diff --git a/docs/html/guide/topics/admin/device-admin.jd b/docs/html/guide/topics/admin/device-admin.jd index b86a5f0836abe..7dddd9acc7ef5 100644 --- a/docs/html/guide/topics/admin/device-admin.jd +++ b/docs/html/guide/topics/admin/device-admin.jd @@ -128,6 +128,60 @@ can require PIN or passwords to have at least six characters. combination of letters and numbers. They may include symbolic characters. + + + Complex password required + Requires that passwords must contain at least a letter, a numerical digit, and a special symbol. Introduced in Android 3.0. + + + + + Minimum letters required in password The minimum number of +letters required in the password for all admins or a particular one. Introduced in Android 3.0. + + + + + Minimum lowercase letters required in password + The minimum number of lowercase +letters required in the password for all admins or a particular one. Introduced in Android 3.0. + + + + Minimum non-letter characters required in password + The minimum number of +non-letter characters required in the password for all admins or a particular one. Introduced in Android 3.0. + + + + Minimum numerical digits required in password + The minimum number of numerical digits required in the password for all admins or a particular one. Introduced in Android 3.0. + + + + Minimum symbols required in password + The minimum number of symbols required in the password for all admins or a particular one. Introduced in Android 3.0. + + + + Minimum uppercase letters required in password + The minimum number of uppercase letters required in the password for all admins or a particular one. Introduced in Android 3.0. + + + + Password expiration timeout + When the password will expire, expressed as a delta in milliseconds from when a device admin sets the expiration timeout. Introduced in Android 3.0. + + + + Password history restriction + This policy prevents users from reusing the last n unique passwords. + This policy is typically used in conjunction with +{@link android.app.admin.DevicePolicyManager#setPasswordExpirationTimeout(android.content.ComponentName,long) setPasswordExpirationTimeout()}, which forces +users to update their passwords after a specified amount of time has elapsed. +Introduced in Android 3.0. + + Maximum failed password attempts Specifies how many times a user can enter the wrong password before the @@ -141,6 +195,12 @@ device is lost or stolen. pressed a button before the device locks the screen. When this happens, users need to enter their PIN or passwords again before they can use their devices and access data. The value can be between 1 and 60 minutes. + + +Require storage encryption +Specifies that the storage area should be encrypted, if the device supports it. +Introduced in Android 3.0. +

Other features

@@ -172,18 +232,28 @@ they've enabled the application, they can use the buttons in the user interface to do the following:

+ + +

Figure 1. Screenshot of the Sample Application

@@ -469,7 +539,13 @@ password containing at least both numeric and alphabetic (or other symbol) characters.
{@link android.app.admin.DevicePolicyManager#PASSWORD_QUALITY_NUMERIC}
The user must enter a password containing at least numeric characters.
-
{@link android.app.admin.DevicePolicyManager#PASSWORD_QUALITY_SOMETHING}
The policy requires some kind +
{@link +android.app.admin.DevicePolicyManager#PASSWORD_QUALITY_COMPLEX}
The user +must have entered a password containing at least a letter, a numerical digit and +a special symbol.
+
{@link +android.app.admin.DevicePolicyManager#PASSWORD_QUALITY_SOMETHING}
The +policy requires some kind of password, but doesn't care what it is.
{@link android.app.admin.DevicePolicyManager#PASSWORD_QUALITY_UNSPECIFIED}
The policy has no requirements for the password.
@@ -482,6 +558,36 @@ ComponentName mDeviceAdminSample; mDPM.setPasswordQuality(mDeviceAdminSample, DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC); +
Set password content requirements
+ +

Beginning with Android 3.0, the {@link android.app.admin.DevicePolicyManager} class +includes methods that let you fine-tune the contents of the password. For +example, you could set a policy that states that passwords must contain at least +n uppercase letters. Here are the methods for fine-tuning a password's +contents:

+ +

For example, this snippet states that the password must have at least 2 uppercase letters:

+
+DevicePolicyManager mDPM;
+ComponentName mDeviceAdminSample;
+int pwMinUppercase = 2;
+...
+mDPM.setPasswordMinimumUpperCase(mDeviceAdminSample, pwMinUppercase);
+ +
Set the minimum password length

You can specify that a password must be at least the specified minimum length. For example:

@@ -501,7 +607,86 @@ int maxFailedPw; ... mDPM.setMaximumFailedPasswordsForWipe(mDeviceAdminSample, maxFailedPw); -

Set device lock

+
Set password expiration timeout
+

Beginning with Android 3.0, you can use the +{@link android.app.admin.DevicePolicyManager#setPasswordExpirationTimeout(android.content.ComponentName,long) setPasswordExpirationTimeout()} +method to set when a password will expire, expressed as a delta in milliseconds from when a device admin sets the expiration timeout. For example:

