当前位置: 首页 > 工具软件 > OWNER > 使用案例 >

Android ProfileOwner 应用的能力

邹嘉荣
2023-12-01

Profile Owner

概述

ProfileOwner 译为配置文件所有者,在Android5.0系统推出。ProfileOwner涵盖了所有DeviceAdmin用户的管理能力,并且额外添加了很多管理权限。Android系统只能设置一个Profile Owner程序,并且该程序在设置为ProfileOwner后不能取消,应用不能卸载,唯一可以取消的途径是恢复出厂设置

ProfileOwner 的设置和能力

要使一个应用成为ProfileOwner,首先这个程序必须是一个DeviceAdmin,按照DeviceAdmin的标准流程配置一个程序,回顾往期文章Android Device Administration 应用的能力
将配置好的程序设置为ProfileOwner之前,不必刻意去激活DeviceAdmin,系统在设置ProfileOwner的过程中会自动先激活DeviceAdmin,这也是ProfileOwner拥有DeviceAdmin所有能力的原因。
第三方应用没有权限设置ProfileOwner应用,属于system进程的应用可以设置。

是否为ProfileOwner

// 获取设备管理服务
mDevicePolicyManager = (DevicePolicyManager) getSystemService(Context.DEVICE_POLICY_SERVICE);
// 需要激活的DeviceAdminReceiver组件
mComponentName = new ComponentName(this, DPMTestReceiver.class);

isProfileOwnerApp = mDevicePolicyManager.isProfileOwnerApp(mComponentName.getPackageName());
Log.d(TAG, "isProfileOwnerApp: " + isProfileOwnerApp);

通过包名添加应用程序小部件

private boolean addCrossProfileWidgetProvider(ComponentName admin, String packageName) {
	    boolean res = false;
	    if(isProfileOwnerApp) {
	        res = mDevicePolicyManager.addCrossProfileWidgetProvider(admin, packageName);
	    }
	    return res;
	}

删除指定应用程序的小部件

private boolean removeCrossProfileWidgetProvider(ComponentName admin, String packageName) {
	    boolean res = false;
	    if(isProfileOwnerApp) {
	        res = mDevicePolicyManager.removeCrossProfileWidgetProvider(admin, packageName);
	    }
	    return res;
	}

获取所有可用小部件程序的集合

private List<String> getCrossProfileWidgetProviders(ComponentName admin) {
	    List<String> res = null;
	    if(isProfileOwnerApp) {
	        res = mDevicePolicyManager.getCrossProfileWidgetProviders(admin);
	    }
	    return res;
	}

管理应用程序消息通知,默认允许所有应用的通知消息,当添加了零个或多个包时,不在列表中且不是当前用户上的应用通知将不接收

private boolean setPermittedCrossProfileNotificationListeners(ComponentName admin, List<String> packageList) {
	    boolean res = false;
	    if (null == packageList) return res;

	    if(isProfileOwnerApp) {
	        res = mDevicePolicyManager.setPermittedCrossProfileNotificationListeners(admin, packageList);
	    }
	    Log.d(TAG, "ProfileOwner setPermittedCrossProfileNotificationListeners result: " + res);
	    return res;
	}

获取可显示消息通知的包列表

private List<String> getPermittedCrossProfileNotificationListeners(ComponentName admin) {
	    List<String> res = null;
	    if(isProfileOwnerApp) {
	        res = mDevicePolicyManager.getPermittedCrossProfileNotificationListeners(admin);
	    }
	    return res;
	}

禁止/允许截屏

private void setScreenCaptureDisabled(ComponentName admin, boolean disabled) {
        if(isProfileOwnerApp) {
	        mDevicePolicyManager.setScreenCaptureDisabled(admin, disabled);
	    }
    }

是否禁止截图

private boolean getScreenCaptureDisabled(ComponentName admin) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.getScreenCaptureDisabled(admin);
	    }
	    return res;
	}

设置组织名

private void setOrganizationName(ComponentName admin, CharSequence title) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.setOrganizationName(admin, title);
	    }
	}

