Profile Owner
概述
ProfileOwner 译为配置文件所有者,在Android5.0系统推出。ProfileOwner涵盖了所有DeviceAdmin用户的管理能力,并且额外添加了很多管理权限。Android系统只能设置一个Profile Owner程序,并且该程序在设置为ProfileOwner后不能取消,应用不能卸载,唯一可以取消的途径是恢复出厂设置。
ProfileOwner 的设置和能力
要使一个应用成为ProfileOwner,首先这个程序必须是一个DeviceAdmin,按照DeviceAdmin的标准流程配置一个程序,回顾往期文章Android Device Administration 应用的能力。
将配置好的程序设置为ProfileOwner之前,不必刻意去激活DeviceAdmin,系统在设置ProfileOwner的过程中会自动先激活DeviceAdmin,这也是ProfileOwner拥有DeviceAdmin所有能力的原因。
第三方应用没有权限设置ProfileOwner应用,属于system进程的应用可以设置。
是否为ProfileOwner
// 获取设备管理服务
mDevicePolicyManager = (DevicePolicyManager) getSystemService(Context.DEVICE_POLICY_SERVICE);
// 需要激活的DeviceAdminReceiver组件
mComponentName = new ComponentName(this, DPMTestReceiver.class);
isProfileOwnerApp = mDevicePolicyManager.isProfileOwnerApp(mComponentName.getPackageName());
Log.d(TAG, "isProfileOwnerApp: " + isProfileOwnerApp);
通过包名添加应用程序小部件
private boolean addCrossProfileWidgetProvider(ComponentName admin, String packageName) {
boolean res = false;
if(isProfileOwnerApp) {
res = mDevicePolicyManager.addCrossProfileWidgetProvider(admin, packageName);
}
return res;
}
删除指定应用程序的小部件
private boolean removeCrossProfileWidgetProvider(ComponentName admin, String packageName) {
boolean res = false;
if(isProfileOwnerApp) {
res = mDevicePolicyManager.removeCrossProfileWidgetProvider(admin, packageName);
}
return res;
}
获取所有可用小部件程序的集合
private List<String> getCrossProfileWidgetProviders(ComponentName admin) {
List<String> res = null;
if(isProfileOwnerApp) {
res = mDevicePolicyManager.getCrossProfileWidgetProviders(admin);
}
return res;
}
管理应用程序消息通知,默认允许所有应用的通知消息,当添加了零个或多个包时,不在列表中且不是当前用户上的应用通知将不接收
private boolean setPermittedCrossProfileNotificationListeners(ComponentName admin, List<String> packageList) {
boolean res = false;
if (null == packageList) return res;
if(isProfileOwnerApp) {
res = mDevicePolicyManager.setPermittedCrossProfileNotificationListeners(admin, packageList);
}
Log.d(TAG, "ProfileOwner setPermittedCrossProfileNotificationListeners result: " + res);
return res;
}
获取可显示消息通知的包列表
private List<String> getPermittedCrossProfileNotificationListeners(ComponentName admin) {
List<String> res = null;
if(isProfileOwnerApp) {
res = mDevicePolicyManager.getPermittedCrossProfileNotificationListeners(admin);
}
return res;
}
禁止/允许截屏
private void setScreenCaptureDisabled(ComponentName admin, boolean disabled) {
if(isProfileOwnerApp) {
mDevicePolicyManager.setScreenCaptureDisabled(admin, disabled);
}
}
是否禁止截图
private boolean getScreenCaptureDisabled(ComponentName admin) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.getScreenCaptureDisabled(admin);
}
return res;
}
设置组织名
private void setOrganizationName(ComponentName admin, CharSequence title) {
if(isProfileOwnerApp) {
mDevicePolicyManager.setOrganizationName(admin, title);
}
}
获取组织名
private CharSequence getOrganizationName(ComponentName admin) {
CharSequence res = null;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.getOrganizationName(admin);
}
return res;
}
通过包名设置应用程序的运行时权限状态
private boolean setPermissionGrantState(ComponentName admin, String packageName,
String permission, int grantState) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.setPermissionGrantState(admin, packageName, permission, grantState);
}
return res;
}
通过包名获取应用程序的运行时权限状态
private int getPermissionGrantState(ComponentName admin, String packageName,
String permission) {
int res = 0;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.getPermissionGrantState(admin, packageName, permission);
}
return res;
}
允许应用程序自动授予或拒绝运行时权限请求
private void setPermissionPolicy(ComponentName admin, int policy) {
if(isProfileOwnerApp) {
mDevicePolicyManager.setPermissionPolicy(admin, policy);
}
}
返回设备或配置文件所有者设置的当前运行时权限策略
private int getPermissionPolicy(ComponentName admin) {
int res = 0;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.getPermissionPolicy(admin);
}
return res;
}
设置用户图片
private void setUserIcon(ComponentName admin, Bitmap icon) {
if(isProfileOwnerApp) {
mDevicePolicyManager.setUserIcon(admin, icon);
}
}
设置应用程序不可卸载或者可以卸载
private void setUninstallBlocked(ComponentName admin, String packageName,
boolean uninstallBlocked) {
if(isProfileOwnerApp) {
mDevicePolicyManager.setUninstallBlocked(admin, packageName, uninstallBlocked);
}
}
返回应用程序是否可卸载
private boolean isUninstallBlocked(ComponentName admin, String packageName) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.isUninstallBlocked(admin, packageName);
}
return res;
}
设置静音
private void setMasterVolumeMuted(ComponentName admin, boolean on) {
if(isProfileOwnerApp) {
mDevicePolicyManager.setMasterVolumeMuted(admin, on);
}
}
是否静音
private boolean isMasterVolumeMuted(ComponentName admin) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.isMasterVolumeMuted(admin);
}
return res;
}
指定特定的服务组件作为内容提供者,用于向用户的本地或远程管理员发出权限请求
private void setRestrictionsProvider(ComponentName admin, ComponentName provider) {
if(isProfileOwnerApp) {
mDevicePolicyManager.setRestrictionsProvider(admin, provider);
}
}
设置系统设置中安全相关的属性
private void setSecureSetting(ComponentName admin, String setting, String value) {
if(isProfileOwnerApp) {
mDevicePolicyManager.setSecureSetting(admin, setting, value);
}
}
设置哪些应用程序能够在锁定界面显示
private void setLockTaskPackages(ComponentName admin, String[] packages) {
if (packages == null) return;
if(isProfileOwnerApp) {
mDevicePolicyManager.setLockTaskPackages(admin, packages);
}
}
返回允许在锁定界面显示的包列表
private String[] getLockTaskPackages(ComponentName admin) {
String[] res = null;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.getLockTaskPackages(admin);
}
return res;
}
查询一个应用是否能够在锁定界面显示
private boolean isLockTaskPermitted(String packageName) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.isLockTaskPermitted(packageName);
}
return res;
}
禁用特定类型的帐户
private void setAccountManagementDisabled(ComponentName admin, String accountType,
boolean disabled) {
if(isProfileOwnerApp) {
mDevicePolicyManager.setAccountManagementDisabled(admin, accountType, disabled);
}
}
获取禁用的账户列表
private String[] getAccountTypesWithManagementDisabled() {
String[] res = null;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.getAccountTypesWithManagementDisabled();
}
return res;
}
重新启用用户初始化时默认禁用的系统应用程序
private void enableSystemApp(ComponentName admin, String packageName) {
if(isProfileOwnerApp) {
mDevicePolicyManager.enableSystemApp(admin, packageName);
}
}
隐藏或者启用应用
private boolean setApplicationHidden(ComponentName admin, String packageName, boolean hidden) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.setApplicationHidden(admin, packageName, hidden);
}
return res;
}
查询一个应用是否被隐藏
private boolean isApplicationHidden(ComponentName admin, String packageName) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.isApplicationHidden(admin, packageName);
}
return res;
}
添加用户限制
private void addUserRestriction(ComponentName admin, String key) {
if(isProfileOwnerApp) {
mDevicePolicyManager.addUserRestriction(admin, key);
}
}
清除用户限制
private void clearUserRestriction(ComponentName admin, String key) {
if(isProfileOwnerApp) {
mDevicePolicyManager.clearUserRestriction(admin, key);
}
}
获取用户限制
private Bundle getUserRestrictions(ComponentName admin) {
Bundle res = null;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.getUserRestrictions(admin);
}
return res;
}
默认情况下,用户可以使用任何输入法。当添加了零个或多个包时,用户无法启用不在列表中的输入法
private boolean setPermittedInputMethods(ComponentName admin, List<String> packageNames) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.setPermittedInputMethods(admin, packageNames);
}
return res;
}
获取受信任的输入法包列表
private List<String> getPermittedInputMethods(ComponentName admin) {
List<String> res = null;
if(isProfileOwnerApp) {
res = mDevicePolicyManager.getPermittedInputMethods(admin);
}
return res;
}
设置允许的可访问性服务。默认情况下,用户可以使用任何可访问性服务。当添加了零个或多个包时,用户无法启用列表中非系统部分的可访问性服务
private boolean setPermittedAccessibilityServices(ComponentName admin, List<String> packageNames) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.setPermittedAccessibilityServices(admin, packageNames);
}
return res;
}
获取所有不受信任的服务列表
private List<String> getPermittedAccessibilityServices(ComponentName admin) {
List<String> res = null;
if(isProfileOwnerApp) {
res = mDevicePolicyManager.getPermittedAccessibilityServices(admin);
}
return res;
}
设置蓝牙是否可以访问联系人
private void setBluetoothContactSharingDisabled(ComponentName admin, boolean disabled) {
if(isProfileOwnerApp) {
mDevicePolicyManager.setBluetoothContactSharingDisabled(admin, disabled);
}
}
获取蓝牙访问联系人状态
private boolean getBluetoothContactSharingDisabled(ComponentName admin) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.getBluetoothContactSharingDisabled(admin);
}
return res;
}
禁止或者开启搜索联系人功能
private void setCrossProfileContactsSearchDisabled(ComponentName admin, boolean disabled) {
if(isProfileOwnerApp) {
mDevicePolicyManager.setCrossProfileContactsSearchDisabled(admin, disabled);
}
}
获取搜索联系人状态
private boolean getCrossProfileContactsSearchDisabled(ComponentName admin) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.getCrossProfileContactsSearchDisabled(admin);
}
return res;
}
禁止或者开启来电显示功能
private void setCrossProfileCallerIdDisabled(ComponentName admin, boolean disabled) {
if(isProfileOwnerApp) {
mDevicePolicyManager.setCrossProfileCallerIdDisabled(admin, disabled);
}
}
获取禁止来电显示状态
private boolean getCrossProfileCallerIdDisabled(ComponentName admin) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.getCrossProfileCallerIdDisabled(admin);
}
return res;
}
设置应用限制
private void setApplicationRestrictions(ComponentName admin, String packageName,
Bundle settings) {
if(isProfileOwnerApp) {
mDevicePolicyManager.setApplicationRestrictions(admin, packageName, settings);
}
}
获取应用程序受限信息
private Bundle getApplicationRestrictions(ComponentName admin, String packageName) {
Bundle res = null;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.getApplicationRestrictions(admin, packageName);
}
return res;
}
设置应用程序挂起,挂起的程序将无法启动任何活动
private String[] setPackagesSuspended(ComponentName admin, String[] packageNames, boolean suspended) {
String[] res = null;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.setPackagesSuspended(admin, packageNames, suspended);
}
return res;
}
是否为挂起应用
private boolean isPackageSuspended(ComponentName admin, String packageName) {
boolean res = false;
if (isProfileOwnerApp) {
try {
res = mDevicePolicyManager.isPackageSuspended(admin, packageName);
} catch (NameNotFoundException e) {
Log.w(TAG, "Error getting appName for package: " + packageName, e);
}
}
return res;
}
指定特定应用程序始终打开的VPN连接。此连接在重新启动后自动授予并持久化
private void setAlwaysOnVpnPackage(ComponentName admin, String vpnPackage,
boolean lockdownEnabled) {
if(isProfileOwnerApp) {
try {
mDevicePolicyManager.setAlwaysOnVpnPackage(admin, vpnPackage, lockdownEnabled);
} catch (NameNotFoundException | UnsupportedOperationException e) {
Log.w(TAG, "Error getting appName for package: " + vpnPackage, e);
}
}
}
获取打开VPN连接的应用
private String getAlwaysOnVpnPackage(ComponentName admin) {
String res = null;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.getAlwaysOnVpnPackage(admin);
}
return res;
}
授予对另一个应用程序的特权API的访问权
private void setDelegatedScopes(ComponentName admin, String delegatePackage,
List<String> scopes) {
if(isProfileOwnerApp) {
mDevicePolicyManager.setDelegatedScopes(admin, delegatePackage, scopes);
}
}
获取特权应用的所有权限
private List<String> getDelegatedScopes(ComponentName admin, String delegatedPackage) {
List<String> res = null;
if(isProfileOwnerApp) {
res = mDevicePolicyManager.getDelegatedScopes(admin, delegatedPackage);
}
return res;
}
安装证书和相应的私钥
private boolean installKeyPair(ComponentName admin, PrivateKey privKey, Certificate cert, String alias) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.installKeyPair(admin, privKey, cert, alias);
}
return res;
}
删除密匙
private boolean removeKeyPair(ComponentName admin, String alias) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.removeKeyPair(admin, alias);
}
return res;
}
此证书是否安装为可信CA
private boolean hasCaCertInstalled(ComponentName admin, byte[] certBuffer) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.hasCaCertInstalled(admin, certBuffer);
}
return res;
}
卸载所有自定义的可信CA证书。除系统CA证书外,通过设备策略以外的方式安装的证书也将被删除
private void uninstallAllUserCaCerts(ComponentName admin) {
if(isProfileOwnerApp) {
mDevicePolicyManager.uninstallAllUserCaCerts(admin);
}
}
返回当前受信任的所有CA证书,不包括系统CA证书。如果用户通过除设备策略之外的其他方式安装了任何证书,这些证书也将包括在内。
private List<byte[]> getInstalledCaCerts(ComponentName admin) {
List<byte[]> res = null;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.getInstalledCaCerts(admin);
}
return res;
}
从可信用户CAs卸载给定的证书
private void uninstallCaCert(ComponentName admin, byte[] certBuffer) {
if(isProfileOwnerApp) {
mDevicePolicyManager.uninstallCaCert(admin, certBuffer);
}
}
将给定证书安装为用户可信CA
private boolean installCaCert(ComponentName admin, byte[] certBuffer) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.installCaCert(admin, certBuffer);
}
return res;
}
设置超时时间,超时后用户必须使用身份验证才能进入系统,比如指纹、密码等
private void setRequiredStrongAuthTimeout(ComponentName admin, long timeoutMs) {
if(isProfileOwnerApp) {
mDevicePolicyManager.setRequiredStrongAuthTimeout(admin, timeoutMs);
}
}
获取超时时间
private long getRequiredStrongAuthTimeout(ComponentName admin) {
long res = 0;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.getRequiredStrongAuthTimeout(admin);
}
return res;
}
重置设备锁屏密码
private boolean setResetPasswordToken(ComponentName admin, byte[] token) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.setResetPasswordToken(admin, token);
}
return res;
}
清除重置设备密码Token
private boolean clearResetPasswordToken(ComponentName admin) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.clearResetPasswordToken(admin);
}
return res;
}
重置设备密码Token激活状态
private boolean isResetPasswordTokenActive(ComponentName admin) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.isResetPasswordTokenActive(admin);
}
return res;
}
重置设备锁屏密码,在Token激活的状态下有效
private boolean resetPasswordWithToken(ComponentName admin, String password,
byte[] token, int flags) {
boolean res = false;
if (isProfileOwnerApp) {
res = mDevicePolicyManager.resetPasswordWithToken(admin, password, token, flags);
}
return res;
}