2 files changed, 43 insertions, 27 deletions

diff --git a/core/java/android/app/admin/DeviceAdminReceiver.java b/core/java/android/app/admin/DeviceAdminReceiver.java
index 2cc15e2..1015514 100644
--- a/core/java/android/app/admin/DeviceAdminReceiver.java
+++ b/core/java/android/app/admin/DeviceAdminReceiver.java
@@ -16,6 +16,7 @@
 
 package android.app.admin;
 
+import android.accounts.AccountManager;
 import android.annotation.SdkConstant;
 import android.annotation.SdkConstant.SdkConstantType;
 import android.app.Service;
@@ -165,15 +166,14 @@ public class DeviceAdminReceiver extends BroadcastReceiver {
             = "android.app.action.ACTION_PASSWORD_EXPIRING";
 
     /**
-     * Broadcast Action: This broadcast is sent to the newly created profile when
-     * the provisioning of a managed profile has completed successfully. It is used in both the
-     * Profile Owner and the Device Owner provisioning.
+     * Broadcast Action: This broadcast is sent to indicate that provisioning of a managed profile
+     * or managed device has completed successfully.
      *
-     * <p>The broadcast is limited to the DeviceAdminReceiver component specified in the message
-     * that started the provisioning. It is also limited to the managed profile.
-     *
-     * <p> The intent may contain the extra
-     * {@link DevicePolicyManager#EXTRA_PROVISIONING_EMAIL_ADDRESS}.
+     * <p>The broadcast is limited to the profile that will be managed by the application that
+     * requested provisioning. In the device owner case the profile is the primary user.
+     * The broadcast will also be limited to the {@link DeviceAdminReceiver} component
+     * specified in the original intent or NFC bump that started the provisioning process
+     * (@see DevicePolicyManager#ACTION_PROVISION_MANAGED_PROFILE).
      *
      * <p>Input: Nothing.</p>
      * <p>Output: Nothing</p>
@@ -310,18 +310,23 @@ public class DeviceAdminReceiver extends BroadcastReceiver {
     }
 
     /**
-     * Called on the new profile when managed profile provisioning has completed.
-     * Managed profile provisioning is the process of setting up the device so that it has a
-     * separate profile which is managed by the mobile device management(mdm) application that
-     * triggered the provisioning.
+     * Called when provisioning of a managed profile or managed device has completed successfully.
+     *
+     * <p> As a prerequisit for the execution of this callback the (@link DeviceAdminReceiver} has
+     * to declare an intent filter for {@link #ACTION_PROFILE_PROVISIONING_COMPLETE}.
+     * Its component must also be specified in the {@link DevicePolicyManager#EXTRA_DEVICE_ADMIN}
+     * of the {@link DevicePolicyManager#ACTION_PROVISION_MANAGED_PROFILE} intent that started the
+     * managed provisioning.
      *
-     * <p>As part of provisioning a new profile is created, the mdm is moved to the new profile and
-     * set as the owner of the profile so that it has full control over it.
-     * This intent is only received by the mdm package that is set as profile owner during
-     * provisioning.
+     * <p>When provisioning is complete, the managed profile is hidden until the profile owner
+     * calls {DevicePolicyManager#setProfileEnabled(ComponentName admin)}. Typically a profile
+     * owner will enable the profile when it has finished any additional setup such as adding an
+     * account by using the {@link AccountManager} and calling apis to bring the profile into the
+     * desired state.
      *
-     * <p>Provisioning can be triggered via an intent with the action
-     * android.managedprovisioning.ACTION_PROVISION_MANAGED_PROFILE.
+     * <p> Note that provisioning completes without waiting for any server interactions, so the
+     * profile owner needs to wait for data to be available if required (e.g android device ids or
+     * other data that is set as a result of server interactions).
      *
      * @param context The running context as per {@link #onReceive}.
      * @param intent The received intent as per {@link #onReceive}.
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index aac55c7..5579470 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -99,17 +99,25 @@ public class DevicePolicyManager {
 
     /**
      * Activity action: Starts the provisioning flow which sets up a managed profile.
-     * This intent will typically be sent by a mobile device management application(mdm).
-     * Managed profile provisioning creates a profile, moves the mdm to the profile,
-     * sets the mdm as the profile owner and removes all non required applications from the profile.
-     * As a profile owner the mdm than has full control over the managed profile.
      *
-     * <p>The intent must contain the extras {@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME} and
-     * {@link #EXTRA_PROVISIONING_DEFAULT_MANAGED_PROFILE_NAME}.
+     * <p>A managed profile allows data separation for example for the usage of a
+     * device as a personal and corporate device. The user which provisioning is started from and
+     * the managed profile share a launcher.
+     *
+     * <p>This intent will typically be sent by a mobile device management application (mdm).
+     * Provisioning adds a managed profile and sets the mdm as the profile owner who has full
+     * control over the profile
+     *
+     * <p>This intent must contain the extras {@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME}
+     * {@link #EXTRA_PROVISIONING_DEFAULT_MANAGED_PROFILE_NAME} and {@link #EXTRA_DEVICE_ADMIN}.
      *
      * <p> When managed provisioning has completed, an intent of the type
      * {@link DeviceAdminReceiver#ACTION_PROFILE_PROVISIONING_COMPLETE} is broadcasted to the
-     * mdm app on the managed profile.
+     * managed profile. The intent is sent to the {@link DeviceAdminReceiver} specified in the
+     * {@link #EXTRA_DEVICE_ADMIN} exclusively.
+     *
+     * If provisioning fails, the managedProfile is removed so the device returns to its previous
+     * state.
      *
      * <p>Input: Nothing.</p>
      * <p>Output: Nothing</p>
@@ -135,7 +143,7 @@ public class DevicePolicyManager {
      * <p>Use with {@link #ACTION_PROVISION_MANAGED_PROFILE}.
      */
     public static final String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME
-        = "deviceAdminPackageName";
+        = "android.app.extra.deviceAdminPackageName";
 
     /**
      * An int extra used to identify that during the current setup process the user has already
@@ -155,7 +163,7 @@ public class DevicePolicyManager {
      * <p>Use with {@link #ACTION_PROVISION_MANAGED_PROFILE}
      */
     public static final String EXTRA_PROVISIONING_DEFAULT_MANAGED_PROFILE_NAME
-        = "defaultManagedProfileName";
+        = "android.app.extra.defaultManagedProfileName";
 
     /**
      * A String extra holding the email address of the profile that is created during managed
@@ -889,6 +897,9 @@ public class DevicePolicyManager {
      * {@link DeviceAdminInfo#USES_POLICY_EXPIRE_PASSWORD} to be able to call this
      * method; if it has not, a security exception will be thrown.
      *
+     * <p> Note that setting the password will automatically reset the expiration time for all
+     * active admins. Active admins do not need to explicitly call this method in that case.
+     *
      * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
      * @param timeout The limit (in ms) that a password can remain in effect. A value of 0
      *        means there is no restriction (unlimited).