Android DeviceOwner 应用的能力

Device Owner

概述

DeviceOwner 译为设备所有者,在Android5.0系统推出。DeviceOwner涵盖了DeviceAdmin用户的所有管理能力,也涵盖了ProfileOwner的所有管理能力,并且在这些基础上额外添加了一些管理权限,如重启设备、禁用状态栏等。Android提供的三种权限管理策略的能力大小依次为 DeviceAdmin < ProfileOwner < DeviceOwner

Android系统只能设置一个DeviceOwner程序,并且该程序在设置为DeviceOwner后不能取消,应用不能卸载,唯一可以取消的途径是恢复出厂设置。并且,DeviceOwner应用和ProfileOwner也会产生冲突,系统只能有一个DeviceOwner应用或者ProfileOwner应用。

DeviceOwner 的设置和能力

要使一个应用成为DeviceOwner,首先这个程序必须是一个DeviceAdmin,按照DeviceAdmin的标准流程配置一个程序,回顾往期文章Android Device Administration 应用的能力。
将配置好的程序设置为DeviceOwner之前,不必刻意去激活DeviceAdmin,系统在设置DeviceOwner的过程中会自动先激活DeviceAdmin,这也是DeviceOwner拥有DeviceAdmin所有能力的原因。
第三方应用和系统应用都没有权限设置DeviceOwner,Android官方值提供两种设置DeviceOwner应用的方法:

  • 通过终端adb shell
  • 通过NFC

了解官方方法和自定义实现方案,请跳转至一键设置 DeviceAdmin/ProfileOwner/DeviceOwner 应用

系统成功设置DeviceOwner后会生成/data/system/device_owner_2.xml 文件,该文件记录了系统最高管理权限程序的基本信息:






是否为DeviceOwner

// 获取设备管理服务
mDevicePolicyManager = (DevicePolicyManager) getSystemService(Context.DEVICE_POLICY_SERVICE);
// 需要激活的DeviceAdminReceiver组件
mComponentName = new ComponentName(this, DPMTestReceiver.class);

isDeviceOwnerApp = mDevicePolicyManager.isDeviceOwnerApp(mComponentName.getPackageName());
Log.d(TAG, "isDeviceOwnerApp: " + isDeviceOwnerApp);

启用或禁用备份服务

private void setBackupServiceEnabled(ComponentName admin, boolean enabled) {
	    if (isDeviceOwnerApp) {
	        mDevicePolicyManager.setBackupServiceEnabled(admin, enabled);
	    }
	}

备份服务是否开启

private boolean isBackupServiceEnabled(ComponentName admin) {
	    boolean res = false;
	    if (isDeviceOwnerApp) {
	        res = mDevicePolicyManager.isBackupServiceEnabled(admin);
	    }
	    return res;
	}

重启设备

private void reboot(ComponentName admin) {
	    if (isDeviceOwnerApp) {
	        mDevicePolicyManager.reboot(admin);
	    }
	}

获取wifi Mac地址

private String getWifiMacAddress(ComponentName admin) {
	    String res = null;
	    if (isDeviceOwnerApp) {
	        res = mDevicePolicyManager.getWifiMacAddress(admin);
	    }
	    return res;
	}

设置状态栏的禁用或启用

private boolean setStatusBarDisabled(ComponentName admin, boolean disabled) {
	    boolean res = false;
	    if (isDeviceOwnerApp) {
	        res = mDevicePolicyManager.setStatusBarDisabled(admin, disabled);
	    }
	    return res;
	}

将锁屏模式设置为None,当用户设置了密码时无效

private boolean setKeyguardDisabled(ComponentName admin, boolean disabled) {
	    boolean res = false;
	    if (isDeviceOwnerApp) {
	        res = mDevicePolicyManager.setKeyguardDisabled(admin, disabled);
	    }
	    return res;
	}

设置系统更新策略

private void setSystemUpdatePolicy(ComponentName admin, SystemUpdatePolicy policy) {
	    if (isDeviceOwnerApp) {
	        mDevicePolicyManager.setSystemUpdatePolicy(admin, policy);
	    }
	}

获取系统更新策略

private SystemUpdatePolicy getSystemUpdatePolicy() {
	    SystemUpdatePolicy res = null;
	    if (isDeviceOwnerApp) {
	        res = mDevicePolicyManager.getSystemUpdatePolicy();
	    }
	    return res;
	}

设置系统设置中Global相关的属性

private void setGlobalSetting(ComponentName admin, String setting, String value) {
	    if (isDeviceOwnerApp) {
	        mDevicePolicyManager.setGlobalSetting(admin, setting, value);
	    }
	}

