DeviceOwner 译为设备所有者,在Android5.0系统推出。DeviceOwner涵盖了DeviceAdmin用户的所有管理能力,也涵盖了ProfileOwner的所有管理能力,并且在这些基础上额外添加了一些管理权限,如重启设备、禁用状态栏等。Android提供的三种权限管理策略的能力大小依次为 DeviceAdmin < ProfileOwner < DeviceOwner。
Android系统只能设置一个DeviceOwner程序,并且该程序在设置为DeviceOwner后不能取消,应用不能卸载,唯一可以取消的途径是恢复出厂设置。并且,DeviceOwner应用和ProfileOwner也会产生冲突,系统只能有一个DeviceOwner应用或者ProfileOwner应用。
要使一个应用成为DeviceOwner,首先这个程序必须是一个DeviceAdmin,按照DeviceAdmin的标准流程配置一个程序,回顾往期文章Android Device Administration 应用的能力。
将配置好的程序设置为DeviceOwner之前,不必刻意去激活DeviceAdmin,系统在设置DeviceOwner的过程中会自动先激活DeviceAdmin,这也是DeviceOwner拥有DeviceAdmin所有能力的原因。
第三方应用和系统应用都没有权限设置DeviceOwner,Android官方值提供两种设置DeviceOwner应用的方法:
- 通过终端adb shell
- 通过NFC
了解官方方法和自定义实现方案,请跳转至一键设置 DeviceAdmin/ProfileOwner/DeviceOwner 应用
系统成功设置DeviceOwner后会生成/data/system/device_owner_2.xml 文件,该文件记录了系统最高管理权限程序的基本信息:
// 获取设备管理服务
mDevicePolicyManager = (DevicePolicyManager) getSystemService(Context.DEVICE_POLICY_SERVICE);
// 需要激活的DeviceAdminReceiver组件
mComponentName = new ComponentName(this, DPMTestReceiver.class);
isDeviceOwnerApp = mDevicePolicyManager.isDeviceOwnerApp(mComponentName.getPackageName());
Log.d(TAG, "isDeviceOwnerApp: " + isDeviceOwnerApp);
private void setBackupServiceEnabled(ComponentName admin, boolean enabled) {
if (isDeviceOwnerApp) {
mDevicePolicyManager.setBackupServiceEnabled(admin, enabled);
}
}
private boolean isBackupServiceEnabled(ComponentName admin) {
boolean res = false;
if (isDeviceOwnerApp) {
res = mDevicePolicyManager.isBackupServiceEnabled(admin);
}
return res;
}
private void reboot(ComponentName admin) {
if (isDeviceOwnerApp) {
mDevicePolicyManager.reboot(admin);
}
}
private String getWifiMacAddress(ComponentName admin) {
String res = null;
if (isDeviceOwnerApp) {
res = mDevicePolicyManager.getWifiMacAddress(admin);
}
return res;
}
private boolean setStatusBarDisabled(ComponentName admin, boolean disabled) {
boolean res = false;
if (isDeviceOwnerApp) {
res = mDevicePolicyManager.setStatusBarDisabled(admin, disabled);
}
return res;
}
private boolean setKeyguardDisabled(ComponentName admin, boolean disabled) {
boolean res = false;
if (isDeviceOwnerApp) {
res = mDevicePolicyManager.setKeyguardDisabled(admin, disabled);
}
return res;
}
private void setSystemUpdatePolicy(ComponentName admin, SystemUpdatePolicy policy) {
if (isDeviceOwnerApp) {
mDevicePolicyManager.setSystemUpdatePolicy(admin, policy);
}
}
private SystemUpdatePolicy getSystemUpdatePolicy() {
SystemUpdatePolicy res = null;
if (isDeviceOwnerApp) {
res = mDevicePolicyManager.getSystemUpdatePolicy();
}
return res;
}
private void setGlobalSetting(ComponentName admin, String setting, String value) {
if (isDeviceOwnerApp) {
mDevicePolicyManager.setGlobalSetting(admin, setting, value);
}
}
private boolean switchUser(ComponentName admin, UserHandle userHandle) {
boolean res = false;
if (isDeviceOwnerApp) {
res = mDevicePolicyManager.switchUser(admin, userHandle);
}
return res;
}
private boolean removeUser(ComponentName admin, UserHandle userHandle) {
boolean res = false;
if (isDeviceOwnerApp) {
res = mDevicePolicyManager.removeUser(admin, userHandle);
}
return res;
}
private UserHandle createAndManageUser(ComponentName admin, String name, ComponentName profileOwner, PersistableBundle adminExtras,
int flags) {
UserHandle res = null;
if (isDeviceOwnerApp) {
res = mDevicePolicyManager.createAndManageUser(admin, name, profileOwner, adminExtras, flags);
}
return res;
}
private void setDeviceOwnerLockScreenInfo(ComponentName admin, CharSequence info) {
if (isDeviceOwnerApp) {
mDevicePolicyManager.setDeviceOwnerLockScreenInfo(admin, info);
}
}
private CharSequence getDeviceOwnerLockScreenInfo() {
CharSequence res = null;
if (isDeviceOwnerApp) {
