Device Owner
概述
DeviceOwner 译为设备所有者,在Android5.0系统推出。DeviceOwner涵盖了DeviceAdmin用户的所有管理能力,也涵盖了ProfileOwner的所有管理能力,并且在这些基础上额外添加了一些管理权限,如重启设备、禁用状态栏等。Android提供的三种权限管理策略的能力大小依次为 DeviceAdmin < ProfileOwner < DeviceOwner。
Android系统只能设置一个DeviceOwner程序,并且该程序在设置为DeviceOwner后不能取消,应用不能卸载,唯一可以取消的途径是恢复出厂设置。并且,DeviceOwner应用和ProfileOwner也会产生冲突,系统只能有一个DeviceOwner应用或者ProfileOwner应用。
DeviceOwner 的设置和能力
要使一个应用成为DeviceOwner,首先这个程序必须是一个DeviceAdmin,按照DeviceAdmin的标准流程配置一个程序,回顾往期文章Android Device Administration 应用的能力。
将配置好的程序设置为DeviceOwner之前,不必刻意去激活DeviceAdmin,系统在设置DeviceOwner的过程中会自动先激活DeviceAdmin,这也是DeviceOwner拥有DeviceAdmin所有能力的原因。
第三方应用和系统应用都没有权限设置DeviceOwner,Android官方值提供两种设置DeviceOwner应用的方法:
- 通过终端adb shell
- 通过NFC
了解官方方法和自定义实现方案,请跳转至一键设置 DeviceAdmin/ProfileOwner/DeviceOwner 应用
系统成功设置DeviceOwner后会生成/data/system/device_owner_2.xml 文件,该文件记录了系统最高管理权限程序的基本信息:
<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<root>
<device-owner package="" name="Test Device Owner" component="/" userRestrictionsMigrated="true" />
<device-owner-context userId="0" />
</root>
是否为DeviceOwner
// 获取设备管理服务
mDevicePolicyManager = (DevicePolicyManager) getSystemService(Context.DEVICE_POLICY_SERVICE);
// 需要激活的DeviceAdminReceiver组件
mComponentName = new ComponentName(this, );
isDeviceOwnerApp = (());
(TAG, "isDeviceOwnerApp: " + isDeviceOwnerApp);
启用或禁用备份服务
private void setBackupServiceEnabled(ComponentName admin, boolean enabled) {
if (isDeviceOwnerApp) {
(admin, enabled);
}
}
备份服务是否开启
private boolean isBackupServiceEnabled(ComponentName admin) {
boolean res = false;
if (isDeviceOwnerApp) {
res = (admin);
}
return res;
}
重启设备
private void reboot(ComponentName admin) {
if (isDeviceOwnerApp) {
(admin);
}
}
获取wifi Mac地址
private String getWifiMacAddress(ComponentName admin) {
String res = null;
if (isDeviceOwnerApp) {
res = (admin);
}
return res;
}
设置状态栏的禁用或启用
private boolean setStatusBarDisabled(ComponentName admin, boolean disabled) {
boolean res = false;
if (isDeviceOwnerApp) {
res = (admin, disabled);
}
return res;
}
将锁屏模式设置为None,当用户设置了密码时无效
private boolean setKeyguardDisabled(ComponentName admin, boolean disabled) {
boolean res = false;
if (isDeviceOwnerApp) {
res = (admin, disabled);
}
return res;
}
设置系统更新策略
private void setSystemUpdatePolicy(ComponentName admin, SystemUpdatePolicy policy) {
if (isDeviceOwnerApp) {
(admin, policy);
}
}
获取系统更新策略
private SystemUpdatePolicy getSystemUpdatePolicy() {
SystemUpdatePolicy res = null;
if (isDeviceOwnerApp) {
res = ();
}
return res;
}
设置系统设置中Global相关的属性
private void setGlobalSetting(ComponentName admin, String setting, String value) {
if (isDeviceOwnerApp) {
(admin, setting, value);
}
}
切换用户
private boolean switchUser(ComponentName admin, UserHandle userHandle) {
boolean res = false;
if (isDeviceOwnerApp) {
res = (admin, userHandle);
}
return res;
}
删除用户
private boolean removeUser(ComponentName admin, UserHandle userHandle) {
boolean res = false;
if (isDeviceOwnerApp) {
res = (admin, userHandle);
}
return res;
}
创建一个用户
private UserHandle createAndManageUser(ComponentName admin, String name, ComponentName profileOwner, PersistableBundle adminExtras,
int flags) {
UserHandle res = null;
if (isDeviceOwnerApp) {
res = (admin, name, profileOwner, adminExtras, flags);
}
return res;
}
设置锁屏界面显示的提示消息–如“小明的Device Owner设备”
private void setDeviceOwnerLockScreenInfo(ComponentName admin, CharSequence info) {
if (isDeviceOwnerApp) {
