diff options
Diffstat (limited to 'docs/html')
| -rw-r--r-- | docs/html/guide/topics/admin/device-admin.jd | 7 | ||||
| -rw-r--r-- | docs/html/images/enterprise/work-launcher.png | bin | 0 -> 230452 bytes | |||
| -rw-r--r-- | docs/html/jd_collections.js | 16 | ||||
| -rw-r--r-- | docs/html/sdk/installing/index.jd | 2 | ||||
| -rw-r--r-- | docs/html/tools/help/android.jd | 25 | ||||
| -rw-r--r-- | docs/html/tools/help/draw9patch.jd | 40 | ||||
| -rw-r--r-- | docs/html/training/enterprise/app-compatibility.jd | 2 | ||||
| -rw-r--r-- | docs/html/training/enterprise/app-restrictions.jd | 351 | ||||
| -rw-r--r-- | docs/html/training/enterprise/index.jd | 109 | ||||
| -rw-r--r-- | docs/html/training/enterprise/work-policy-ctrl.jd | 339 | ||||
| -rw-r--r-- | docs/html/training/material/animations.jd | 5 | ||||
| -rw-r--r-- | docs/html/training/training_toc.cs | 32 |
12 files changed, 841 insertions, 87 deletions
diff --git a/docs/html/guide/topics/admin/device-admin.jd b/docs/html/guide/topics/admin/device-admin.jd index bed4b4d..45bd76a 100644 --- a/docs/html/guide/topics/admin/device-admin.jd +++ b/docs/html/guide/topics/admin/device-admin.jd @@ -48,6 +48,11 @@ solutions for Android-powered devices. It discusses the various features provided by the Device Administration API to provide stronger security for employee devices that are powered by Android.</p> +<p class="note"><strong>Note</strong> For information on building a Work Policy +Controller for Android for Work deployments, see <a +href="{@docRoot}training/enterprise/work-policy-ctrl.html">Building a Work +Policy Controller</a>.</p> + <h2 id="overview">Device Administration API Overview</h2> @@ -712,4 +717,4 @@ mDPM.setStorageEncryption(mDeviceAdminSample, true); </pre> <p> See the Device Administration API sample for a complete example of how to enable storage encryption. -</p>
\ No newline at end of file +</p> diff --git a/docs/html/images/enterprise/work-launcher.png b/docs/html/images/enterprise/work-launcher.png Binary files differnew file mode 100644 index 0000000..3bbd835 --- /dev/null +++ b/docs/html/images/enterprise/work-launcher.png diff --git a/docs/html/jd_collections.js b/docs/html/jd_collections.js index 6fb906e..9caf938 100644 --- a/docs/html/jd_collections.js +++ b/docs/html/jd_collections.js @@ -1186,5 +1186,21 @@ var RESOURCE_COLLECTIONS = { "training/multiscreen/index.html", "training/monitoring-device-state/index.html" ] + }, + "training/work/apps": { + "title": "", + "resources": [ + "training/enterprise/app-compatibility.html", + "training/enterprise/app-restrictions.html", + "samples/AppRestrictionSchema/index.html", + "samples/AppRestrictionEnforcer/index.html" + ] + }, + "training/work/admin": { + "title": "", + "resources": [ + "training/enterprise/work-policy-ctrl.html", + "samples/BasicManagedProfile/index.html" + ] } }
\ No newline at end of file diff --git a/docs/html/sdk/installing/index.jd b/docs/html/sdk/installing/index.jd index d899ef3..45d1890 100644 --- a/docs/html/sdk/installing/index.jd +++ b/docs/html/sdk/installing/index.jd @@ -124,7 +124,7 @@ where they are installed. For example:</p> <li>If the SDK is not already installed, follow the setup wizard to install the SDK and any necessary SDK tools. <p class="note"><strong>Note:</strong> You may also need to install the ia32-libs, - lib32ncurses5-dev, and lib32stc++6 packages. These packages are required to support 32-bit apps + lib32ncurses5-dev, and lib32stdc++6 packages. These packages are required to support 32-bit apps on a 64-bit machine. </p> </li> </ol> diff --git a/docs/html/tools/help/android.jd b/docs/html/tools/help/android.jd index 19891e8..0d7d2aa 100644 --- a/docs/html/tools/help/android.jd +++ b/docs/html/tools/help/android.jd @@ -6,25 +6,26 @@ parent.link=index.html <p>{@code android} is an important development tool that lets you:</p> <ul> - <li>Create, delete, and view Android Virtual Devices (AVDs). See <a href= - "{@docRoot}tools/devices/managing-avds-cmdline.html">Managing AVDs from the Command -Line</a>.</li> + <li>Create, delete, and view Android Virtual Devices (AVDs). See <a href= + "{@docRoot}tools/devices/managing-avds-cmdline.html">Managing AVDs from the Command Line</a>.</li> - <li>Create and update Android projects. See <a href= + <li>Create and update Android projects. See <a href= "{@docRoot}tools/projects/projects-cmdline.html">Managing Projects from the Command Line</a>.</li> - <li>Update your Android SDK with new platforms, add-ons, and documentation. See <a href= - "{@docRoot}sdk/exploring.html">Exploring the SDK</a>.</li> - </ul>If you are using Eclipse, the <code>android</code> tool's features are integrated - into ADT, so you should not need to use this tool directly. - + <li>Update your Android SDK with new platforms, add-ons, and documentation. See <a href= + "{@docRoot}tools/help/sdk-manager.html">SDK Manager</a>.</li> + </ul> + +<p>If you are using Android Studio or Eclipse, the <code>android</code> tool's features are +integrated into the IDE, so you should not need to use this tool directly. </p> + <p class="note"><strong>Note:</strong> The documentation of options below is not exhaustive and may be out of date. For the most current list of options, execute <code>android --help</code>.