获取组织名

private CharSequence getOrganizationName(ComponentName admin) {
	    CharSequence res = null;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.getOrganizationName(admin);
	    }
	    return res;
	}

通过包名设置应用程序的运行时权限状态

private boolean setPermissionGrantState(ComponentName admin, String packageName,
            String permission, int grantState) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.setPermissionGrantState(admin, packageName, permission, grantState);
	    }
	    return res;
	}

通过包名获取应用程序的运行时权限状态

private int getPermissionGrantState(ComponentName admin, String packageName,
            String permission) {
	    int res = 0;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.getPermissionGrantState(admin, packageName, permission);
	    }
	    return res;
	}

允许应用程序自动授予或拒绝运行时权限请求

private void setPermissionPolicy(ComponentName admin, int policy) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.setPermissionPolicy(admin, policy);
	    }
	}

返回设备或配置文件所有者设置的当前运行时权限策略

private int getPermissionPolicy(ComponentName admin) {
	    int res = 0;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.getPermissionPolicy(admin);
	    }
	    return res;
	}

设置用户图片

private void setUserIcon(ComponentName admin, Bitmap icon) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.setUserIcon(admin, icon);
	    }
	}

设置应用程序不可卸载或者可以卸载

private void setUninstallBlocked(ComponentName admin, String packageName,
            boolean uninstallBlocked) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.setUninstallBlocked(admin, packageName, uninstallBlocked);
	    }
	}

返回应用程序是否可卸载

private boolean isUninstallBlocked(ComponentName admin, String packageName) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.isUninstallBlocked(admin, packageName);
	    }
	    return res;
	}

设置静音

private void setMasterVolumeMuted(ComponentName admin, boolean on) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.setMasterVolumeMuted(admin, on);
	    }
	}

是否静音

private boolean isMasterVolumeMuted(ComponentName admin) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.isMasterVolumeMuted(admin);
	    }
	    return res;
	}

指定特定的服务组件作为内容提供者,用于向用户的本地或远程管理员发出权限请求

private void setRestrictionsProvider(ComponentName admin, ComponentName provider) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.setRestrictionsProvider(admin, provider);
	    }
	}

设置系统设置中安全相关的属性

private void setSecureSetting(ComponentName admin, String setting, String value) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.setSecureSetting(admin, setting, value);
	    }
	}

设置哪些应用程序能够在锁定界面显示

private void setLockTaskPackages(ComponentName admin, String[] packages) {
	    if (packages == null) return;

	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.setLockTaskPackages(admin, packages);
	    }
	}

返回允许在锁定界面显示的包列表

private String[] getLockTaskPackages(ComponentName admin) {
	    String[] res = null;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.getLockTaskPackages(admin);
	    }
	    return res;
	}

查询一个应用是否能够在锁定界面显示

private boolean isLockTaskPermitted(String packageName) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.isLockTaskPermitted(packageName);
	    }
	    return res;
	}

禁用特定类型的帐户

private void setAccountManagementDisabled(ComponentName admin, String accountType,
            boolean disabled) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.setAccountManagementDisabled(admin, accountType, disabled);
	    }
	}

获取禁用的账户列表

private String[] getAccountTypesWithManagementDisabled() {
	    String[] res = null;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.getAccountTypesWithManagementDisabled();
	    }
	    return res;
	}

重新启用用户初始化时默认禁用的系统应用程序

private void enableSystemApp(ComponentName admin, String packageName) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.enableSystemApp(admin, packageName);
	    }
	}

隐藏或者启用应用

private boolean setApplicationHidden(ComponentName admin, String packageName, boolean hidden) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.setApplicationHidden(admin, packageName, hidden);
	    }
	    return res;
	}

查询一个应用是否被隐藏

private boolean isApplicationHidden(ComponentName admin, String packageName) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.isApplicationHidden(admin, packageName);
	    }
	    return res;
	}

添加用户限制

private void addUserRestriction(ComponentName admin, String key) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.addUserRestriction(admin, key);
	    }
	}