切换用户

private boolean switchUser(ComponentName admin, UserHandle userHandle) {
	    boolean res = false;
	    if (isDeviceOwnerApp) {
	        res = mDevicePolicyManager.switchUser(admin, userHandle);
	    }
	    return res;
	}

删除用户

private boolean removeUser(ComponentName admin, UserHandle userHandle) {
	    boolean res = false;
	    if (isDeviceOwnerApp) {
	        res = mDevicePolicyManager.removeUser(admin, userHandle);
	    }
	    return res;
	}

创建一个用户

private UserHandle createAndManageUser(ComponentName admin, String name, ComponentName profileOwner, PersistableBundle adminExtras,
            int flags) {
	    UserHandle res = null;
	    if (isDeviceOwnerApp) {
	        res = mDevicePolicyManager.createAndManageUser(admin, name, profileOwner, adminExtras, flags);
	    }
	    return res;
	}

设置锁屏界面显示的提示消息–如“小明的Device Owner设备”

private void setDeviceOwnerLockScreenInfo(ComponentName admin, CharSequence info) {
	    if (isDeviceOwnerApp) {
	        mDevicePolicyManager.setDeviceOwnerLockScreenInfo(admin, info);
	    }
	}

获取锁屏界面显示消息

private CharSequence getDeviceOwnerLockScreenInfo() {
	    CharSequence res = null;

	    if (isDeviceOwnerApp) {
	        res = mDevicePolicyManager.getDeviceOwnerLockScreenInfo();
	    }
	    return res;
	}

设置一个独立于网络的全局HTTP代理

private void setRecommendedGlobalProxy(ComponentName admin, ProxyInfo proxyInfo) {
	    if (isDeviceOwnerApp) {
	        mDevicePolicyManager.setRecommendedGlobalProxy(admin, proxyInfo);
	    }
	}

禁止/允许截屏

private void setScreenCaptureDisabled(ComponentName admin, boolean disabled) {
        if(isProfileOwnerApp) {
	        mDevicePolicyManager.setScreenCaptureDisabled(admin, disabled);
	    }
    }

是否禁止截图

private boolean getScreenCaptureDisabled(ComponentName admin) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.getScreenCaptureDisabled(admin);
	    }
	    return res;
	}

设置组织名

private void setOrganizationName(ComponentName admin, CharSequence title) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.setOrganizationName(admin, title);
	    }
	}

获取组织名

private CharSequence getOrganizationName(ComponentName admin) {
	    CharSequence res = null;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.getOrganizationName(admin);
	    }
	    return res;
	}

通过包名设置应用程序的运行时权限状态

private boolean setPermissionGrantState(ComponentName admin, String packageName,
            String permission, int grantState) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.setPermissionGrantState(admin, packageName, permission, grantState);
	    }
	    return res;
	}

通过包名获取应用程序的运行时权限状态

private int getPermissionGrantState(ComponentName admin, String packageName,
            String permission) {
	    int res = 0;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.getPermissionGrantState(admin, packageName, permission);
	    }
	    return res;
	}

允许应用程序自动授予或拒绝运行时权限请求

private void setPermissionPolicy(ComponentName admin, int policy) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.setPermissionPolicy(admin, policy);
	    }
	}

返回设备或配置文件所有者设置的当前运行时权限策略

private int getPermissionPolicy(ComponentName admin) {
	    int res = 0;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.getPermissionPolicy(admin);
	    }
	    return res;
	}

设置用户图片

private void setUserIcon(ComponentName admin, Bitmap icon) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.setUserIcon(admin, icon);
	    }
	}

设置应用程序不可卸载或者可以卸载

private void setUninstallBlocked(ComponentName admin, String packageName,
            boolean uninstallBlocked) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.setUninstallBlocked(admin, packageName, uninstallBlocked);
	    }
	}

返回应用程序是否可卸载

private boolean isUninstallBlocked(ComponentName admin, String packageName) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.isUninstallBlocked(admin, packageName);
	    }
	    return res;
	}

设置静音

private void setMasterVolumeMuted(ComponentName admin, boolean on) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.setMasterVolumeMuted(admin, on);
	    }
	}

是否静音

private boolean isMasterVolumeMuted(ComponentName admin) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.isMasterVolumeMuted(admin);
	    }
	    return res;
	}

指定特定的服务组件作为内容提供者,用于向用户的本地或远程管理员发出权限请求

private void setRestrictionsProvider(ComponentName admin, ComponentName provider) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.setRestrictionsProvider(admin, provider);
	    }
	}

设置系统设置中安全相关的属性

private void setSecureSetting(ComponentName admin, String setting, String value) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.setSecureSetting(admin, setting, value);
	    }
	}

设置哪些应用程序能够在锁定界面显示

private void setLockTaskPackages(ComponentName admin, String[] packages) {
	    if (packages == null) return;

