diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java index ee5ea806da341..3d169b0656a61 100644 --- a/core/java/android/app/admin/DevicePolicyManager.java +++ b/core/java/android/app/admin/DevicePolicyManager.java @@ -2865,7 +2865,7 @@ public class DevicePolicyManager { * false if the profile has empty password as a separate challenge. * * @param admin Which {@link DeviceAdminReceiver} this request is associated with. - * @throws SecurityException if {@code admin} is not a profile owner of a managed profile. + * @throws SecurityException if {@code admin} is not a profile owner. * @see UserManager#DISALLOW_UNIFIED_PASSWORD */ public boolean isUsingUnifiedPassword(@NonNull ComponentName admin) { @@ -5579,10 +5579,13 @@ public class DevicePolicyManager { } /** - * Called by a profile owner or device owner to add a default intent handler activity for - * intents that match a certain intent filter. This activity will remain the default intent - * handler even if the set of potential event handlers for the intent filter changes and if the - * intent preferences are reset. + * Called by a profile owner or device owner to set a default activity that the system selects + * to handle intents that match the given {@link IntentFilter}. This activity will remain the + * default intent handler even if the set of potential event handlers for the intent filter + * changes and if the intent preferences are reset. + *

+ * Note that the caller should still declare the activity in the manifest, the API just sets + * the activity to be the default one to handle the given intent filter. *

* The default disambiguation mechanism takes over if the activity is not installed (anymore). * When the activity is (re)installed, it is automatically reset as default intent handler for @@ -5878,7 +5881,7 @@ public class DevicePolicyManager { * * @param admin Which {@link DeviceAdminReceiver} this request is associated with. * @param disabled If true caller-Id information in the managed profile is not displayed. - * @throws SecurityException if {@code admin} is not a device or profile owner. + * @throws SecurityException if {@code admin} is not a profile owner. */ public void setCrossProfileCallerIdDisabled(@NonNull ComponentName admin, boolean disabled) { throwIfParentInstance("setCrossProfileCallerIdDisabled"); @@ -5899,7 +5902,7 @@ public class DevicePolicyManager { * thrown. * * @param admin Which {@link DeviceAdminReceiver} this request is associated with. - * @throws SecurityException if {@code admin} is not a device or profile owner. + * @throws SecurityException if {@code admin} is not a profile owner. */ public boolean getCrossProfileCallerIdDisabled(@NonNull ComponentName admin) { throwIfParentInstance("getCrossProfileCallerIdDisabled"); @@ -5939,7 +5942,7 @@ public class DevicePolicyManager { * * @param admin Which {@link DeviceAdminReceiver} this request is associated with. * @param disabled If true contacts search in the managed profile is not displayed. - * @throws SecurityException if {@code admin} is not a device or profile owner. + * @throws SecurityException if {@code admin} is not a profile owner. */ public void setCrossProfileContactsSearchDisabled(@NonNull ComponentName admin, boolean disabled) { @@ -5961,7 +5964,7 @@ public class DevicePolicyManager { * thrown. * * @param admin Which {@link DeviceAdminReceiver} this request is associated with. - * @throws SecurityException if {@code admin} is not a device or profile owner. + * @throws SecurityException if {@code admin} is not a profile owner. */ public boolean getCrossProfileContactsSearchDisabled(@NonNull ComponentName admin) { throwIfParentInstance("getCrossProfileContactsSearchDisabled"); @@ -6032,7 +6035,7 @@ public class DevicePolicyManager { * * @param admin Which {@link DeviceAdminReceiver} this request is associated with. * @param disabled If true, bluetooth devices cannot access enterprise contacts. - * @throws SecurityException if {@code admin} is not a device or profile owner. + * @throws SecurityException if {@code admin} is not a profile owner. */ public void setBluetoothContactSharingDisabled(@NonNull ComponentName admin, boolean disabled) { throwIfParentInstance("setBluetoothContactSharingDisabled"); @@ -6055,7 +6058,7 @@ public class DevicePolicyManager { * This API works on managed profile only. * * @param admin Which {@link DeviceAdminReceiver} this request is associated with. - * @throws SecurityException if {@code admin} is not a device or profile owner. + * @throws SecurityException if {@code admin} is not a profile owner. */ public boolean getBluetoothContactSharingDisabled(@NonNull ComponentName admin) { throwIfParentInstance("getBluetoothContactSharingDisabled"); @@ -6125,7 +6128,7 @@ public class DevicePolicyManager { * {@link UserManager#DISALLOW_SHARE_INTO_MANAGED_PROFILE}. * * @param admin Which {@link DeviceAdminReceiver} this request is associated with. - * @throws SecurityException if {@code admin} is not a device or profile owner. + * @throws SecurityException if {@code admin} is not a profile owner. */ public void clearCrossProfileIntentFilters(@NonNull ComponentName admin) { throwIfParentInstance("clearCrossProfileIntentFilters"); @@ -6139,21 +6142,22 @@ public class DevicePolicyManager { } /** - * Called by a profile or device owner to set the permitted accessibility services. When set by + * Called by a profile or device owner to set the permitted + * {@link android.accessibilityservice.AccessibilityService}. When set by * a device owner or profile owner the restriction applies to all profiles of the user the - * device owner or profile owner is an admin for. By default the user can use any accessiblity - * service. When zero or more packages have been added, accessiblity services that are not in + * device owner or profile owner is an admin for. By default, the user can use any accessibility + * service. When zero or more packages have been added, accessibility services that are not in * the list and not part of the system can not be enabled by the user. *