res = mDevicePolicyManager.getDeviceOwnerLockScreenInfo();
}
return res;
}
private void setRecommendedGlobalProxy(ComponentName admin, ProxyInfo proxyInfo) {
if (isDeviceOwnerApp) {
mDevicePolicyManager.setRecommendedGlobalProxy(admin, proxyInfo);
}
}
private void setScreenCaptureDisabled(ComponentName admin, boolean disabled) {
if(isProfileOwnerApp) {
mDevicePolicyManager.setScreenCaptureDisabled(admin, disabled);
}
}
private boolean getScreenCaptureDisabled(ComponentName admin) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.getScreenCaptureDisabled(admin);
}
return res;
}
private void setOrganizationName(ComponentName admin, CharSequence title) {
if(isProfileOwnerApp) {
mDevicePolicyManager.setOrganizationName(admin, title);
}
}
private CharSequence getOrganizationName(ComponentName admin) {
CharSequence res = null;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.getOrganizationName(admin);
}
return res;
}
private boolean setPermissionGrantState(ComponentName admin, String packageName,
String permission, int grantState) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.setPermissionGrantState(admin, packageName, permission, grantState);
}
return res;
}
private int getPermissionGrantState(ComponentName admin, String packageName,
String permission) {
int res = 0;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.getPermissionGrantState(admin, packageName, permission);
}
return res;
}
private void setPermissionPolicy(ComponentName admin, int policy) {
if(isProfileOwnerApp) {
mDevicePolicyManager.setPermissionPolicy(admin, policy);
}
}
private int getPermissionPolicy(ComponentName admin) {
int res = 0;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.getPermissionPolicy(admin);
}
return res;
}
private void setUserIcon(ComponentName admin, Bitmap icon) {
if(isProfileOwnerApp) {
mDevicePolicyManager.setUserIcon(admin, icon);
}
}
private void setUninstallBlocked(ComponentName admin, String packageName,
boolean uninstallBlocked) {
if(isProfileOwnerApp) {
mDevicePolicyManager.setUninstallBlocked(admin, packageName, uninstallBlocked);
}
}
private boolean isUninstallBlocked(ComponentName admin, String packageName) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.isUninstallBlocked(admin, packageName);
}
return res;
}
private void setMasterVolumeMuted(ComponentName admin, boolean on) {
if(isProfileOwnerApp) {
mDevicePolicyManager.setMasterVolumeMuted(admin, on);
}
}
private boolean isMasterVolumeMuted(ComponentName admin) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.isMasterVolumeMuted(admin);
}
return res;
}
private void setRestrictionsProvider(ComponentName admin, ComponentName provider) {
if(isProfileOwnerApp) {
mDevicePolicyManager.setRestrictionsProvider(admin, provider);
}
}
private void setSecureSetting(ComponentName admin, String setting, String value) {
if(isProfileOwnerApp) {
mDevicePolicyManager.setSecureSetting(admin, setting, value);
}
}
private void setLockTaskPackages(ComponentName admin, String[] packages) {
if (packages == null) return;
if(isProfileOwnerApp) {
mDevicePolicyManager.setLockTaskPackages(admin, packages);
}
}
private String[] getLockTaskPackages(ComponentName admin) {
String[] res = null;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.getLockTaskPackages(admin);
}
return res;
}
private boolean isLockTaskPermitted(String packageName) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.isLockTaskPermitted(packageName);
}
return res;
}
private void setAccountManagementDisabled(ComponentName admin, String accountType,
boolean disabled) {
if(isProfileOwnerApp) {
mDevicePolicyManager.setAccountManagementDisabled(admin, accountType, disabled);
}
}