+ +
DevicePolicyManager mDPM;
+ComponentName mDeviceAdminSample;
+long pwExpiration;
+...
+mDPM.setPasswordExpirationTimeout(mDeviceAdminSample, pwExpiration);
+
+ +

From the Device Administration API sample, here is the code +that updates the password expiration status:

+ +
+DevicePolicyManager mDPM;
+ComponentName mDeviceAdminSample;
+private TextView mPasswordExpirationStatus;
+...
+void updatePasswordExpirationStatus() {
+    boolean active = mDPM.isAdminActive(mDeviceAdminSample);
+    String statusText;
+    if (active) {
+        long now = System.currentTimeMillis();
+        // Query the DevicePolicyManager twice - first for the expiration values
+        // set by the sample app, and later, for the system values (which may be different
+        // if there is another administrator active.)
+        long expirationDate = mDPM.getPasswordExpiration(mDeviceAdminSample);
+        long mSecUntilExpiration = expirationDate - now;
+        if (mSecUntilExpiration >= 0) {
+            statusText = "Expiration in " + countdownString(mSecUntilExpiration);
+        } else {
+            statusText = "Expired " + countdownString(-mSecUntilExpiration) + " ago";
+        }
+
+        // expirationTimeout is the cycle time between required password refresh
+        long expirationTimeout = mDPM.getPasswordExpirationTimeout(mDeviceAdminSample);
+        statusText += " / timeout period " + countdownString(expirationTimeout);
+
+        // Now report the aggregate (global) expiration time
+        statusText += " / Aggregate ";
+        expirationDate = mDPM.getPasswordExpiration(null);
+        mSecUntilExpiration = expirationDate - now;
+        if (mSecUntilExpiration >= 0) {
+            statusText += "expiration in " + countdownString(mSecUntilExpiration);
+        } else {
+            statusText += "expired " + countdownString(-mSecUntilExpiration) + " ago";
+        }
+    } else {
+        statusText = "<inactive>";
+    }
+    mPasswordExpirationStatus.setText(statusText);
+ +
Restrict password based on history
+ +

Beginning with Android 3.0, you can use the +{@link android.app.admin.DevicePolicyManager#setPasswordHistoryLength(android.content.ComponentName,int) setPasswordHistoryLength()} +method to limit users' +ability to reuse old passwords. This method takes a length +parameter, which specifies how many old +passwords are stored. When this policy is active, users cannot enter a new +password that matches the last n passwords. This prevents +users from using the same password over and over. This policy is typically used +in conjunction with +{@link android.app.admin.DevicePolicyManager#setPasswordExpirationTimeout(android.content.ComponentName,long) setPasswordExpirationTimeout()}, +which forces users +to update their passwords after a specified amount of time has elapsed.

+ +

For example, this snippet prohibits users from reusing any of their last 5 passwords:

+ +
DevicePolicyManager mDPM;
+ComponentName mDeviceAdminSample;
+int pwHistoryLength = 5;
+...
+mDPM.setPasswordHistoryLength(mDeviceAdminSample, pwHistoryLength);
+
+ +

Set device lock

You can set the maximum period of user inactivity that can occur before the device locks. For example:

@@ -516,6 +701,8 @@ mDPM.setMaximumTimeToLock(mDeviceAdminSample, timeMs);
 DevicePolicyManager mDPM;
 mDPM.lockNow();
+ +

Perform data wipe

You can use the {@link android.app.admin.DevicePolicyManager} method @@ -530,3 +717,20 @@ DevicePolicyManager mDPM; mDPM.wipeData(0);

The {@link android.app.admin.DevicePolicyManager#wipeData wipeData()} method takes as its parameter a bit mask of additional options. Currently the value must be 0.

+ +

Storage encryption

+

Beginning with Android 3.0, you can use the +{@link android.app.admin.DevicePolicyManager#setStorageEncryption(android.content.ComponentName,boolean) setStorageEncryption()} +method to set a policy requiring encryption of the storage area, where supported.

+ +

For example:

+ +
+DevicePolicyManager mDPM;
+ComponentName mDeviceAdminSample;
+...
+mDPM.setStorageEncryption(mDeviceAdminSample, true);
+
+

+See the Device Administration API sample for a complete +example of how to enable storage encryption.

diff --git a/docs/html/images/admin/device-admin-activate-prompt.png b/docs/html/images/admin/device-admin-activate-prompt.png old mode 100755 new mode 100644 index fd001bd0cd2a8..2851194b4b05b Binary files a/docs/html/images/admin/device-admin-activate-prompt.png and b/docs/html/images/admin/device-admin-activate-prompt.png differ diff --git a/docs/html/images/admin/device-admin-app.png b/docs/html/images/admin/device-admin-app.png old mode 100755 new mode 100644 index d966a28ef15f0..c96defc266ba6 Binary files a/docs/html/images/admin/device-admin-app.png and b/docs/html/images/admin/device-admin-app.png differ