清除用户限制

private void clearUserRestriction(ComponentName admin, String key) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.clearUserRestriction(admin, key);
	    }
	}

获取用户限制

private Bundle getUserRestrictions(ComponentName admin) {
	    Bundle res = null;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.getUserRestrictions(admin);
	    }
	    return res;
	}

默认情况下,用户可以使用任何输入法。当添加了零个或多个包时,用户无法启用不在列表中的输入法

private boolean setPermittedInputMethods(ComponentName admin, List<String> packageNames) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.setPermittedInputMethods(admin, packageNames);
	    }
	    return res;
	}

获取受信任的输入法包列表

private List<String> getPermittedInputMethods(ComponentName admin) {
	    List<String> res = null;
	    if(isProfileOwnerApp) {
	        res = mDevicePolicyManager.getPermittedInputMethods(admin);
	    }
	    return res;
	}

设置允许的可访问性服务。默认情况下,用户可以使用任何可访问性服务。当添加了零个或多个包时,用户无法启用列表中非系统部分的可访问性服务

private boolean setPermittedAccessibilityServices(ComponentName admin, List<String> packageNames) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.setPermittedAccessibilityServices(admin, packageNames);
	    }
	    return res;
	}

获取所有不受信任的服务列表

private List<String> getPermittedAccessibilityServices(ComponentName admin) {
	    List<String> res = null;
	    if(isProfileOwnerApp) {
	        res = mDevicePolicyManager.getPermittedAccessibilityServices(admin);
	    }
	    return res;
	}

设置蓝牙是否可以访问联系人

private void setBluetoothContactSharingDisabled(ComponentName admin, boolean disabled) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.setBluetoothContactSharingDisabled(admin, disabled);
	    }
	}

获取蓝牙访问联系人状态

private boolean getBluetoothContactSharingDisabled(ComponentName admin) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.getBluetoothContactSharingDisabled(admin);
	    }
	    return res;
	}

禁止或者开启搜索联系人功能

private void setCrossProfileContactsSearchDisabled(ComponentName admin, boolean disabled) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.setCrossProfileContactsSearchDisabled(admin, disabled);
	    }
	}

获取搜索联系人状态

private boolean getCrossProfileContactsSearchDisabled(ComponentName admin) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.getCrossProfileContactsSearchDisabled(admin);
	    }
	    return res;
	}

禁止或者开启来电显示功能

private void setCrossProfileCallerIdDisabled(ComponentName admin, boolean disabled) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.setCrossProfileCallerIdDisabled(admin, disabled);
	    }
	}

获取禁止来电显示状态

private boolean getCrossProfileCallerIdDisabled(ComponentName admin) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.getCrossProfileCallerIdDisabled(admin);
	    }
	    return res;
	}

设置应用限制

private void setApplicationRestrictions(ComponentName admin, String packageName,
            Bundle settings) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.setApplicationRestrictions(admin, packageName, settings);
	    }
	}

获取应用程序受限信息

private Bundle getApplicationRestrictions(ComponentName admin, String packageName) {
	    Bundle res = null;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.getApplicationRestrictions(admin, packageName);
	    }
	    return res;
	}

设置应用程序挂起,挂起的程序将无法启动任何活动

private String[] setPackagesSuspended(ComponentName admin, String[] packageNames, boolean suspended) {
	    String[] res = null;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.setPackagesSuspended(admin, packageNames, suspended);
	    }
	    return res;
	}

是否为挂起应用

private boolean isPackageSuspended(ComponentName admin, String packageName) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        try {
	        	res = mDevicePolicyManager.isPackageSuspended(admin, packageName);
	        } catch (NameNotFoundException e) {
            	Log.w(TAG, "Error getting appName for package: " + packageName, e);
        	}
	    }
	    return res;
	}

指定特定应用程序始终打开的VPN连接。此连接在重新启动后自动授予并持久化

private void setAlwaysOnVpnPackage(ComponentName admin, String vpnPackage,
            boolean lockdownEnabled) {
	    if(isProfileOwnerApp) {
	        try {
	        	mDevicePolicyManager.setAlwaysOnVpnPackage(admin, vpnPackage, lockdownEnabled);
	        } catch (NameNotFoundException | UnsupportedOperationException e) {
            	Log.w(TAG, "Error getting appName for package: " + vpnPackage, e);
        	}
	    }
	}