</p> - - - + + + <h2>Syntax</h2> <pre>android [global options] action [action options]</pre> diff --git a/docs/html/tools/help/draw9patch.jd b/docs/html/tools/help/draw9patch.jd index 859b1cf..7c26441 100644 --- a/docs/html/tools/help/draw9patch.jd +++ b/docs/html/tools/help/draw9patch.jd @@ -2,42 +2,50 @@ page.title=Draw 9-patch page.tags=NinePatch @jd:body -<p>The Draw 9-patch tool allows you to easily create a - {@link android.graphics.NinePatch} graphic using a WYSIWYG editor.</p> -<p>For an introduction to Nine-patch graphics and how they work, please read -the section about Nine-patch in the -<a href="{@docRoot}guide/topics/graphics/2d-graphics.html#nine-patch">2D Graphics</a> +<p>The Draw 9-patch tool is a WYSIWYG editor that allows you to create bitmap images that +automatically resize to accommodate the contents of the view and the size of the screen. Selected +parts of the image are scaled horizontally or vertically based indicators drawn within the image. </p> +<p>For an introduction to NinePatch graphics and how they work, please read +the section about NinePatch Drawables in the +<a href="{@docRoot}guide/topics/graphics/2d-graphics.html#nine-patch">Canvas and Drawables</a> document.</p> <img src="{@docRoot}images/draw9patch-norm.png" style="float:right" alt="" height="300" width="341" /> -<p>Here's a quick guide to create a Nine-patch graphic using the Draw 9-patch tool. -You'll need the PNG image with which you'd like to create a NinePatch.</p> +<p>Here's a quick guide to create a NinePatch graphic using the Draw 9-patch tool. +You'll need the PNG image with which you'd like to create a NinePatch image.</p> <ol> - <li>From a terminal, launch the <code>draw9patch</code> application from your SDK - <code>/tools</code> directory. + <li>From a terminal, run the <code>draw9patch</code> command from your SDK + <code>sdk/tools</code> directory to launch the Draw 9-patch tool. </li> - <li>Drag your PNG image into the Draw 9-patch window + <li>Drag your PNG image into the Draw 9-patch window (or <strong>File</strong> > <strong>Open 9-patch...</strong> to locate the file). Your workspace will now open. <p>The left pane is your drawing area, in which you can edit the lines for the - stretchable patches and content area. The right + stretchable patches and content area. The right pane is the preview area, where you can preview your graphic when stretched.</p> </li> - <li>Click within the 1-pixel perimeter to draw the lines that define the stretchable - patches and (optional) content area. Right-click (or hold Shift and click, on Mac) to erase + <li>Click within the 1-pixel perimeter to draw the lines that define the stretchable + patches and (optional) content area. Right-click (or hold Shift and click, on Mac) to erase previously drawn lines. </li> <li>When done, select <strong>File</strong> > <strong>Save 9-patch...</strong> <p>Your image will be saved with the <code>.9.png</code> file name.</p> </li> </ol> - <p class="note"><strong>Note:</strong> A normal PNG file (<code>*.png</code>) will be - loaded with an empty one-pixel border added around the image, in which you can draw + + <p>To make sure that your NinePatch graphics scale down properly, verify that any + stretchable regions are at least 2x2 pixels in size. + Otherwise, they may disappear when scaled down. Also, provide one pixel of extra safe space in + the graphics before and after stretchable regions to avoid interpolation during scaling that may + cause the color at the boundaries to change. </p> + + <p class="note"><strong>Note:</strong> A normal PNG file (<code>*.png</code>) will be + loaded with an empty one-pixel border added around the image, in which you can draw the stretchable patches and content area. - A previously saved 9-patch file (<code>*.9.png</code>) will be loaded as-is, + A previously saved NinePatch file (<code>*.9.png</code>) will be loaded as-is, with no drawing area added, because it already exists.</p> <img src="{@docRoot}images/draw9patch-bad.png" style="float:right;clear:both" alt="" height="300" width="341" diff --git a/docs/html/training/enterprise/app-compatibility.jd b/docs/html/training/enterprise/app-compatibility.jd index 1ae1ee3..216a799 100644 --- a/docs/html/training/enterprise/app-compatibility.jd +++ b/docs/html/training/enterprise/app-compatibility.jd @@ -1,4 +1,6 @@ page.title=Ensuring Compatibility with Managed Profiles +page.metaDescription=Learn how to make sure your apps operate smoothly in a corporate environment by following some best practices. + @jd:body <div id="tb-wrapper"> diff --git a/docs/html/training/enterprise/app-restrictions.jd b/docs/html/training/enterprise/app-restrictions.jd new file mode 100644 index 0000000..fc5dfcc --- /dev/null +++ b/docs/html/training/enterprise/app-restrictions.jd @@ -0,0 +1,351 @@ +page.title=Implementing App Restrictions +page.metaDescription=Learn how to implement app restrictions and configuration settings that can be changed by other apps on the same device. +@jd:body + +<div id="tb-wrapper"> +<div id="tb"> + +<h2>This lesson teaches you to</h2> +<ol> + <li><a href="#define_restrictions">Define App Restrictions</a></li> + <li><a href="#check_restrictions">Check App Restrictions</a></li> + <li><a href="#listen">Listen for App Restriction Changes</a></li> +</ol> + +<!