private String[] getAccountTypesWithManagementDisabled() {
String[] res = null;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.getAccountTypesWithManagementDisabled();
}
return res;
}
private void enableSystemApp(ComponentName admin, String packageName) {
if(isProfileOwnerApp) {
mDevicePolicyManager.enableSystemApp(admin, packageName);
}
}
private boolean setApplicationHidden(ComponentName admin, String packageName, boolean hidden) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.setApplicationHidden(admin, packageName, hidden);
}
return res;
}
private boolean isApplicationHidden(ComponentName admin, String packageName) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.isApplicationHidden(admin, packageName);
}
return res;
}
private void addUserRestriction(ComponentName admin, String key) {
if(isProfileOwnerApp) {
mDevicePolicyManager.addUserRestriction(admin, key);
}
}
private void clearUserRestriction(ComponentName admin, String key) {
if(isProfileOwnerApp) {
mDevicePolicyManager.clearUserRestriction(admin, key);
}
}
private Bundle getUserRestrictions(ComponentName admin) {
Bundle res = null;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.getUserRestrictions(admin);
}
return res;
}
private boolean setPermittedInputMethods(ComponentName admin, List packageNames) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.setPermittedInputMethods(admin, packageNames);
}
return res;
}
private List getPermittedInputMethods(ComponentName admin) {
List res = null;
if(isProfileOwnerApp) {
res = mDevicePolicyManager.getPermittedInputMethods(admin);
}
return res;
}
private boolean setPermittedAccessibilityServices(ComponentName admin, List packageNames) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.setPermittedAccessibilityServices(admin, packageNames);
}
return res;
}
private List getPermittedAccessibilityServices(ComponentName admin) {
List res = null;
if(isProfileOwnerApp) {
res = mDevicePolicyManager.getPermittedAccessibilityServices(admin);
}
return res;
}
private void setBluetoothContactSharingDisabled(ComponentName admin, boolean disabled) {
if(isProfileOwnerApp) {
mDevicePolicyManager.setBluetoothContactSharingDisabled(admin, disabled);
}
}
private boolean getBluetoothContactSharingDisabled(ComponentName admin) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.getBluetoothContactSharingDisabled(admin);
}
return res;
}
private void setCrossProfileContactsSearchDisabled(ComponentName admin, boolean disabled) {
if(isProfileOwnerApp) {
mDevicePolicyManager.setCrossProfileContactsSearchDisabled(admin, disabled);
}
}
private boolean getCrossProfileContactsSearchDisabled(ComponentName admin) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.getCrossProfileContactsSearchDisabled(admin);
}
return res;
}
private void setCrossProfileCallerIdDisabled(ComponentName admin, boolean disabled) {
if(isProfileOwnerApp) {
mDevicePolicyManager.setCrossProfileCallerIdDisabled(admin, disabled);
}
}
private boolean getCrossProfileCallerIdDisabled(ComponentName admin) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.getCrossProfileCallerIdDisabled(admin);
}
return res;
}
private void setApplicationRestrictions(ComponentName admin, String packageName,
Bundle settings) {
if(isProfileOwnerApp) {
mDevicePolicyManager.setApplicationRestrictions(admin, packageName, settings);
}
}
private Bundle getApplicationRestrictions(ComponentName admin, String packageName) {
Bundle res = null;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.getApplicationRestrictions(admin, packageName);
}
return res;
}
private String[] setPackagesSuspended(ComponentName admin, String[] packageNames, boolean suspended) {