(admin, info);
}
}
获取锁屏界面显示消息
private CharSequence getDeviceOwnerLockScreenInfo() {
CharSequence res = null;
if (isDeviceOwnerApp) {
res = ();
}
return res;
}
设置一个独立于网络的全局HTTP代理
private void setRecommendedGlobalProxy(ComponentName admin, ProxyInfo proxyInfo) {
if (isDeviceOwnerApp) {
(admin, proxyInfo);
}
}
禁止/允许截屏
private void setScreenCaptureDisabled(ComponentName admin, boolean disabled) {
if(isProfileOwnerApp) {
(admin, disabled);
}
}
是否禁止截图
private boolean getScreenCaptureDisabled(ComponentName admin) {
boolean res = false;
if (isProfileOwnerApp) {
res = (admin);
}
return res;
}
设置组织名
private void setOrganizationName(ComponentName admin, CharSequence title) {
if(isProfileOwnerApp) {
(admin, title);
}
}
获取组织名
private CharSequence getOrganizationName(ComponentName admin) {
CharSequence res = null;
if (isProfileOwnerApp) {
res = (admin);
}
return res;
}
通过包名设置应用程序的运行时权限状态
private boolean setPermissionGrantState(ComponentName admin, String packageName,
String permission, int grantState) {
boolean res = false;
if (isProfileOwnerApp) {
res = (admin, packageName, permission, grantState);
}
return res;
}
通过包名获取应用程序的运行时权限状态
private int getPermissionGrantState(ComponentName admin, String packageName,
String permission) {
int res = 0;
if (isProfileOwnerApp) {
res = (admin, packageName, permission);
}
return res;
}
允许应用程序自动授予或拒绝运行时权限请求
private void setPermissionPolicy(ComponentName admin, int policy) {
if(isProfileOwnerApp) {
(admin, policy);
}
}
返回设备或配置文件所有者设置的当前运行时权限策略
private int getPermissionPolicy(ComponentName admin) {
int res = 0;
if (isProfileOwnerApp) {
res = (admin);
}
return res;
}
设置用户图片
private void setUserIcon(ComponentName admin, Bitmap icon) {
if(isProfileOwnerApp) {
(admin, icon);
}
}
设置应用程序不可卸载或者可以卸载
private void setUninstallBlocked(ComponentName admin, String packageName,
boolean uninstallBlocked) {
if(isProfileOwnerApp) {
(admin, packageName, uninstallBlocked);
}
}
返回应用程序是否可卸载
private boolean isUninstallBlocked(ComponentName admin, String packageName) {
boolean res = false;
if (isProfileOwnerApp) {
res = (admin, packageName);
}
return res;
}
设置静音
private void setMasterVolumeMuted(ComponentName admin, boolean on) {
if(isProfileOwnerApp) {
(admin, on);
}
}
是否静音
private boolean isMasterVolumeMuted(ComponentName admin) {
boolean res = false;
if (isProfileOwnerApp) {
res = (admin);
}
return res;
}
指定特定的服务组件作为内容提供者,用于向用户的本地或远程管理员发出权限请求
private void setRestrictionsProvider(ComponentName admin, ComponentName provider) {
if(isProfileOwnerApp) {
(admin, provider);
}
}
设置系统设置中安全相关的属性
private void setSecureSetting(ComponentName admin, String setting, String value) {
if(isProfileOwnerApp) {
(admin, setting, value);
}
}
设置哪些应用程序能够在锁定界面显示
private void setLockTaskPackages(ComponentName admin, String[] packages) {
if (packages == null) return;
if(isProfileOwnerApp) {
(admin, packages);
}
}
返回允许在锁定界面显示的包列表
private String[] getLockTaskPackages(ComponentName admin) {
String[] res = null;
if (isProfileOwnerApp) {
res = (admin);
}
return res;
}
查询一个应用是否能够在锁定界面显示
private boolean isLockTaskPermitted(String packageName) {
boolean res = false;
if (isProfileOwnerApp) {
res = (packageName);
}
return res;
}
禁用特定类型的帐户
private void setAccountManagementDisabled(ComponentName admin, String accountType,
boolean disabled) {
if(isProfileOwnerApp) {
(admin, accountType, disabled);
}
}
获取禁用的账户列表