-- related docs (NOT javadocs) --> +<h2>Resources</h2> +<ul> + <li><a href="{@docRoot}samples/AppRestrictionSchema/index.html">AppRestrictionSchema</a> + sample app</li> + <li><a href="{@docRoot}samples/AppRestrictionEnforcer/index.html">AppRestrictionEnforcer</a> + sample app</li> +</ul> + +</div> +</div> + +<p>If you are developing apps for the enterprise market, you may need to satisfy +particular requirements set by a company's policies. Application restrictions +allow the enterprise administrator to remotely specify settings for apps. +This capability is particularly useful for enterprise-approved apps deployed to +a managed profile.</p> + +<p>For example, an enterprise might require that approved apps allow the +enterprise administrator to:</p> + +<ul> + <li>Whitelist or blacklist URLs for a web browser</li> + <li>Configure whether an app is allowed to sync content via cellular, or just + by Wi-Fi</li> + <li>Configure the app's email settings</li> +</ul> + +<p> + This guide shows how to implement these configuration settings in your app. +</p> + +<p class="note"> + <strong>Note:</strong> For historical reasons, these configuration settings are known as + <em>restrictions,</em> and are implemented with files and classes that use this + term (such as {@link android.content.RestrictionsManager}). However, these + restrictions can actually implement a wide range of configuration options, + not just restrictions on app functionality. +</p> + +<h2 id="overview"> + Remote Configuration Overview +</h2> + +<p> + Apps define the restrictions and configuration options that can be remotely + set by an administrator. These restrictions are + arbitrary configuration settings that can be changed by a restrictions + provider. If your app is running on an enterprise device's managed + profile, the enterprise administrator can change your app's restrictions. +</p> + +<p> + The restrictions provider is another app running on the same device. + This app is typically controlled by the enterprise administrator. The + enterprise administrator communicates restriction changes to the restrictions + provider app. That app, in turn, changes the restrictions on your app. +</p> + +<p> + To provide externally configurable restrictions: +</p> + +<ul> + <li>Declare the restrictions in your app manifest. Doing so allows the + enterprise administrator to read the app's restrictions through Google + Play APIs. + </li> + + <li>Whenever the app resumes, use the {@link + android.content.RestrictionsManager} object to check the current + restrictions, and change your app's UI and behavior to conform with those + restrictions. + </li> + + <li>Listen for the + {@link android.content.Intent#ACTION_APPLICATION_RESTRICTIONS_CHANGED + ACTION_APPLICATION_RESTRICTIONS_CHANGED} intent. When you receive this + broadcast, check the {@link android.content.RestrictionsManager} to see what + the current restrictions are, and make any necessary changes to your app's + behavior. + </li> +</ul> + +<h2 id="define_restrictions"> + Define App Restrictions +</h2> + +<p> + Your app can support any restrictions you want to define. You declare the + app's restrictions in a <em>restrictions file</em>, and declare the + restrictions file in the manifest. Creating a restrictions file allows other + apps to examine the restrictions your app provides. Enterprise Mobility + Management (EMM) partners can read your app's restrictions by using Google + Play APIs. +</p> + +<p> + To define your app's remote configuration options, put the following element + in your manifest's + <a href="{@docRoot}guide/topics/manifest/application-element.html"> + <code><application></code></a> element: +</p> + +<pre><meta-data android:name="android.content.APP_RESTRICTIONS" + android:resource="@xml/app_restrictions" /> +</pre> + +<p> + Create a file named <code>app_restrictions.xml</code> in your app's + <code>res/xml</code> directory. The structure of that file is described in + the reference for {@link android.content.RestrictionsManager}. The file has a + single top-level <code><restrictions></code> element, which contains + one <code><restriction></code> child element for every configuration + option the app has. +</p> + +<p class="note"> + <strong>Note:</strong> Do not create localized versions of the restrictions + file. Your app is only allowed to have a single restrictions file, + so restrictions will be consistent for your app in all locales. +</p> + +<p> + In an enterprise environment, an EMM will typically use the restrictions + schema to generate a remote console for IT administrators, so the + administrators can remotely configure your application. +</p> + +<p> + For example, suppose your app can be remotely configured to allow or forbid + it to download data over a cellular connection. Your app could have a + <code><restriction></code> element like this: +</p> + +<pre> +<?xml version="1.0" encoding="utf-8"?> +<restrictions xmlns:android="http://schemas.android.com/apk/res/android" > + + <restriction + android:key="downloadOnCellular" + android:title="App is allowed to download data via cellular" + android:restrictionType="bool" + android:description="If 'false', app can only download data via Wi-Fi" + android:defaultValue="true" /> + +</restrictions> +</pre> + +<p> + The supported types for the <code>android:restrictionType</code> element are + documented in the reference for {@link android.content.RestrictionsManager}. +</p> + +<p> + You use each restriction's <code>android:key</code> attribute to read its + value from a restrictions bundle. For this reason, each restriction must have + a unique key string, and the string <em>cannot</em> be localized. It must be + specified with a string literal. +</p> + +<p class="note"> + <strong>Note:</strong> In a production app, <code>android:title</code> and + <code>android:description</code> should be drawn from a localized resource + file, as described in <a href= + "{@docRoot}guide/topics/resources/localization.html">Localizing with + Resources</a>. +</p> + +<p> + The restrictions provider can query the app to find details on the app's + available restrictions, including their description text. Restrictions + providers and enterprise administrators can change your app's restrictions at + any time, even when the app is not running. +</p> + +<h2 id="check_restrictions"> + Check App Restrictions +</h2> + +<p> + Your app is not automatically notified when other apps change its restriction + settings. Instead, you need to check what the restrictions are when your app + starts or resumes, and listen for a system intent to find out if the + restrictions change while your app is running. +</p> + +<p> + To find out the current restriction settings, your app uses a {@link + android.content.RestrictionsManager} object. Your app should check for the + current restrictions at the following times: +</p> + +<ul> + <li>When the app starts or resumes, in its + {@link android.app.Activity#onResume onResume()} method + </li> + + <li>When the app is notified of a restriction change, as described in + <a href="#listen">Listen for Device Configuration + Changes</a> + </li> +</ul> + +<p> + To get a {@link android.content.RestrictionsManager} object, get the current + activity with {@link android.app.Fragment#getActivity getActivity()}, then + call that activity's {@link android.app.Activity#getSystemService + Activity.getSystemService()} method: +</p> + +<pre>RestrictionsManager myRestrictionsMgr = + (RestrictionsManager) getActivity() + .getSystemService(Context.RESTRICTIONS_SERVICE);</pre> + +<p> + Once you have a {@link android.content.RestrictionsManager}, you can get the current restrictions + settings by calling its + {@link android.content.RestrictionsManager#getApplicationRestrictions + getApplicationRestrictions()} method: +</p> + +<pre>Bundle appRestrictions = myRestrictionsMgr.getApplicationRestrictions();</pre> + +<p class="note"> + <strong>Note:</strong> For convenience, you can also fetch the current + restrictions with a {@link android.os.UserManager}, by calling {@link + android.os.UserManager#getApplicationRestrictions + UserManager.getApplicationRestrictions()}. This method behaves exactly the + same as {@link android.content.RestrictionsManager#getApplicationRestrictions + RestrictionsManager.getApplicationRestrictions()}. +</p> + +<p> + The {@link android.content.RestrictionsManager#getApplicationRestrictions + getApplicationRestrictions()} method requires reading from data storage, so + it should be done sparingly. Do not call this method every time you need to + know the current restrictions. Instead, you should call it once when your app + starts or resumes, and cache the fetched restrictions bundle. Then listen for + the {@link android.content.Intent#ACTION_APPLICATION_RESTRICTIONS_CHANGED + ACTION_APPLICATION_RESTRICTIONS_CHANGED} intent to find out if restrictions + change while your app is active, as described in <a href="#listen">Listen for + Device Configuration Changes</a>. +</p> + +<h3 id="read_restrictions"> + Reading and applying restrictions +</h3> + +<p> + The {@link android.content.RestrictionsManager#getApplicationRestrictions + getApplicationRestrictions()} method returns a {@link android.os.Bundle} + containing a key-value pair for each restriction that has been set. The + values are all of type <code>Boolean</code>, <code>int</code>, + <code>String</code>, and <code>String[]</code>. Once you have the + restrictions {@link android.os.Bundle}, you can check the current + restrictions settings with the standard {@link android.os.Bundle} methods for + those data types, such as {@link android.os.Bundle#getBoolean getBoolean()} + or + {@link android.os.Bundle#getString getString()}. +</p> + +<p class="note"> + <strong>Note:</strong> The restrictions {@link android.os.Bundle} contains + one item for every restriction that has been explicitly set by a restrictions + provider. However, you <em>cannot</em> assume that a restriction will be + present in the bundle just because you defined a default value in the + restrictions XML file. +</p> + +<p> + It is up to your app to take appropriate action based on the current + restrictions settings. For example, if your app has a restriction specifying + whether it can download data over a cellular connection, and you find that + the restriction is set to <code>false</code>, you would have to disable data + download except when the device has a Wi-Fi connection, as shown in the + following example code: +</p> + +<pre> +boolean appCanUseCellular; + +if appRestrictions.containsKey("downloadOnCellular") { + appCanUseCellular = appRestrictions.getBoolean("downloadOnCellular"); +} else { + // here, cellularDefault is a boolean set with the restriction's + // default value + appCanUseCellular = cellularDefault; +} + +if (!appCanUseCellular) { + // ...turn off app's cellular-download functionality + // ...show appropriate notices to user +}</pre> + +<h2 id="listen"> + Listen for App Restriction Changes +</h2> + +<p> + Whenever an app's restrictions are changed, the system fires the + {@link