admin管理员组文章数量:1652411
If you are an enterprise administrator, you can take advantage of APIs and system capabilities to manage Android devices and control access.
Android 2.2 introduces support for enterprise applications by offering the Android Device Administration API. The Device Administration API provides device administration features at the system level. These APIs allow you to create security-aware applications that are useful in enterprise settings, in which IT professionals require rich control over employee devices.
> This document is intended for developers who want to develop enterprise solutions for Android-powered devices. It discusses the various features provided by the Device Administration API to provide stronger security for employee devices that are powered by Android.
Note For information on building a Work Policy Controller for Android for Work deployments, see Building a Work Policy Controller.
To use the Device Administration API, the application's manifest must include the following:
- A subclass of
DeviceAdminReceiver
that includes the following:- The
BIND_DEVICE_ADMIN
permission. - The ability to respond to the
ACTION_DEVICE_ADMIN_ENABLED
intent, expressed in the manifest as an intent filter.
- The
- A declaration of security policies used in metadata.
Here is an excerpt from the Device Administration sample manifest:
<activity android:name=".app.DeviceAdminSample" android:label="@string/activity_sample_device_admin"> <intent-filter> <action android:name="android.intent.action.MAIN" /> <category android:name="android.intent.category.SAMPLE_CODE" /> </intent-filter> </activity> <receiver android:name=".app.DeviceAdminSample$DeviceAdminSampleReceiver" android:label="@string/sample_device_admin" android:description="@string/sample_device_admin_description" android:permission="android.permission.BIND_DEVICE_ADMIN"> <meta-data android:name="android.app.device_admin" android:resource="@xml/device_admin_sample" /> <intent-filter> <action android:name="android.app.action.DEVICE_ADMIN_ENABLED" /> </intent-filter> </receiver>>
android:permission="android.permission.BIND_DEVICE_ADMIN"
is a permission that a
DeviceAdminReceiver
subclass must have, to ensure that only the system can interact with the receiver (no application can be granted this permission). This prevents other applications from abusing your device admin app.
<device-admin xmlns:android="http://schemas.android/apk/res/android"> <uses-policies> <limit-password /> <watch-login /> <reset-password /> <force-lock /> <wipe-data /> <expire-password /> <encrypted-storage /> <disable-camera /> </uses-policies> </device-admin>The Device Administration API includes the following classes: DeviceAdminReceiver, DevicePolicyManager, DeviceAdminInfo
public class DeviceAdminSample extends DeviceAdminReceiver { void showToast(Context context, String msg) { String status = context.getString(R.string.admin_receiver_status, msg); Toast.makeText(context, status, Toast.LENGTH_SHORT).show(); } @Override public void onEnabled(Context context, Intent intent) { showToast(context, context.getString(R.string.admin_receiver_status_enabled)); } @Override public CharSequence onDisableRequested(Context context, Intent intent) { return context.getString(R.string.admin_receiver_status_disable_warning); } @Override public void onDisabled(Context context, Intent intent) { showToast(context, context.getString(R.string.admin_receiver_status_disabled)); } @Override public void onPasswordChanged(Context context, Intent intent) { showToast(context, context.getString(R.string.admin_receiver_status_pw_changed)); } ... }
Otherwise, the device admin application is disabled.
@Override public boolean onPreferenceChange(Preference preference, Object newValue) { if (super.onPreferenceChange(preference, newValue)) { return true; } boolean value = (Boolean) newValue; if (preference == mEnableCheckbox) { if (value != mAdminActive) { if (value) { // Launch the activity to have the user enable our admin. Intent intent = new Intent(DevicePolicyManager.ACTION_ADD_DEVICE_ADMIN); intent.putExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN, mDeviceAdminSample); intent.putExtra(DevicePolicyManager.EXTRA_ADD_EXPLANATION, mActivity.getString(R.string.add_admin_extra_app_text)); startActivityForResult(intent, REQUEST_CODE_ENABLE_ADMIN); // return false - don't update checkbox until we're really active return false; } else { mDPM.removeActiveAdmin(mDeviceAdminSample); enableDeviceCapabilitiesArea(false); mAdminActive = false; } } } else if (preference == mDisableCameraCheckbox) { mDPM.setCameraDisabled(mDeviceAdminSample, value); ... } return true; }>
DeviceAdminReceiver
component
To do this it uses the DevicePolicyManager
methodisAdminActive()
. Notice that the DevicePolicyManager
method isAdminActive()
takes aDeviceAdminReceiver
component as its argument:
DevicePolicyManager mDPM; ... private boolean isActiveAdmin() { return mDPM.isAdminActive(mDeviceAdminSample); }
This section describes how to use DevicePolicyManager
to perform administrative tasks:
- Set password policies
- Set device lock
- Perform data wipe
DevicePolicyManager
class includes methods that let you fine-tune the contents of the password.
Beginning with Android 3.0, you can use the setPasswordExpirationTimeout()
method to set when a password will expire, expressed as a delta in milliseconds from when a device admin sets the expiration timeout.
Beginning with Android 3.0, you can use the setPasswordHistoryLength()
method to limit users' ability to reuse old passwords.
本文标签: appandroiddeviceAdministration
版权声明:本文标题:android-app Administration and Device Administration 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:https://www.elefans.com/dianzi/1729593289a1207666.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论