* Calling with a null value for the list disables the restriction so that all services can be - * used, calling with an empty list only allows the builtin system's services. + * used, calling with an empty list only allows the built-in system services. Any non-system + * accessibility service that's currently enabled must be included in the list. *

* System accessibility services are always available to the user the list can't modify this. - * * @param admin Which {@link DeviceAdminReceiver} this request is associated with. * @param packageNames List of accessibility service package names. - * @return true if setting the restriction succeeded. It fail if there is one or more non-system - * accessibility services enabled, that are not in the list. + * @return {@code true} if the operation succeeded, or {@code false} if the list didn't + * contain every enabled non-system accessibility service. * @throws SecurityException if {@code admin} is not a device or profile owner. */ public boolean setPermittedAccessibilityServices(@NonNull ComponentName admin, @@ -6242,10 +6246,11 @@ public class DevicePolicyManager { /** * Called by a profile or device owner to set the permitted input methods services. When set by * a device owner or profile owner the restriction applies to all profiles of the user the - * device owner or profile owner is an admin for. By default the user can use any input method. + * device owner or profile owner is an admin for. By default, the user can use any input method. * When zero or more packages have been added, input method that are not in the list and not * part of the system can not be enabled by the user. This method will fail if it is called for - * a admin that is not for the foreground user or a profile of the foreground user. + * a admin that is not for the foreground user or a profile of the foreground user. Any + * non-system input method service that's currently enabled must be included in the list. *

* Calling with a null value for the list disables the restriction so that all input methods can * be used, calling with an empty list disables all but the system's own input methods. @@ -6254,8 +6259,8 @@ public class DevicePolicyManager { * * @param admin Which {@link DeviceAdminReceiver} this request is associated with. * @param packageNames List of input method package names. - * @return true if setting the restriction succeeded. It will fail if there are one or more - * non-system input methods currently enabled that are not in the packageNames list. + * @return {@code true} if the operation succeeded, or {@code false} if the list didn't + * contain every enabled non-system input method service. * @throws SecurityException if {@code admin} is not a device or profile owner. */ public boolean setPermittedInputMethods( @@ -7854,11 +7859,14 @@ public class DevicePolicyManager { * {@link #PERMISSION_GRANT_STATE_DEFAULT default} in which a user can manage it through the UI, * {@link #PERMISSION_GRANT_STATE_DENIED denied}, in which the permission is denied and the user * cannot manage it through the UI, and {@link #PERMISSION_GRANT_STATE_GRANTED granted} in which - * the permission is granted and the user cannot manage it through the UI. This might affect all - * permissions in a group that the runtime permission belongs to. This method can only be called - * by a profile owner, device owner, or a delegate given the + * the permission is granted and the user cannot manage it through the UI. This method can only + * be called by a profile owner, device owner, or a delegate given the * {@link #DELEGATION_PERMISSION_GRANT} scope via {@link #setDelegatedScopes}. *

+ * Note that user cannot manage other permissions in the affected group through the UI + * either and their granted state will be kept as the current value. Thus, it's recommended that + * you set the grant state of all the permissions in the affected group. + *

* Setting the grant state to {@link #PERMISSION_GRANT_STATE_DEFAULT default} does not revoke * the permission. It retains the previous grant, if any. *