private String[] getAccountTypesWithManagementDisabled() {
String[] res = null;
if (isProfileOwnerApp) {
res = ();
}
return res;
}
重新启用用户初始化时默认禁用的系统应用程序
private void enableSystemApp(ComponentName admin, String packageName) {
if(isProfileOwnerApp) {
(admin, packageName);
}
}
隐藏或者启用应用
private boolean setApplicationHidden(ComponentName admin, String packageName, boolean hidden) {
boolean res = false;
if (isProfileOwnerApp) {
res = (admin, packageName, hidden);
}
return res;
}
查询一个应用是否被隐藏
private boolean isApplicationHidden(ComponentName admin, String packageName) {
boolean res = false;
if (isProfileOwnerApp) {
res = (admin, packageName);
}
return res;
}
添加用户限制
private void addUserRestriction(ComponentName admin, String key) {
if(isProfileOwnerApp) {
(admin, key);
}
}
清除用户限制
private void clearUserRestriction(ComponentName admin, String key) {
if(isProfileOwnerApp) {
(admin, key);
}
}
获取用户限制
private Bundle getUserRestrictions(ComponentName admin) {
Bundle res = null;
if (isProfileOwnerApp) {
res = (admin);
}
return res;
}
默认情况下,用户可以使用任何输入法。当添加了零个或多个包时,用户无法启用不在列表中的输入法
private boolean setPermittedInputMethods(ComponentName admin, List<String> packageNames) {
boolean res = false;
if (isProfileOwnerApp) {
res = (admin, packageNames);
}
return res;
}
获取受信任的输入法包列表
private List<String> getPermittedInputMethods(ComponentName admin) {
List<String> res = null;
if(isProfileOwnerApp) {
res = (admin);
}
return res;
}
设置允许的可访问性服务。默认情况下,用户可以使用任何可访问性服务。当添加了零个或多个包时,用户无法启用列表中非系统部分的可访问性服务
private boolean setPermittedAccessibilityServices(ComponentName admin, List<String> packageNames) {
boolean res = false;
if (isProfileOwnerApp) {
res = (admin, packageNames);
}
return res;
}
获取所有不受信任的服务列表
private List<String> getPermittedAccessibilityServices(ComponentName admin) {
List<String> res = null;
if(isProfileOwnerApp) {
res = (admin);
}
return res;
}
设置蓝牙是否可以访问联系人
private void setBluetoothContactSharingDisabled(ComponentName admin, boolean disabled) {
if(isProfileOwnerApp) {
(admin, disabled);
}
}
获取蓝牙访问联系人状态
private boolean getBluetoothContactSharingDisabled(ComponentName admin) {
boolean res = false;
if (isProfileOwnerApp) {
res = (admin);
}
return res;
}
禁止或者开启搜索联系人功能
private void setCrossProfileContactsSearchDisabled(ComponentName admin, boolean disabled) {
if(isProfileOwnerApp) {
(admin, disabled);
}
}
获取搜索联系人状态
private boolean getCrossProfileContactsSearchDisabled(ComponentName admin) {
boolean res = false;
if (isProfileOwnerApp) {
res = (admin);
}
return res;
}
禁止或者开启来电显示功能
private void setCrossProfileCallerIdDisabled(ComponentName admin, boolean disabled) {
if(isProfileOwnerApp) {
(admin, disabled);
}
}
获取禁止来电显示状态
private boolean getCrossProfileCallerIdDisabled(ComponentName admin) {
boolean res = false;
if (isProfileOwnerApp) {
res = (admin);
}
return res;
}
设置应用限制
private void setApplicationRestrictions(ComponentName admin, String packageName,
Bundle settings) {
if(isProfileOwnerApp) {
(admin, packageName, settings);
}
}
获取应用程序受限信息
private Bundle getApplicationRestrictions(ComponentName admin, String packageName) {
Bundle res = null;
if (isProfileOwnerApp) {
res = (admin, packageName);
}
return res;
}
设置应用程序挂起,挂起的程序将无法启动任何活动
private String[] setPackagesSuspended(ComponentName admin, String[] packageNames, boolean suspended) {
String[] res = null;
if (isProfileOwnerApp) {
res = (admin, packageNames, suspended);
}
return res;
}
是否为挂起应用