获取打开VPN连接的应用

private String getAlwaysOnVpnPackage(ComponentName admin) {
	    String res = null;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.getAlwaysOnVpnPackage(admin);
	    }
	    return res;
	}

授予对另一个应用程序的特权API的访问权

private void setDelegatedScopes(ComponentName admin, String delegatePackage,
            List<String> scopes) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.setDelegatedScopes(admin, delegatePackage, scopes);
	    }
	}

获取特权应用的所有权限

private List<String> getDelegatedScopes(ComponentName admin, String delegatedPackage) {
	    List<String> res = null;
	    if(isProfileOwnerApp) {
	        res = mDevicePolicyManager.getDelegatedScopes(admin, delegatedPackage);
	    }
	    return res;
	}

安装证书和相应的私钥

private boolean installKeyPair(ComponentName admin, PrivateKey privKey, Certificate cert, String alias) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.installKeyPair(admin, privKey, cert, alias);
	    }
	    return res;
	}

删除密匙

private boolean removeKeyPair(ComponentName admin, String alias) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.removeKeyPair(admin, alias);
	    }
	    return res;
	}

此证书是否安装为可信CA

private boolean hasCaCertInstalled(ComponentName admin, byte[] certBuffer) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.hasCaCertInstalled(admin, certBuffer);
	    }
	    return res;
	}

卸载所有自定义的可信CA证书。除系统CA证书外,通过设备策略以外的方式安装的证书也将被删除

private void uninstallAllUserCaCerts(ComponentName admin) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.uninstallAllUserCaCerts(admin);
	    }
	}

返回当前受信任的所有CA证书,不包括系统CA证书。如果用户通过除设备策略之外的其他方式安装了任何证书,这些证书也将包括在内。

private List<byte[]> getInstalledCaCerts(ComponentName admin) {
	    List<byte[]> res = null;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.getInstalledCaCerts(admin);
	    }
	    return res;
	}

从可信用户CAs卸载给定的证书

private void uninstallCaCert(ComponentName admin, byte[] certBuffer) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.uninstallCaCert(admin, certBuffer);
	    }
	}

将给定证书安装为用户可信CA

private boolean installCaCert(ComponentName admin, byte[] certBuffer) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.installCaCert(admin, certBuffer);
	    }
	    return res;
	}

设置超时时间,超时后用户必须使用身份验证才能进入系统,比如指纹、密码等

private void setRequiredStrongAuthTimeout(ComponentName admin, long timeoutMs) {
	    if(isProfileOwnerApp) {
	        mDevicePolicyManager.setRequiredStrongAuthTimeout(admin, timeoutMs);
	    }
	}

获取超时时间

private long getRequiredStrongAuthTimeout(ComponentName admin) {
	    long res = 0;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.getRequiredStrongAuthTimeout(admin);
	    }
	    return res;
	}

重置设备锁屏密码

private boolean setResetPasswordToken(ComponentName admin, byte[] token) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.setResetPasswordToken(admin, token);
	    }
	    return res;
	}

清除重置设备密码Token

private boolean clearResetPasswordToken(ComponentName admin) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.clearResetPasswordToken(admin);
	    }
	    return res;
	}

重置设备密码Token激活状态

private boolean isResetPasswordTokenActive(ComponentName admin) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.isResetPasswordTokenActive(admin);
	    }
	    return res;
	}

重置设备锁屏密码,在Token激活的状态下有效

private boolean resetPasswordWithToken(ComponentName admin, String password,
            byte[] token, int flags) {
	    boolean res = false;

	    if (isProfileOwnerApp) {
	        res = mDevicePolicyManager.resetPasswordWithToken(admin, password, token, flags);
	    }
	    return res;
	}

上一篇 Android Device Administration 应用的能力
下一篇 Android DeviceOwner 应用的能力
 类似资料: