REST Resource: enterprises.policies

منبع: سیاست

یک منبع خط مشی نشان دهنده گروهی از تنظیمات است که بر رفتار یک دستگاه مدیریت شده و برنامه های نصب شده روی آن نظارت می کند.

نمایندگی JSON 
{
  "name": string,
  "version": string,
  "applications": [
    {
      object (ApplicationPolicy)
    }
  ],
  "maximumTimeToLock": string,
  "screenCaptureDisabled": boolean,
  "cameraDisabled": boolean,
  "keyguardDisabledFeatures": [
    enum (KeyguardDisabledFeature)
  ],
  "defaultPermissionPolicy": enum (PermissionPolicy),
  "persistentPreferredActivities": [
    {
      object (PersistentPreferredActivity)
    }
  ],
  "openNetworkConfiguration": {
    object
  },
  "systemUpdate": {
    object (SystemUpdate)
  },
  "accountTypesWithManagementDisabled": [
    string
  ],
  "addUserDisabled": boolean,
  "adjustVolumeDisabled": boolean,
  "factoryResetDisabled": boolean,
  "installAppsDisabled": boolean,
  "mountPhysicalMediaDisabled": boolean,
  "modifyAccountsDisabled": boolean,
  "safeBootDisabled": boolean,
  "uninstallAppsDisabled": boolean,
  "statusBarDisabled": boolean,
  "keyguardDisabled": boolean,
  "minimumApiLevel": integer,
  "statusReportingSettings": {
    object (StatusReportingSettings)
  },
  "bluetoothContactSharingDisabled": boolean,
  "shortSupportMessage": {
    object (UserFacingMessage)
  },
  "longSupportMessage": {
    object (UserFacingMessage)
  },
  "passwordRequirements": {
    object (PasswordRequirements)
  },
  "wifiConfigsLockdownEnabled": boolean,
  "bluetoothConfigDisabled": boolean,
  "cellBroadcastsConfigDisabled": boolean,
  "credentialsConfigDisabled": boolean,
  "mobileNetworksConfigDisabled": boolean,
  "tetheringConfigDisabled": boolean,
  "vpnConfigDisabled": boolean,
  "wifiConfigDisabled": boolean,
  "createWindowsDisabled": boolean,
  "networkResetDisabled": boolean,
  "outgoingBeamDisabled": boolean,
  "outgoingCallsDisabled": boolean,
  "removeUserDisabled": boolean,
  "shareLocationDisabled": boolean,
  "smsDisabled": boolean,
  "unmuteMicrophoneDisabled": boolean,
  "usbFileTransferDisabled": boolean,
  "ensureVerifyAppsEnabled": boolean,
  "permittedInputMethods": {
    object (PackageNameList)
  },
  "stayOnPluggedModes": [
    enum (BatteryPluggedMode)
  ],
  "recommendedGlobalProxy": {
    object (ProxyInfo)
  },
  "setUserIconDisabled": boolean,
  "setWallpaperDisabled": boolean,
  "choosePrivateKeyRules": [
    {
      object (ChoosePrivateKeyRule)
    }
  ],
  "alwaysOnVpnPackage": {
    object (AlwaysOnVpnPackage)
  },
  "frpAdminEmails": [
    string
  ],
  "deviceOwnerLockScreenInfo": {
    object (UserFacingMessage)
  },
  "dataRoamingDisabled": boolean,
  "locationMode": enum (LocationMode),
  "networkEscapeHatchEnabled": boolean,
  "bluetoothDisabled": boolean,
  "complianceRules": [
    {
      object (ComplianceRule)
    }
  ],
  "blockApplicationsEnabled": boolean,
  "installUnknownSourcesAllowed": boolean,
  "debuggingFeaturesAllowed": boolean,
  "funDisabled": boolean,
  "autoTimeRequired": boolean,
  "permittedAccessibilityServices": {
    object (PackageNameList)
  },
  "appAutoUpdatePolicy": enum (AppAutoUpdatePolicy),
  "kioskCustomLauncherEnabled": boolean,
  "androidDevicePolicyTracks": [
    enum (AppTrack)
  ],
  "skipFirstUseHintsEnabled": boolean,
  "privateKeySelectionEnabled": boolean,
  "encryptionPolicy": enum (EncryptionPolicy),
  "usbMassStorageEnabled": boolean,
  "permissionGrants": [
    {
      object (PermissionGrant)
    }
  ],
  "playStoreMode": enum (PlayStoreMode),
  "setupActions": [
    {
      object (SetupAction)
    }
  ],
  "passwordPolicies": [
    {
      object (PasswordRequirements)
    }
  ],
  "policyEnforcementRules": [
    {
      object (PolicyEnforcementRule)
    }
  ],
  "kioskCustomization": {
    object (KioskCustomization)
  },
  "advancedSecurityOverrides": {
    object (AdvancedSecurityOverrides)
  },
  "personalUsagePolicies": {
    object (PersonalUsagePolicies)
  },
  "autoDateAndTimeZone": enum (AutoDateAndTimeZone),
  "oncCertificateProviders": [
    {
      object (OncCertificateProvider)
    }
  ],
  "crossProfilePolicies": {
    object (CrossProfilePolicies)
  },
  "preferentialNetworkService": enum (PreferentialNetworkService),
  "usageLog": {
    object (UsageLog)
  },
  "cameraAccess": enum (CameraAccess),
  "microphoneAccess": enum (MicrophoneAccess),
  "deviceConnectivityManagement": {
    object (DeviceConnectivityManagement)
  },
  "deviceRadioState": {
    object (DeviceRadioState)
  },
  "credentialProviderPolicyDefault": enum (CredentialProviderPolicyDefault),
  "printingPolicy": enum (PrintingPolicy),
  "displaySettings": {
    object (DisplaySettings)
  },
  "assistContentPolicy": enum (AssistContentPolicy),
  "workAccountSetupConfig": {
    object (WorkAccountSetupConfig)
  },
  "wipeDataFlags": [
    enum (WipeDataFlag)
  ],
  "enterpriseDisplayNameVisibility": enum (EnterpriseDisplayNameVisibility),
  "appFunctions": enum (AppFunctions),
  "defaultApplicationSettings": [
    {
      object (DefaultApplicationSetting)
    }
  ]
}
فیلدها
name

string

نام خط‌مشی به شکل enterprises/{enterpriseId}/policies/{policyId} .

version

string ( int64 format)

نسخه سیاست. این یک فیلد فقط خواندنی است. هر بار که خط مشی به روز می شود، نسخه افزایش می یابد.

applications[]

object ( ApplicationPolicy )

خط مشی اعمال شده برای برنامه ها این می تواند حداکثر 3000 عنصر داشته باشد.

maximumTimeToLock

string ( int64 format)

حداکثر زمان فعالیت کاربر بر حسب میلی ثانیه تا زمانی که دستگاه قفل شود. مقدار 0 به این معنی است که هیچ محدودیتی وجود ندارد.

screenCaptureDisabled

boolean

اینکه آیا ضبط صفحه غیرفعال است یا خیر.

cameraDisabled
(deprecated)

boolean

اگر cameraAccess روی مقداری غیر از CAMERA_ACCESS_UNSPECIFIED تنظیم شده باشد، این هیچ تاثیری ندارد. در غیر این صورت، این فیلد غیرفعال بودن دوربین‌ها را کنترل می‌کند: اگر درست باشد، همه دوربین‌ها غیرفعال هستند، در غیر این صورت در دسترس هستند. برای دستگاه‌های کاملاً مدیریت‌شده، این فیلد برای همه برنامه‌های موجود در دستگاه اعمال می‌شود. برای نمایه‌های کاری، این قسمت فقط برای برنامه‌های موجود در نمایه کاری اعمال می‌شود و دسترسی دوربین برنامه‌های خارج از نمایه کاری تحت تأثیر قرار نمی‌گیرد.

keyguardDisabledFeatures[]

enum ( KeyguardDisabledFeature )

سفارشی‌سازی‌های صفحه کلید غیرفعال، مانند ویجت‌ها.

defaultPermissionPolicy

enum ( PermissionPolicy )

سیاست مجوز پیش‌فرض برای درخواست‌های مجوز زمان اجرا.

persistentPreferredActivities[]

object ( PersistentPreferredActivity )

فعالیت های کنترل کننده هدف پیش فرض.

openNetworkConfiguration

object ( Struct format)

پیکربندی شبکه برای دستگاه برای اطلاعات بیشتر به پیکربندی شبکه ها مراجعه کنید.

systemUpdate

object ( SystemUpdate )

خط‌مشی به‌روزرسانی سیستم، که نحوه اعمال به‌روزرسانی‌های سیستم عامل را کنترل می‌کند. اگر نوع به‌روزرسانی WINDOWED باشد، پنجره به‌روزرسانی به‌طور خودکار برای به‌روزرسانی‌های برنامه Play نیز اعمال می‌شود.

توجه: به‌روزرسانی‌های سیستم Google Play (که به‌روزرسانی‌های خط اصلی نیز گفته می‌شود) به‌طور خودکار دانلود می‌شوند و برای نصب نیاز به راه‌اندازی مجدد دستگاه دارند. برای جزئیات بیشتر به بخش خط اصلی در مدیریت به‌روزرسانی‌های سیستم مراجعه کنید.

accountTypesWithManagementDisabled[]

string

انواع حساب که توسط کاربر قابل مدیریت نیست.

addUserDisabled

boolean

اینکه آیا افزودن کاربران و نمایه‌های جدید غیرفعال است یا خیر. برای دستگاه‌هایی که managementMode DEVICE_OWNER است، این قسمت نادیده گرفته می‌شود و کاربر هرگز مجاز به افزودن یا حذف کاربران نیست.

adjustVolumeDisabled

boolean

آیا تنظیم صدای اصلی غیرفعال است یا خیر. همچنین دستگاه را بی صدا می کند. این تنظیم فقط روی دستگاه های کاملاً مدیریت شده تأثیر دارد.

factoryResetDisabled

boolean

اینکه آیا بازنشانی کارخانه از تنظیمات غیرفعال است یا خیر.

installAppsDisabled

boolean

آیا نصب برنامه‌ها توسط کاربر غیرفعال است یا خیر.

mountPhysicalMediaDisabled

boolean

اینکه کاربر در حال نصب رسانه خارجی فیزیکی غیرفعال است یا خیر.

modifyAccountsDisabled

boolean

اینکه آیا افزودن یا حذف حساب‌ها غیرفعال است.

safeBootDisabled
(deprecated)

boolean

راه‌اندازی مجدد دستگاه در راه‌اندازی ایمن غیرفعال است یا خیر.

uninstallAppsDisabled

boolean

اینکه آیا حذف نصب برنامه ها توسط کاربر غیرفعال است یا خیر. این از حذف نصب شدن برنامه‌ها، حتی برنامه‌هایی که با استفاده applications حذف می‌شوند، جلوگیری می‌کند

statusBarDisabled
(deprecated)

boolean

نوار وضعیت غیرفعال است یا خیر. این اعلان‌ها، تنظیمات سریع و دیگر پوشش‌های صفحه را غیرفعال می‌کند که امکان فرار از حالت تمام صفحه را فراهم می‌کند. منسوخ شده برای غیرفعال کردن نوار وضعیت در دستگاه کیوسک، از InstallType KIOSK یا kioskCustomLauncherEnabled استفاده کنید.

keyguardDisabled

boolean

اگر درست باشد، این حالت قفل صفحه را برای نمایشگرهای اولیه و/یا ثانویه غیرفعال می‌کند. این خط‌مشی فقط در حالت مدیریت دستگاه اختصاصی پشتیبانی می‌شود.

minimumApiLevel

integer

حداقل سطح مجاز Android API.

statusReportingSettings

object ( StatusReportingSettings )

تنظیمات گزارش وضعیت

bluetoothContactSharingDisabled

boolean

آیا اشتراک‌گذاری مخاطب بلوتوث غیرفعال است یا خیر.

shortSupportMessage

object ( UserFacingMessage )

هرجا که ادمین عملکرد را غیرفعال کرده باشد، پیامی در صفحه تنظیمات به کاربر نمایش داده می شود. اگر پیام بیشتر از 200 کاراکتر باشد ممکن است کوتاه شود.

longSupportMessage

object ( UserFacingMessage )

پیامی که در صفحه تنظیمات سرپرست دستگاه به کاربر نمایش داده می شود.

passwordRequirements
(deprecated)

object ( PasswordRequirements )

الزامات رمز عبور فیلد passwordRequirements.require_password_unlock نباید تنظیم شود. منسوخ شده - از passwordPolicies استفاده کنید.

توجه:

مقادیر مبتنی بر پیچیدگی PasswordQuality ، یعنی COMPLEXITY_LOW ، COMPLEXITY_MEDIUM ، و COMPLEXITY_HIGH را نمی توان در اینجا استفاده کرد. unifiedLockSettings نمی توان در اینجا استفاده کرد.

wifiConfigsLockdownEnabled
(deprecated)

boolean

این منسوخ شده است.

bluetoothConfigDisabled

boolean

آیا پیکربندی بلوتوث غیرفعال است یا خیر.

cellBroadcastsConfigDisabled

boolean

اینکه آیا پیکربندی پخش سلولی غیرفعال است یا خیر.

credentialsConfigDisabled

boolean

اینکه آیا پیکربندی اطلاعات کاربری کاربر غیرفعال است یا خیر.

mobileNetworksConfigDisabled

boolean

اینکه آیا پیکربندی شبکه های تلفن همراه غیرفعال است یا خیر.

tetheringConfigDisabled
(deprecated)

boolean

آیا پیکربندی اتصال به اینترنت و نقاط اتصال قابل حمل غیرفعال است. اگر tetheringSettings روی هر چیزی غیر از TETHERING_SETTINGS_UNSPECIFIED تنظیم شده باشد، این تنظیم نادیده گرفته می‌شود.

vpnConfigDisabled

boolean

آیا پیکربندی VPN غیرفعال است یا خیر.

wifiConfigDisabled
(deprecated)

boolean

اینکه آیا پیکربندی شبکه‌های Wi-Fi غیرفعال است یا خیر. در دستگاه های کاملاً مدیریت شده و نمایه های کاری در دستگاه های متعلق به شرکت پشتیبانی می شود. برای دستگاه‌هایی که کاملاً مدیریت می‌شوند، تنظیم آن روی true همه شبکه‌های پیکربندی شده را حذف می‌کند و فقط شبکه‌هایی را که با استفاده از openNetworkConfiguration پیکربندی شده‌اند حفظ می‌کند. برای نمایه های کاری در دستگاه های متعلق به شرکت، شبکه های پیکربندی شده موجود تحت تأثیر قرار نمی گیرند و کاربر مجاز به افزودن، حذف یا تغییر شبکه های Wi-Fi نیست. اگر configureWifi روی هر چیزی غیر از CONFIGURE_WIFI_UNSPECIFIED تنظیم شده باشد، این تنظیم نادیده گرفته می شود. توجه: اگر اتصال شبکه در زمان راه‌اندازی امکان‌پذیر نباشد و پیکربندی Wi-Fi غیرفعال باشد، دریچه فرار شبکه به منظور بازخوانی خط‌مشی دستگاه نشان داده می‌شود (به networkEscapeHatchEnabled مراجعه کنید).

createWindowsDisabled

boolean

اینکه آیا ایجاد پنجره‌ها در کنار پنجره‌های برنامه غیرفعال است یا خیر.

networkResetDisabled

boolean

اینکه آیا بازنشانی تنظیمات شبکه غیرفعال است یا خیر.

outgoingBeamDisabled

boolean

آیا استفاده از NFC برای ارسال داده از برنامه‌ها غیرفعال است یا خیر.

outgoingCallsDisabled

boolean

آیا تماس های خروجی غیرفعال هستند یا خیر.

removeUserDisabled

boolean

اینکه آیا حذف سایر کاربران غیرفعال است یا خیر.

shareLocationDisabled

boolean

اینکه آیا اشتراک‌گذاری موقعیت مکانی غیرفعال است یا خیر. shareLocationDisabled هم برای دستگاه‌های کاملاً مدیریت شده و هم برای پروفایل‌های کاری شخصی پشتیبانی می‌شود.

smsDisabled

boolean

اینکه آیا ارسال و دریافت پیامک غیرفعال است یا خیر.

unmuteMicrophoneDisabled
(deprecated)

boolean

اگر microphoneAccess روی مقداری غیر از MICROPHONE_ACCESS_UNSPECIFIED تنظیم شده باشد، این هیچ تاثیری ندارد. در غیر این صورت، این فیلد غیرفعال بودن میکروفون ها را کنترل می کند: اگر درست باشد، همه میکروفون ها غیرفعال هستند، در غیر این صورت در دسترس هستند. این فقط در دستگاه های کاملاً مدیریت شده در دسترس است.

usbFileTransferDisabled
(deprecated)

boolean

اینکه آیا انتقال فایل ها از طریق USB غیرفعال است. این فقط در دستگاه های متعلق به شرکت پشتیبانی می شود.