	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.setLockTaskPackages(admin, packages);
	    }
	}

返回允许在锁定界面显示的包列表

private String[] getLockTaskPackages(ComponentName admin) {
	    String[] res = null;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.getLockTaskPackages(admin);
	    }
	    return res;
	}

查询一个应用是否能够在锁定界面显示

private boolean isLockTaskPermitted(String packageName) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.isLockTaskPermitted(packageName);
	    }
	    return res;
	}

禁用特定类型的帐户

private void setAccountManagementDisabled(ComponentName admin, String accountType,
            boolean disabled) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.setAccountManagementDisabled(admin, accountType, disabled);
	    }
	}

获取禁用的账户列表

private String[] getAccountTypesWithManagementDisabled() {
	    String[] res = null;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.getAccountTypesWithManagementDisabled();
	    }
	    return res;
	}

重新启用用户初始化时默认禁用的系统应用程序

private void enableSystemApp(ComponentName admin, String packageName) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.enableSystemApp(admin, packageName);
	    }
	}

隐藏或者启用应用

private boolean setApplicationHidden(ComponentName admin, String packageName, boolean hidden) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.setApplicationHidden(admin, packageName, hidden);
	    }
	    return res;
	}

查询一个应用是否被隐藏

private boolean isApplicationHidden(ComponentName admin, String packageName) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.isApplicationHidden(admin, packageName);
	    }
	    return res;
	}

添加用户限制

private void addUserRestriction(ComponentName admin, String key) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.addUserRestriction(admin, key);
	    }
	}

清除用户限制

private void clearUserRestriction(ComponentName admin, String key) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.clearUserRestriction(admin, key);
	    }
	}

获取用户限制

private Bundle getUserRestrictions(ComponentName admin) {
	    Bundle res = null;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.getUserRestrictions(admin);
	    }
	    return res;
	}

默认情况下,用户可以使用任何输入法。当添加了零个或多个包时,用户无法启用不在列表中的输入法

private boolean setPermittedInputMethods(ComponentName admin, List packageNames) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.setPermittedInputMethods(admin, packageNames);
	    }
	    return res;
	}

获取受信任的输入法包列表

private List getPermittedInputMethods(ComponentName admin) {
	    List res = null;
	    if(isProfileOwnerApp) {
	        res = mDevicePolicyManager.getPermittedInputMethods(admin);
	    }
	    return res;
	}

设置允许的可访问性服务。默认情况下,用户可以使用任何可访问性服务。当添加了零个或多个包时,用户无法启用列表中非系统部分的可访问性服务

private boolean setPermittedAccessibilityServices(ComponentName admin, List packageNames) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.setPermittedAccessibilityServices(admin, packageNames);
	    }
	    return res;
	}

获取所有不受信任的服务列表

private List getPermittedAccessibilityServices(ComponentName admin) {
	    List res = null;
	    if(isProfileOwnerApp) {
	        res = mDevicePolicyManager.getPermittedAccessibilityServices(admin);
	    }
	    return res;
	}

设置蓝牙是否可以访问联系人

private void setBluetoothContactSharingDisabled(ComponentName admin, boolean disabled) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.setBluetoothContactSharingDisabled(admin, disabled);
	    }
	}

获取蓝牙访问联系人状态

private boolean getBluetoothContactSharingDisabled(ComponentName admin) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.getBluetoothContactSharingDisabled(admin);
	    }
	    return res;
	}

禁止或者开启搜索联系人功能

private void setCrossProfileContactsSearchDisabled(ComponentName admin, boolean disabled) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.setCrossProfileContactsSearchDisabled(admin, disabled);
	    }
	}

获取搜索联系人状态

private boolean getCrossProfileContactsSearchDisabled(ComponentName admin) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.getCrossProfileContactsSearchDisabled(admin);
	    }
	    return res;
	}

禁止或者开启来电显示功能

private void setCrossProfileCallerIdDisabled(ComponentName admin, boolean disabled) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.setCrossProfileCallerIdDisabled(admin, disabled);
	    }
	}

获取禁止来电显示状态

private boolean getCrossProfileCallerIdDisabled(ComponentName admin) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.getCrossProfileCallerIdDisabled(admin);
	    }
	    return res;
	}

设置应用限制

private void setApplicationRestrictions(ComponentName admin, String packageName,
            Bundle settings) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.setApplicationRestrictions(admin, packageName, settings);
	    }
	}

获取应用程序受限信息

private Bundle getApplicationRestrictions(ComponentName admin, String packageName) {
	    Bundle res = null;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.getApplicationRestrictions(admin, packageName);
	    }
	    return res;
	}

设置应用程序挂起,挂起的程序将无法启动任何活动

private String[] setPackagesSuspended(ComponentName admin, String[] packageNames, boolean suspended) {
	    String[] res = null;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.setPackagesSuspended(admin, packageNames, suspended);
	    }
	    return res;
	}