String[] res = null;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.setPackagesSuspended(admin, packageNames, suspended);
}
return res;
}
private boolean isPackageSuspended(ComponentName admin, String packageName) {
boolean res = false;
if (isProfileOwnerApp) {
try {
res = mDevicePolicyManager.isPackageSuspended(admin, packageName);
} catch (NameNotFoundException e) {
Log.w(TAG, "Error getting appName for package: " + packageName, e);
}
}
return res;
}
private void setAlwaysOnVpnPackage(ComponentName admin, String Package,
boolean lockdownEnabled) {
if(isProfileOwnerApp) {
try {
mDevicePolicyManager.setAlwaysOnVpnPackage(admin, Package, lockdownEnabled);
} catch (NameNotFoundException | UnsupportedOperationException e) {
Log.w(TAG, "Error getting appName for package: " + Package, e);
}
}
}
private String getAlwaysOnVpnPackage(ComponentName admin) {
String res = null;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.getAlwaysOnVpnPackage(admin);
}
return res;
}
private void setDelegatedScopes(ComponentName admin, String delegatePackage,
List scopes) {
if(isProfileOwnerApp) {
mDevicePolicyManager.setDelegatedScopes(admin, delegatePackage, scopes);
}
}
private List getDelegatedScopes(ComponentName admin, String delegatedPackage) {
List res = null;
if(isProfileOwnerApp) {
res = mDevicePolicyManager.getDelegatedScopes(admin, delegatedPackage);
}
return res;
}
private boolean installKeyPair(ComponentName admin, PrivateKey privKey, Certificate cert, String alias) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.installKeyPair(admin, privKey, cert, alias);
}
return res;
}
private boolean removeKeyPair(ComponentName admin, String alias) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.removeKeyPair(admin, alias);
}
return res;
}
private boolean hasCaCertInstalled(ComponentName admin, byte[] certBuffer) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.hasCaCertInstalled(admin, certBuffer);
}
return res;
}
private void uninstallAllUserCaCerts(ComponentName admin) {
if(isProfileOwnerApp) {
mDevicePolicyManager.uninstallAllUserCaCerts(admin);
}
}
private List getInstalledCaCerts(ComponentName admin) {
List res = null;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.getInstalledCaCerts(admin);
}
return res;
}
private void uninstallCaCert(ComponentName admin, byte[] certBuffer) {
if(isProfileOwnerApp) {
mDevicePolicyManager.uninstallCaCert(admin, certBuffer);
}
}
private boolean installCaCert(ComponentName admin, byte[] certBuffer) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.installCaCert(admin, certBuffer);
}
return res;
}
private void setRequiredStrongAuthTimeout(ComponentName admin, long timeoutMs) {
if(isProfileOwnerApp) {
mDevicePolicyManager.setRequiredStrongAuthTimeout(admin, timeoutMs);
}
}
private long getRequiredStrongAuthTimeout(ComponentName admin) {
long res = 0;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.getRequiredStrongAuthTimeout(admin);
}
return res;
}
private boolean setResetPasswordToken(ComponentName admin, byte[] token) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.setResetPasswordToken(admin, token);
}
return res;
}
private boolean clearResetPasswordToken(ComponentName admin) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.clearResetPasswordToken(admin);
}
return res;
}
private boolean isResetPasswordTokenActive(ComponentName admin) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.isResetPasswordTokenActive(admin);
}
return res;
}
private boolean resetPasswordWithToken(ComponentName admin, String password,
byte[] token, int flags) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.resetPasswordWithToken(admin, password, token, flags);
}
return res;
}