1 <html devsite> 2 <head> 3 <title>Implementing Device Administration</title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p>This section describes how to enable and validate device administration 27 features required to prepare devices for managed profiles. It also covers device 28 owner user cases that are essential in a corporate environment.</p> 29 30 <p>In addition to AOSP code, a device requires the following components to function with managed 31 profiles.</p> 32 33 <h2 id=requirements>General requirements</h2> 34 <p>Devices intending to support device administration must meet the following 35 general requirements.</p> 36 37 <h3 id=HAL_values>Thermal HAL values</h3> 38 <p>Android 7.0 and later includes support for HardwarePropertiesManager API, a device 39 monitoring and health reporting API that enables applications to query the state 40 of device hardware. This API is exposed via 41 <code>android.os.HardwarePropertiesManager</code> and makes calls through 42 <code>HardwarePropertiesManagerService</code> to the hardware thermal HAL 43 (<code>hardware/libhardware/include/hardware/thermal.h</code>). It is a 44 protected API, meaning only device/profile owner Device Policy Controller (DPC) 45 applications and the current <code>VrListenerService</code> can call it.</p> 46 47 <p>To support the HardwarePropertiesManager API, the device thermal HAL 48 implementation must be able to report the following values:</p> 49 50 <table> 51 <tr> 52 <th width="32%">Value</th> 53 <th>Reporting Scale</th> 54 <th>Enables</th> 55 </tr> 56 57 <tr> 58 <td>Temperature of [CPU|GPU|Battery|Device Skin]</td> 59 <td>Temperature of component in degrees Celsius</td> 60 <td>Apps can check device temperatures and component throttling/shutdown 61 temperatures</td> 62 </tr> 63 64 <tr> 65 <td>CPU active/total enabled times</td> 66 <td>Time in milliseconds</td> 67 <td>Apps can check CPU usage per core</td> 68 </tr> 69 70 <tr> 71 <td>Fan speed</td> 72 <td>RPM</td> 73 <td>Apps can check fan speed</td> 74 </tr> 75 76 </table> 77 78 <p>Implementations should correctly handle reporting values situations when a 79 core (or GPU, battery, fan) goes offline or is plugged/unplugged.</p> 80 81 82 <h3 id=low_ram>No low-RAM</h3> 83 <p>Device should not be a low-RAM device, meaning <code>ro.config.low_ram</code> 84 should not be defined. The framework automatically limits the number of users 85 to 1 when the <code>low_ram</code> flag is defined.</p> 86 87 <h3 id=uses-feature>Uses-feature</h3> 88 <p>Devices must define the following <code>uses-feature</code>:</p> 89 90 <pre class="devsite-click-to-copy"> 91 android.software.managed_users 92 android.software.device_admin 93 </pre> 94 95 <p>To confirm these <code>uses-feature</code> values have been defined on a 96 device, run: <code>adb shell pm list features</code>.</p> 97 98 <h3 id=required_apps>Essential apps only</h3> 99 <p>By default, only applications essential for correct operation of the profile 100 should be enabled as part of provisioning a managed device. OEMs must ensure the 101 managed profile or device has all required applications by modifying:</p> 102 103 <pre class="devsite-click-to-copy"> 104 vendor_required_apps_managed_profile.xml 105 vendor_required_apps_managed_device.xml 106 </pre> 107 108 <p>Examples from a Nexus device:</p> 109 110 <pre class="devsite-click-to-copy"> 111 packages/apps/ManagedProvisioning/res/values/vendor_required_apps_managed_device.xml 112 </pre> 113 114 <pre class="devsite-click-to-copy"> 115 <resources> 116 <!-- A list of apps to be retained on the managed device --> 117 <string-array name="vendor_required_apps_managed_device"> 118 <item>com.android.vending</item> <!--Google Play --> 119 <item>com.google.android.gms</item> <!--Required by Play --> 120 <item>com.google.android.contacts</item> <!--Google or OEM Contacts--> 121 <item>com.google.android.googlequicksearchbox</item> <!--Google Launcher --> 122 <item>com.google.android.launcher</item> <!--Google Launcher or OEM Launcher --> 123 <item>com.google.android.dialer</item> <!--Google or OEM dialer to enable making phone calls --> 124 </string-array> 125 </resources> 126 </pre> 127 128 <pre class="devsite-click-to-copy"> 129 packages/apps/ManagedProvisioning/res/values/vendor_required_apps_managed_profile.xml 130 </pre> 131 132 <pre class="devsite-click-to-copy"> 133 <resources> 134 <!-- A list of apps to be retained in the managed profile. This includes any Google experience apps required. --> 135 <string-array name="vendor_required_apps_managed_profile"> 136 <item>com.android.vending</item> <!-- Google Play --> 137 <item>com.google.android.gms</item> <!-- Required by Play --> 138 <item>com.google.android.contacts</item> <!-- Google or OEM Contacts --> 139 </string-array> 140 </resources> 141 </pre> 142 143 <h2 id=launcher>Launcher requirements</h2> 144 145 <p>You must update the Launcher to support badging applications with the icon 146 badge (provided in AOSP to represent the managed applications) and other badge 147 user interface elements such as recents and notifications. If you use 148 <a href="https://android.googlesource.com/platform/packages/apps/Launcher3/">launcher3</a> 149 in AOSP without modifications, then you likely already support this badging 150 feature.</p> 151 152 <h2 id=nfc>NFC requirements</h2> 153 154 <p>Devices with NFC must enable NFC during the out-of-the-box experience (i.e., 155 setup wizard) and be configured to accept managed provisioning intents:</p> 156 157 <pre class="devsite-click-to-copy"> 158 packages/apps/Nfc/res/values/provisioning.xml 159 </pre> 160 161 <pre class="devsite-click-to-copy"> 162 <bool name="enable_nfc_provisioning">true</bool> 163 <item>application/com.android.managedprovisioning</item> 164 </pre> 165 166 <h2 id=setup_wizard>Setup requirements</h2> 167 168 <p>Devices that include an out-of-box experience (i.e., setup wizard) 169 should implement device owner provisioning. When the out-of-box experience 170 opens, it should check if another process (such as device owner provisioning) 171 has already finished the user setup and, if so, it should fire a home intent 172 and finish the setup. This intent is caught by the provisioning application, 173 which then hands control to the newly-set device owner.</p> 174 175 <p>To meet setup requirements, add the following code to the device setup's main 176 activity:</p> 177 178 <pre class="devsite-click-to-copy"> 179 @Override 180 protected void onStart() { 181 super.onStart(); 182 183 // When returning to a setup wizard activity, check to see if another setup process 184 // has intervened and, if so, complete an orderly exit 185 boolean completed = Settings.Secure.getInt(getContentResolver(), 186 Settings.Secure.USER_SETUP_COMPLETE, 0) != 0; 187 if (completed) { 188 startActivity(new Intent(Intent.ACTION_MAIN, null) 189 .addCategory(Intent.CATEGORY_HOME) 190 .addFlags(Intent.FLAG_ACTIVITY_NEW_TASK 191 | Intent.FLAG_ACTIVITY_CLEAR_TASK 192 | Intent.FLAG_ACTIVITY_RESET_TASK_IF_NEEDED)); 193 finish(); 194 } 195 196 ... 197 } 198 </pre> 199 200 </body> 201 </html> 202