是否为挂起应用

private boolean isPackageSuspended(ComponentName admin, String packageName) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        try {
	        	res = mDevicePolicyManager.isPackageSuspended(admin, packageName);
	        } catch (NameNotFoundException e) {
            	Log.w(TAG, "Error getting appName for package: " + packageName, e);
        	}
	    }
	    return res;
	}

指定特定应用程序始终打开的VPN连接。此连接在重新启动后自动授予并持久化

private void setAlwaysOnVpnPackage(ComponentName admin, String Package,
            boolean lockdownEnabled) {
	    if(isProfileOwnerApp) {
	        try {
	        	mDevicePolicyManager.setAlwaysOnVpnPackage(admin, Package, lockdownEnabled);
	        } catch (NameNotFoundException | UnsupportedOperationException e) {
            	Log.w(TAG, "Error getting appName for package: " + Package, e);
        	}
	    }
	}

获取打开VPN连接的应用

private String getAlwaysOnVpnPackage(ComponentName admin) {
	    String res = null;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.getAlwaysOnVpnPackage(admin);
	    }
	    return res;
	}

授予对另一个应用程序的特权API的访问权

private void setDelegatedScopes(ComponentName admin, String delegatePackage,
            List scopes) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.setDelegatedScopes(admin, delegatePackage, scopes);
	    }
	}

获取特权应用的所有权限

private List getDelegatedScopes(ComponentName admin, String delegatedPackage) {
	    List res = null;
	    if(isProfileOwnerApp) {
	        res = mDevicePolicyManager.getDelegatedScopes(admin, delegatedPackage);
	    }
	    return res;
	}

安装证书和相应的私钥

private boolean installKeyPair(ComponentName admin, PrivateKey privKey, Certificate cert, String alias) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.installKeyPair(admin, privKey, cert, alias);
	    }
	    return res;
	}

删除密匙

private boolean removeKeyPair(ComponentName admin, String alias) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.removeKeyPair(admin, alias);
	    }
	    return res;
	}

此证书是否安装为可信CA

private boolean hasCaCertInstalled(ComponentName admin, byte[] certBuffer) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.hasCaCertInstalled(admin, certBuffer);
	    }
	    return res;
	}

卸载所有自定义的可信CA证书。除系统CA证书外,通过设备策略以外的方式安装的证书也将被删除

private void uninstallAllUserCaCerts(ComponentName admin) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.uninstallAllUserCaCerts(admin);
	    }
	}

返回当前受信任的所有CA证书,不包括系统CA证书。如果用户通过除设备策略之外的其他方式安装了任何证书,这些证书也将包括在内。

private List getInstalledCaCerts(ComponentName admin) {
	    List res = null;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.getInstalledCaCerts(admin);
	    }
	    return res;
	}

从可信用户CAs卸载给定的证书

private void uninstallCaCert(ComponentName admin, byte[] certBuffer) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.uninstallCaCert(admin, certBuffer);
	    }
	}

将给定证书安装为用户可信CA

private boolean installCaCert(ComponentName admin, byte[] certBuffer) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.installCaCert(admin, certBuffer);
	    }
	    return res;
	}

设置超时时间,超时后用户必须使用身份验证才能进入系统,比如指纹、密码等

private void setRequiredStrongAuthTimeout(ComponentName admin, long timeoutMs) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.setRequiredStrongAuthTimeout(admin, timeoutMs);
	    }
	}

获取超时时间

private long getRequiredStrongAuthTimeout(ComponentName admin) {
	    long res = 0;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.getRequiredStrongAuthTimeout(admin);
	    }
	    return res;
	}

重置设备锁屏密码

private boolean setResetPasswordToken(ComponentName admin, byte[] token) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.setResetPasswordToken(admin, token);
	    }
	    return res;
	}

清除重置设备密码Token

private boolean clearResetPasswordToken(ComponentName admin) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.clearResetPasswordToken(admin);
	    }
	    return res;
	}

重置设备密码Token激活状态

private boolean isResetPasswordTokenActive(ComponentName admin) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.isResetPasswordTokenActive(admin);
	    }
	    return res;
	}

重置设备锁屏密码,在Token激活的状态下有效

private boolean resetPasswordWithToken(ComponentName admin, String password,
            byte[] token, int flags) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.resetPasswordWithToken(admin, password, token, flags);
	    }
	    return res;
	}

上一篇 Android ProfileOwner 应用的能力
下一篇 一键设置 DeviceAdmin/ProfileOwner/DeviceOwner 应用

你可能感兴趣的:(android系统开发,Android,DPM,Android系统开发,DPM,Android,Device,Owner)