android.content.Intent#ACTION_APPLICATION_RESTRICTIONS_CHANGED + ACTION_APPLICATION_RESTRICTIONS_CHANGED} intent. Your app has to listen for + this intent so you can change the app's behavior when the restriction settings + change. The following code shows how to dynamically register a broadcast + receiver for this intent: +</p> + +<pre>IntentFilter restrictionsFilter = + new IntentFilter(Intent.ACTION_APPLICATION_RESTRICTIONS_CHANGED); + +BroadcastReceiver restrictionsReceiver = new BroadcastReceiver() { + @Override public void onReceive(Context context, Intent intent) { + + // Get the current restrictions bundle + Bundle <code>appRestrictions</code> = + + myRestrictionsMgr.getApplicationRestrictions(); + + // Check current restrictions settings, change your app's UI and + // functionality as necessary. + + } + +}; + +registerReceiver(restrictionsReceiver, restrictionsFilter); +</pre> +<p class="note"> + <strong>Note:</strong> Ordinarily, your app does not need to be notified + about restriction changes when it is paused. Instead, you should unregister + your broadcast receiver when the app is paused. When the app resumes, you + first check for the current restrictions (as discussed in <a href= + "#check_restrictions">Check Device Restrictions</a>), then register your + broadcast receiver to make sure you're notified about restriction changes + that happen while the app is active. +</p> diff --git a/docs/html/training/enterprise/index.jd b/docs/html/training/enterprise/index.jd index 0ac68cc..10be14e 100644 --- a/docs/html/training/enterprise/index.jd +++ b/docs/html/training/enterprise/index.jd @@ -1,58 +1,67 @@ -page.title=Developing for Enterprise -page.tags=policy,privacy - -trainingnavtop=true -startpage=true -next.title=Enhancing Security with Device Management Policies -next.link=device-management-policy.html +page.title=Building Apps for Work +meta.tags="work, enterprise, corporate" +page.tags="work", "enterprise", "corporate" +page.metaDescription=Learn how to build Android apps for the enterprise and take advantage of Google's Android for Work program. +page.tags="education" +page.article=true @jd:body -<div id="tb-wrapper"> -<div id="tb"> - -<!-- Required platform, tools, add-ons, devices, knowledge, etc. --> -<h2>Dependencies and prerequisites</h2> -<ul> - <li>Android 2.2 (API Level 8) or higher</li> -</ul> - -<!-- related docs (NOT javadocs) --> -<h2>You should also read</h2> -<ul> - <li><a href="{@docRoot}guide/topics/admin/device-admin.html">Device Administration</a></li> -</ul> - -<h2>Try it out</h2> - -<div class="download-box"> - <a href="http://developer.android.com/shareables/training/DeviceManagement.zip" -class="button">Download the sample</a> - <p class="filename">DeviceManagement.zip</p> -</div> - +<img src="{@docRoot}images/enterprise/work-launcher.png" + width="300" + style="float:right;margin:0 0 20px 20px" + alt="Android for Work apps in a managed profile"> + +<p> + The Android framework provides features to support the security, data separation, and + administration needs of a enterprise environment. As an app developer, you can make your app more + appealing to corporate customers by gracefully handling enterprise security and feature + restrictions. You can also modify your app so that technology administrators can remotely + configure it for use with enterprise resources. +</p> + +<p> + To help businesses incorporate Android devices and apps into the workplace, Google provides the + <a href="http://www.google.com/work/android">Android for Work</a> program, which offers a suite + of APIs and services for device distribution and administration. Through this program companies + can connect with Enterprise Mobility Management (EMM) providers to help integrate Android with + their businesses. +</p> + +<p> + For more information, follow the links below to learn how to update your Android app to support + the enterprise environment or build enterprise-specific solutions. +</p> + + +<h2 id="apps">App Development for Enterprises</h2> + +<p> + Learn how to make your app function smoothly in corporate environments that restrict device + features and data access. Go further to support enterprise use of your app by enabling + restrictions that corporate technology administrators can use to remotely configure your app: +</p> + +<div class="dynamic-grid"> + <div class="resource-widget resource-flow-layout landing col-12" + data-query="collection:training/work/apps" + data-cardSizes="9x3" + data-maxResults="6"> + </div> </div> -</div> - - -<p>In this class, you'll learn APIs and techniques you can use when developing applications -for the enterprise.