can occur before the
|
||
device locks. For example:</p>
|
||
<pre>
|
||
DevicePolicyManager mDPM;
|
||
ComponentName mDeviceAdminSample;
|
||
...
|
||
long timeMs = 1000L*Long.parseLong(mTimeout.getText().toString());
|
||
mDPM.setMaximumTimeToLock(mDeviceAdminSample, timeMs);
|
||
</pre>
|
||
<p>You can also programmatically tell the device to lock immediately:</p>
|
||
<pre>
|
||
DevicePolicyManager mDPM;
|
||
mDPM.lockNow();</pre>
|
||
|
||
<h4 id="wipe">Perform data wipe</h4>
|
||
|
||
<p>You can use the {@link android.app.admin.DevicePolicyManager} method
|
||
{@link android.app.admin.DevicePolicyManager#wipeData wipeData()} to reset the device to factory settings. This is useful
|
||
if the device is lost or stolen. Often the decision to wipe the device is the
|
||
result of certain conditions being met. For example, you can use
|
||
{@link android.app.admin.DevicePolicyManager#setMaximumFailedPasswordsForWipe setMaximumFailedPasswordsForWipe()} to state that a device should be
|
||
wiped after a specific number of failed password attempts.</p>
|
||
<p>You wipe data as follows:</p>
|
||
<pre>
|
||
DevicePolicyManager mDPM;
|
||
mDPM.wipeData(0);</pre>
|
||
<p>The {@link android.app.admin.DevicePolicyManager#wipeData wipeData()} method takes as its parameter a bit mask of
|
||
additional options. Currently the value must be 0. </p>
|