ensureVerifyAppsEnabled
(deprecated)

boolean

اینکه آیا تأیید برنامه به اجبار فعال است یا خیر.

permittedInputMethods

object ( PackageNameList )

در صورت وجود، فقط روش های ورودی ارائه شده توسط بسته های موجود در این لیست مجاز هستند. اگر این فیلد وجود داشته باشد، اما لیست خالی باشد، تنها روش های ورودی سیستم مجاز هستند.

stayOnPluggedModes[]

enum ( BatteryPluggedMode )

باتری در حالت هایی که دستگاه روشن می ماند وصل می شود. هنگام استفاده از این تنظیم، توصیه می‌شود maximumTimeToLock پاک کنید تا وقتی دستگاه روشن است، قفل نشود.

recommendedGlobalProxy

object ( ProxyInfo )

پراکسی جهانی HTTP مستقل از شبکه. معمولاً پراکسی ها باید در هر شبکه در openNetworkConfiguration پیکربندی شوند. با این حال، برای پیکربندی‌های غیرمعمول مانند فیلتر داخلی عمومی، یک پروکسی HTTP جهانی ممکن است مفید باشد. اگر پراکسی در دسترس نباشد، ممکن است دسترسی به شبکه قطع شود. پروکسی جهانی فقط یک توصیه است و برخی از برنامه ها ممکن است آن را نادیده بگیرند.

setUserIconDisabled

boolean

اینکه آیا تغییر نماد کاربر غیرفعال است یا خیر. این تنظیم فقط روی دستگاه های کاملاً مدیریت شده تأثیر دارد.

setWallpaperDisabled

boolean

اینکه آیا تغییر کاغذ دیواری غیرفعال است یا خیر.

choosePrivateKeyRules[]

object ( ChoosePrivateKeyRule )

قوانینی برای تعیین دسترسی برنامه ها به کلیدهای خصوصی. برای جزئیات به ChoosePrivateKeyRule مراجعه کنید. اگر برنامه‌ای دارای محدوده CERT_SELECTION است، باید خالی باشد.

alwaysOnVpnPackage

object ( AlwaysOnVpnPackage )

پیکربندی برای اتصال VPN همیشه روشن. از vpnConfigDisabled استفاده کنید تا از تغییر این تنظیمات جلوگیری کنید.

frpAdminEmails[]

string

آدرس ایمیل مدیران دستگاه برای محافظت از بازنشانی کارخانه. هنگامی که دستگاه به حالت کارخانه بازنشانی می‌شود، برای باز کردن قفل دستگاه، یکی از این مدیران باید با ایمیل حساب Google و رمز عبور وارد سیستم شود. اگر هیچ سرپرستی مشخص نشده باشد، دستگاه محافظت بازنشانی کارخانه ای را ارائه نخواهد کرد.

deviceOwnerLockScreenInfo

object ( UserFacingMessage )

اطلاعات مالک دستگاه روی صفحه قفل نشان داده شود.

dataRoamingDisabled

boolean

آیا خدمات داده رومینگ غیرفعال است یا خیر.

locationMode

enum ( LocationMode )

درجه تشخیص مکان فعال است.

networkEscapeHatchEnabled

boolean

آیا دریچه فرار شبکه فعال است یا خیر. اگر اتصال شبکه در زمان راه‌اندازی امکان‌پذیر نباشد، دریچه فرار از کاربر می‌خواهد که به طور موقت به یک شبکه متصل شود تا خط‌مشی دستگاه را بازخوانی کند. پس از اعمال خط مشی، شبکه موقت فراموش می شود و دستگاه به بوت شدن ادامه می دهد. اگر در آخرین خط مشی شبکه مناسبی وجود نداشته باشد و دستگاه در حالت کار قفل به برنامه راه اندازی شود یا کاربر در غیر این صورت قادر به دسترسی به تنظیمات دستگاه نباشد، این از اتصال به شبکه جلوگیری می کند.

توجه: تنظیم wifiConfigDisabled روی true این تنظیم را تحت شرایط خاص لغو می کند. لطفاً برای جزئیات بیشتر به wifiConfigDisabled مراجعه کنید. تنظیم configureWifi روی DISALLOW_CONFIGURING_WIFI این تنظیم را تحت شرایط خاصی لغو می‌کند. لطفاً برای جزئیات بیشتر به DISALLOW_CONFIGURING_WIFI مراجعه کنید.

bluetoothDisabled

boolean

اینکه آیا بلوتوث غیرفعال است. این تنظیم را به bluetoothConfigDisabled ترجیح دهید زیرا bluetoothConfigDisabled می تواند توسط کاربر دور بزند.

complianceRules[]
(deprecated)

object ( ComplianceRule )

قوانینی که اعلام می‌کند وقتی دستگاهی با خط‌مشی آن مطابقت ندارد، چه اقدامات کاهشی باید انجام شود. هنگامی که شرایط قوانین متعدد برآورده می شود، تمام اقدامات کاهش دهنده برای قوانین انجام می شود. حداکثر 100 قانون وجود دارد. به جای آن از قوانین اجرای سیاست استفاده کنید.

blockApplicationsEnabled
(deprecated)

boolean

اینکه آیا برنامه های کاربردی غیر از برنامه های پیکربندی شده در applications نصب نمی شوند یا خیر. پس از تنظیم، برنامه‌هایی که طبق خط‌مشی قبلی نصب شده‌اند اما دیگر در خط‌مشی ظاهر نمی‌شوند، به‌طور خودکار حذف نصب می‌شوند.

installUnknownSourcesAllowed
(deprecated)

boolean

این فیلد هیچ تاثیری ندارد.

debuggingFeaturesAllowed
(deprecated)

boolean

اینکه آیا کاربر مجاز است ویژگی‌های اشکال‌زدایی را فعال کند یا خیر.

funDisabled

boolean

اینکه آیا کاربر مجاز به تفریح ​​است یا خیر. کنترل می کند که آیا بازی تخم مرغ عید پاک در تنظیمات غیرفعال است یا خیر.

autoTimeRequired
(deprecated)

boolean

اینکه آیا زمان خودکار مورد نیاز است یا خیر، که مانع از تنظیم دستی تاریخ و زمان توسط کاربر می شود. اگر autoDateAndTimeZone تنظیم شده باشد، این قسمت نادیده گرفته می شود.

permittedAccessibilityServices

object ( PackageNameList )

خدمات دسترسی مجاز را مشخص می کند. اگر فیلد تنظیم نشده باشد، می توان از هر سرویس دسترسی استفاده کرد. اگر فیلد تنظیم شده باشد، فقط می توان از خدمات دسترسی در این لیست و سرویس دسترسی داخلی سیستم استفاده کرد. به ویژه، اگر فیلد خالی تنظیم شده باشد، فقط می توان از خدمات دسترسی داخلی سیستم استفاده کرد. این را می توان در دستگاه های کاملاً مدیریت شده و در نمایه های کاری تنظیم کرد. وقتی روی نمایه کاری اعمال می شود، هم بر نمایه شخصی و هم بر نمایه کاری تأثیر می گذارد.

appAutoUpdatePolicy

enum ( AppAutoUpdatePolicy )

جایگزین توصیه شده: autoUpdateMode که برای هر برنامه تنظیم می شود، انعطاف پذیری بیشتری را در مورد فرکانس به روز رسانی ارائه می دهد.

وقتی autoUpdateMode روی AUTO_UPDATE_POSTPONED یا AUTO_UPDATE_HIGH_PRIORITY تنظیم شده است، این فیلد اثری ندارد.

خط‌مشی به‌روزرسانی خودکار برنامه، که زمان اعمال به‌روزرسانی خودکار برنامه را کنترل می‌کند.

kioskCustomLauncherEnabled

boolean

اینکه آیا راه‌انداز سفارشی کیوسک فعال است یا خیر. این صفحه اصلی را با یک راه‌انداز جایگزین می‌کند که دستگاه را روی برنامه‌های نصب‌شده از طریق تنظیمات applications قفل می‌کند. برنامه ها در یک صفحه به ترتیب حروف الفبا ظاهر می شوند. از kioskCustomization برای پیکربندی بیشتر رفتار دستگاه کیوسک استفاده کنید.

androidDevicePolicyTracks[]
(deprecated)

enum ( AppTrack )

این تنظیم پشتیبانی نمی شود. هر ارزشی نادیده گرفته می شود.