</p> - -<h2>Lessons</h2> +<h2 id="admin">Device and App Administration</h2> -<dl> - <dt><b><a href="device-management-policy.html">Enhancing Security with Device Management -Policies</a></b></dt> - <dd>In this lesson, you will learn how to create a security-aware application that manages -access to its content by enforcing device management policies</dd> +<p> + Learn how to build policy controller apps that enable enterprise technology administrators + to manage devices, manage corporate apps, and provide access to company resources: +</p> - <dt><b><a href="app-compatibility.html">Ensuring Compatibility with Managed Profiles</a></b></dt> - - <dd>In this lesson, you will learn the best practices to follow to ensure - that your app functions properly on devices that use <a - href="{@docRoot}about/versions/android-5.0.html#Enterprise">managed - profiles</a></dd> - -</dl> +<div class="dynamic-grid"> + <div class="resource-widget resource-flow-layout landing col-12" + data-query="collection:training/work/admin" + data-cardSizes="9x3" + data-maxResults="4"> + </div> +</div> diff --git a/docs/html/training/enterprise/work-policy-ctrl.jd b/docs/html/training/enterprise/work-policy-ctrl.jd new file mode 100644 index 0000000..5854e65 --- /dev/null +++ b/docs/html/training/enterprise/work-policy-ctrl.jd @@ -0,0 +1,339 @@ +page.title=Building a Work Policy Controller +page.metaDescription=Learn how to develop a Work Policy Controller to create and administer a managed profile on an employee's device. +@jd:body + +<div id="tb-wrapper"> +<div id="tb"> + +<h2>This lesson teaches you to</h2> +<ol> + <li><a href="#after_creating_profile">Create a Managed Profile</a></li> + <li><a href="#set_up_policies">Set Up Device Policies</a></li> + <li><a href="#apply_restrictions">Apply App Restrictions</a></li> +</ol> + +<!-- related docs (NOT javadocs) --> + +<h2> + You should also read +</h2> + +<ul> + <li> + <a href="{@docRoot}guide/topics/admin/device-admin.html">Device + Administration</a> + </li> +</ul> + +<h2>Resources</h2> +<ul> + + <li> + <a href= + "{@docRoot}samples/BasicManagedProfile/index.html">BasicManagedProfile</a> + </li> + + <li> + <a href= + "{@docRoot}samples/AppRestrictionEnforcer/index.html">AppRestrictionEnforcer</a> + </li> +</ul> + +</div> +</div> + + +<p> + In an Android for Work deployment, an enterprise needs to maintain control + over certain aspects of the employees' devices. The enterprise needs to + ensure that work-related information is encrypted and is kept separate from + employees' personal data. The enterprise may also need to limit device + capabilities, such as whether the device is allowed to use its camera. And + the enterprise may require that approved apps provide app restrictions, so + the enterprise can turn app capability on or off as needed. +</p> + +<p> + To handle these tasks, an enterprise develops and deploys a Work Policy + Controller app. This app is installed on each employee's device. The + controller app installed on each employee's device and creates a work user + profile, which accesses enterprise apps and data separately from the user's + personal account. The controller app also acts as the + bridge between the enterprise's management software and the device; the + enterprise tells the controller app when it needs to make configuration + changes, and the controller app makes the appropriate settings changes for the + device and for other apps. +</p> + +<p> + This lesson describes how to develop a Work Policy Controller app for devices + in an Android for Work deployment. The lesson describes how to create a work + user profile, how to set device policies, and how to apply + restrictions to other apps running on the managed profile. +</p> + +<p class="note"> + <strong>Note:</strong> This lesson does not cover the situation where the + only profile on the device is the managed profile, under the enterprise's + control. +</p> + +<h2 id="overview">Device Administration Overview</h2> + +<p> + In an Android for Work deployment, the enterprise administrator can set + policies to control the behavior of employees' devices and apps. The + enterprise administrator sets these policies with software provided by their + Enterprise Mobility Management (EMM) provider. The EMM software communicates + with a Work Policy Controller on each device. The Work Policy Controller, in + turn, manages the settings and behavior of the work user profile on each + individual’s device. +</p> + +<p class="note"> + <strong>Note:</strong> A Work Policy Controller is built on the existing + model used for device administration applications, as described in <a href= + "{@docRoot}guide/topics/admin/device-admin.html">Device Administration</a>. + In particular, your app needs to create a subclass of {@link + android.app.admin.DeviceAdminReceiver}, as described in that document. +</p> + +<h3 id="managed_profiles">Managed profiles</h3> + +<p> + Users often want to use their personal devices in an enterprise setting. This + situation can present enterprises with a dilemma. If the user can use their + own device, the enterprise has to worry that confidential information (like + employee emails and contacts) are on a device the enterprise does not + control. +</p> + +<p> + To address this situation, Android 5.0 (API level 21) allows enterprises to + set up a special work user profile using the Managed Profile API. This + user profile is called a <em>managed profile</em>, or a <em>work profile</em> + in the Android for Work program. If a device has a + managed profile for work, the profile's settings are under the control of the + enterprise administrator. The administrator can choose which apps are allowed + for that profile, and can control just what device features are available to + the profile. +</p> + +<h2 id="create_profile">Create a Managed Profile</h2> + +<p>To create a managed profile on a device that already has a personal profile, +first check that the device can support a managed profile, by seeing if the +device supports the {@link +android.content.pm.PackageManager#FEATURE_MANAGED_USERS FEATURE_MANAGED_USERS} +system feature:</p> + +<pre>PackageManager pm = getPackageManager(); +if (!pm.hasSystemFeature(PackageManager.FEATURE_MANAGED_USERS)) { + + // This device does not support native managed profiles! + +}</pre> + +<p>If the device supports managed profiles, create one by sending an intent with +an {@link android.app.admin.DevicePolicyManager#ACTION_PROVISION_MANAGED_PROFILE +ACTION_PROVISION_MANAGED_PROFILE} action. Include the device admin package +name as an extra.