private boolean isPackageSuspended(ComponentName admin, String packageName) {
boolean res = false;
if (isProfileOwnerApp) {
try {
res = (admin, packageName);
} catch (NameNotFoundException e) {
(TAG, "Error getting appName for package: " + packageName, e);
}
}
return res;
}
指定特定应用程序始终打开的VPN连接。此连接在重新启动后自动授予并持久化
private void setAlwaysOnVpnPackage(ComponentName admin, String vpnPackage,
boolean lockdownEnabled) {
if(isProfileOwnerApp) {
try {
(admin, vpnPackage, lockdownEnabled);
} catch (NameNotFoundException | UnsupportedOperationException e) {
(TAG, "Error getting appName for package: " + vpnPackage, e);
}
}
}
获取打开VPN连接的应用
private String getAlwaysOnVpnPackage(ComponentName admin) {
String res = null;
if (isProfileOwnerApp) {
res = (admin);
}
return res;
}
授予对另一个应用程序的特权API的访问权
private void setDelegatedScopes(ComponentName admin, String delegatePackage,
List<String> scopes) {
if(isProfileOwnerApp) {
(admin, delegatePackage, scopes);
}
}
获取特权应用的所有权限
private List<String> getDelegatedScopes(ComponentName admin, String delegatedPackage) {
List<String> res = null;
if(isProfileOwnerApp) {
res = (admin, delegatedPackage);
}
return res;
}
安装证书和相应的私钥
private boolean installKeyPair(ComponentName admin, PrivateKey privKey, Certificate cert, String alias) {
boolean res = false;
if (isProfileOwnerApp) {
res = (admin, privKey, cert, alias);
}
return res;
}
删除密匙
private boolean removeKeyPair(ComponentName admin, String alias) {
boolean res = false;
if (isProfileOwnerApp) {
res = (admin, alias);
}
return res;
}
此证书是否安装为可信CA
private boolean hasCaCertInstalled(ComponentName admin, byte[] certBuffer) {
boolean res = false;
if (isProfileOwnerApp) {
res = (admin, certBuffer);
}
return res;
}
卸载所有自定义的可信CA证书。除系统CA证书外,通过设备策略以外的方式安装的证书也将被删除
private void uninstallAllUserCaCerts(ComponentName admin) {
if(isProfileOwnerApp) {
(admin);
}
}
返回当前受信任的所有CA证书,不包括系统CA证书。如果用户通过除设备策略之外的其他方式安装了任何证书,这些证书也将包括在内。
private List<byte[]> getInstalledCaCerts(ComponentName admin) {
List<byte[]> res = null;
if (isProfileOwnerApp) {
res = (admin);
}
return res;
}
从可信用户CAs卸载给定的证书
private void uninstallCaCert(ComponentName admin, byte[] certBuffer) {
if(isProfileOwnerApp) {
(admin, certBuffer);
}
}
将给定证书安装为用户可信CA
private boolean installCaCert(ComponentName admin, byte[] certBuffer) {
boolean res = false;
if (isProfileOwnerApp) {
res = (admin, certBuffer);
}
return res;
}
设置超时时间,超时后用户必须使用身份验证才能进入系统,比如指纹、密码等
private void setRequiredStrongAuthTimeout(ComponentName admin, long timeoutMs) {
if(isProfileOwnerApp) {
(admin, timeoutMs);
}
}
获取超时时间
private long getRequiredStrongAuthTimeout(ComponentName admin) {
long res = 0;
if (isProfileOwnerApp) {
res = (admin);
}
return res;
}
重置设备锁屏密码
private boolean setResetPasswordToken(ComponentName admin, byte[] token) {
boolean res = false;
if (isProfileOwnerApp) {
res = (admin, token);
}
return res;
}
清除重置设备密码Token
private boolean clearResetPasswordToken(ComponentName admin) {
boolean res = false;
if (isProfileOwnerApp) {
res = (admin);
}
return res;
}
重置设备密码Token激活状态
private boolean isResetPasswordTokenActive(ComponentName admin) {
boolean res = false;
if (isProfileOwnerApp) {
res = (admin);
}
return res;
}
重置设备锁屏密码,在Token激活的状态下有效
private boolean resetPasswordWithToken(ComponentName admin, String password,
byte[] token, int flags) {
boolean res = false;
if (isProfileOwnerApp) {
res = (admin, password, token, flags);
}
return res;
}