</p> + +<pre>Activity provisioningActivity = getActivity(); + +// You'll need the package name for the WPC app. +String myWPCPackageName = "com.example.myWPCApp"; + +// Set up the provisioning intent +Intent provisioningIntent = + new Intent("android.app.action.PROVISION_MANAGED_PROFILE"); +intent.putExtra(myWPCPackageName, + provisioningActivity.getApplicationContext().getPackageName()); + +if (provisioningIntent.resolveActivity(provisioningActivity.getPackageManager()) + == null) { + + // No handler for intent! Can't provision this device. + // Show an error message and cancel. +} else { + + // REQUEST_PROVISION_MANAGED_PROFILE is defined + // to be a suitable request code + startActivityForResult(provisioningIntent, + REQUEST_PROVISION_MANAGED_PROFILE); + provisioningActivity.finish(); +}</pre> + +<p>The system responds to this intent by doing the following:</p> + +<ul> + <li>Verifies that the device is encrypted. If it is not, the system prompts + the user to encrypt the device before proceeding. + </li> + + <li>Creates a managed profile. + </li> + + <li>Removes non-required applications from the managed profile. + </li> + + <li>Copies the Work Policy Controller application into the managed profile and + sets it as the profile owner. + </li> +</ul> + +<p>Override {@link android.app.Activity#onActivityResult onActivityResult()} to +see whether the provisioning was successful, as shown in the following +example code:</p> + +<pre>@Override +public void onActivityResult(int requestCode, int resultCode, Intent data) { + + // Check if this is the result of the provisioning activity + if (requestCode == REQUEST_PROVISION_MANAGED_PROFILE) { + + // If provisioning was successful, the result code is + // Activity.RESULT_OK + if (resultCode == Activity.RESULT_OK) { + // Hurray! Managed profile created and provisioned! + } else { + // Boo! Provisioning failed! + } + return; + + } else { + // This is the result of some other activity, call the superclass + super.onActivityResult(requestCode, resultCode, data); + } +}</pre> + +<h3 id="after_creating_profile">After Creating the Managed Profile</h3> + +<p>When the profile has been provisioned, the system calls the Work Policy +Controller app's {@link +android.app.admin.DeviceAdminReceiver#onProfileProvisioningComplete +DeviceAdminReceiver.onProfileProvisioningComplete()} method. Override this +callback method to finish enabling the managed profile.</p> + +<p>Typically, your {@link +android.app.admin.DeviceAdminReceiver#onProfileProvisioningComplete +DeviceAdminReceiver.onProfileProvisioningComplete()} callback implementation +would perform these tasks:</p> + +<ul> + <li>Verify that the device is complying with the EMM's device policies, as + described in <a href="#set_up_policies">Set Up Device Policies</a> + </li> + + <li>Enable any system applications that the administrator chooses to make + available within the managed profile, using {@link + android.app.admin.DevicePolicyManager#enableSystemApp + DevicePolicyManager.enableSystemApp()} </li> + + <li>If the device uses Google Play for Work, add the Google account + to the managed profile with {@link android.accounts.AccountManager#addAccount + AccountManager.addAccount()}, so administrators can install + applications to the device + </li> +</ul> + +<p>Once you have completed these tasks, call the device policy manager's +{@link android.app.admin.DevicePolicyManager#setProfileEnabled +setProfileEnabled()} method to activate the managed profile:</p> + + +<pre>// Get the device policy manager +DevicePolicyManager myDevicePolicyMgr = + (DevicePolicyManager) getSystemService(Context.DEVICE_POLICY_SERVICE); + +ComponentName componentName = myDeviceAdminReceiver.getComponentName(this); + +// Set the name for the newly created managed profile. +myDevicePolicyMgr.setProfileName(componentName, "My New Managed Profile"); + +// ...and enable the profile +manager.setProfileEnabled(componentName);</pre> + +<h2 id="set_up_policies">Set Up Device Policies</h2> + +<p> + The Work Policy Controller app is responsible for applying the enterprise's + device policies. For example, a particular enterprise might require that all + devices become locked after a certain number of failed attempts to enter the + device password. The controller app queries the EMM to find out what + the current policies are, then uses the <a href= + "{@docRoot}guide/topics/admin/device-admin.html">Device Administration</a> + API to apply those policies. +</p> + +<p>For information on how to apply device policies, see the +<a href="{@docRoot}guide/topics/admin/device-admin.html#policies">Device +Administration</a> guide.</p> + + +<h2 id="apply_restrictions">Apply App Restrictions</h2> + +<p>Enterprise environments may require that approved apps implement apps +implement security or feature restrictions. App developers must implement these +restrictions and declare them for use by enterprise administrators, as described +in <a href="{@docRoot}training/enterprise/app-restrictions.html">Implementing +App Restrictions</a>. The Work Policy Controller receives restriction changes +from the enterprise administrator, and forwards those restriction changes to the +apps.</p> + +<p>For example, a particular news app might have a restriction setting that +controls whether the app is allowed to download videos over a cellular +network. When the EMM wants to disable cellular downloads, it sends a +notification to the controller app. The controller app, in turn, +notifies the news app that the restriction setting has changed.</p> + +<p class="note"><strong>Note:</strong> This document covers how the Work Policy +Controller app changes the restriction settings for the other apps on the +managed profile. Details on how the Work Policy Controller app communicates with +the EMM are out of scope for this document.</p> + +<p>To change an app's restrictions, call the {@link +android.app.admin.DevicePolicyManager#setApplicationRestrictions +DevicePolicyManager.setApplicationRestrictions()} method. This method is passed +three parameters: the controller app's {@link +android.app.admin.DeviceAdminReceiver}, the package name of the app whose +restrictions are being changed, and a {@link android.os.Bundle Bundle} that +contains the restrictions you want to set.</p> + +<p>For example, suppose there's an app on the managed profile with the package +name <code>"com.example.newsfetcher"</code>. This app has a single boolean +restriction that can be configured, with the key +<code>"downloadByCellular"</code>. If this restriction is set to +<code>false</code>, the newsfetcher app is not allowed to download data through +a cellular network; it must use a Wi-Fi network instead.</p> + +<p> + If your Work Policy Controller app needs to turn off cellular downloads, it + would first fetch the device policy service object, as described above. It + then assembles a restrictions bundle and passes this bundle to {@link + android.app.admin.DevicePolicyManager#setApplicationRestrictions + setApplicationRestrictions()}: +</p> + +<pre>// Fetch the DevicePolicyManager +DevicePolicyManager myDevicePolicyMgr = + (DevicePolicyManager) thisActivity + .getSystemService(Context.DEVICE_POLICY_SERVICE); + +// Set up the restrictions bundle +bundle restrictionsBundle = new Bundle(); +restrictionsBundle.putBoolean("downloadByCellular", false); + +// Pass the restrictions to the policy manager. Assume the WPC app +// already has a DeviceAdminReceiver defined (myDeviceAdminReceiver). +myDevicePolicyMgr.setApplicationRestrictions( + myDeviceAdminReceiver, "com.example.newsfetcher", restrictionsBundle);</pre> + + +<p class="note"><strong>Note:</strong> The device policy service conveys the restrictions +change to the app you name. However, it is up to that app to actually implement +the restriction. For example, in this case, the app would be responsible for +disabling its ability to use cellular networks for video downloads. Setting the +restriction does not cause the system to enforce this restriction on the app. +For more information, see <a href="{@docRoot}training/enterprise/app- +restrictions.html">Implementing App Restrictions</a>.</p> diff --git a/docs/html/training/material/animations.jd b/docs/html/training/material/animations.jd index efc0ee3..86e91a7 100644 --- a/docs/html/training/material/animations.jd +++ b/docs/html/training/material/animations.jd @@ -46,9 +46,10 @@ between different states with a ripple effect.</p> background as:</p> <ul> -<li><code>?android:attr/selectableItemBackground</code> for a bounded ripple</li> +<li><code>?android:attr/selectableItemBackground</code> for a bounded ripple.</li> <li><code>?android:attr/selectableItemBackgroundBorderless</code> for a ripple that extends beyond -the view</li> +the view. It will be drawn upon, and bounded by, the nearest parent of the view with a non-null +background.</li> </ul> <p class="note"><strong>Note:</strong> <code>selectableItemBackgroundBorderless</code> is a new diff --git a/docs/html/training/training_toc.cs b/docs/html/training/training_toc.cs index c59d8ff..89e72f1 100644 --- a/docs/html/training/training_toc.cs +++ b/docs/html/training/training_toc.cs @@ -1040,6 +1040,32 @@ include the action bar on devices running Android 2.1 or higher." <!-- End: Building for Auto --> + <!-- Start: Building for Work --> + <li class="nav-section"> + <div class="nav-section-header"> + <a href="<?cs var:toroot ?>training/enterprise/index.html"> + <span class="small">Building Apps for</span><br/> + Work + </a> + </div> + <ul> + <li><a href="<?cs var:toroot ?>training/enterprise/app-compatibility.html"> + Ensuring Compatibility with Managed Profiles + </a> + </li> + <li><a href="<?cs var:toroot ?>training/enterprise/app-restrictions.html"> + Implementing App Restrictions + </a> + </li> + <li><a href="<?cs var:toroot ?>training/enterprise/work-policy-ctrl.html"> + Building a Work Policy Controller + </a> + </li> + </ul> + </li> + <!-- End: Building for Work --> + + <li class="nav-section"> <div class="nav-section-header"> <a href="<?cs var:toroot ?>training/best-ux.html"> @@ -1752,10 +1778,6 @@ results." Enhancing Security with Device Management Policies </a> </li> - <li><a href="<?cs var:toroot ?>training/enterprise/app-compatibility.html"> - Ensuring Compatibility with Managed Profiles - </a> - </li> </ul> </li> </ul> @@ -1887,4 +1909,4 @@ results." buildToggleLists(); changeNavLang(getLangPref()); //--> -</script>
\ No newline at end of file +</script> |