skipFirstUseHintsEnabled

boolean

برای رد شدن از نکات در اولین استفاده پرچم گذاری کنید. سرپرست سازمانی می‌تواند توصیه سیستم را برای برنامه‌ها فعال کند تا در اولین راه‌اندازی از آموزش کاربر و سایر نکات مقدماتی صرف‌نظر کنند.

privateKeySelectionEnabled

boolean

به کاربر اجازه می‌دهد تا در صورت عدم وجود قوانین منطبق در ChoosePrivateKeyRules، یک نام مستعار کلید خصوصی را در دستگاه نشان دهد. برای دستگاه‌های زیر Android P، تنظیم این ممکن است کلیدهای سازمانی را آسیب‌پذیر کند. اگر برنامه‌ای دارای محدوده تفویض اختیار CERT_SELECTION باشد، این مقدار تأثیری نخواهد داشت.

encryptionPolicy

enum ( EncryptionPolicy )

اینکه آیا رمزگذاری فعال است یا خیر

usbMassStorageEnabled
(deprecated)

boolean

آیا حافظه USB فعال است یا خیر. منسوخ شده است.

permissionGrants[]

object ( PermissionGrant )

مجوز صریح یا گروهی اعطا یا رد برای همه برنامه‌ها. این مقادیر defaultPermissionPolicy نادیده می گیرند.

playStoreMode

enum ( PlayStoreMode )

این حالت برنامه‌هایی را که در فروشگاه Play در دسترس کاربر هستند و رفتار دستگاه هنگام حذف برنامه‌ها از خط‌مشی کنترل می‌کند.

setupActions[]

object ( SetupAction )

اقدامی که باید در طول فرآیند راه اندازی انجام شود. حداکثر ممکن است یک عمل مشخص شود.

passwordPolicies[]

object ( PasswordRequirements )

سیاست های مورد نیاز رمز عبور با تنظیم فیلد passwordScope در خط‌مشی، می‌توان خط‌مشی‌های مختلفی را برای نمایه کاری یا دستگاه‌های کاملاً مدیریت‌شده تنظیم کرد.

policyEnforcementRules[]

object ( PolicyEnforcementRule )

قوانینی که رفتار را در زمانی که یک خط مشی خاص نمی توان در دستگاه اعمال کرد را تعریف می کند

kioskCustomization

object ( KioskCustomization )

تنظیمات کنترل رفتار دستگاه در حالت کیوسک. برای فعال کردن حالت کیوسک، kioskCustomLauncherEnabled روی true تنظیم کنید یا یک برنامه را با installType KIOSK در خط مشی مشخص کنید.

advancedSecurityOverrides

object ( AdvancedSecurityOverrides )

تنظیمات امنیتی پیشرفته در بیشتر موارد، تنظیم این موارد مورد نیاز نیست.

personalUsagePolicies

object ( PersonalUsagePolicies )

خط‌مشی‌های مدیریت استفاده شخصی در دستگاه متعلق به شرکت.

autoDateAndTimeZone

enum ( AutoDateAndTimeZone )

آیا تاریخ خودکار، زمان و منطقه زمانی در دستگاه متعلق به شرکت فعال است. اگر این تنظیم شده باشد، autoTimeRequired نادیده گرفته می شود.

oncCertificateProviders[]

object ( OncCertificateProvider )

این ویژگی به طور کلی در دسترس نیست.

crossProfilePolicies

object ( CrossProfilePolicies )

خط‌مشی‌های نمایه متقابل اعمال شده در دستگاه.

preferentialNetworkService

enum ( PreferentialNetworkService )

کنترل می کند که آیا سرویس شبکه ترجیحی در نمایه کاری فعال باشد یا در دستگاه های کاملاً مدیریت شده. به عنوان مثال، یک سازمان ممکن است با یک شرکت مخابراتی توافق کند که تمام داده های کاری دستگاه های کارمندانش از طریق یک سرویس شبکه اختصاص داده شده برای استفاده سازمانی ارسال شود. نمونه ای از خدمات شبکه ترجیحی پشتیبانی شده، بخش سازمانی در شبکه های 5G است. اگر preferentialNetworkServiceSettings یا ApplicationPolicy.preferentialNetworkId در دستگاه‌های دارای Android نسخه 13 یا بالاتر تنظیم شده باشد، این خط‌مشی تأثیری ندارد.

usageLog

object ( UsageLog )

پیکربندی ثبت فعالیت دستگاه

cameraAccess

enum ( CameraAccess )

استفاده از دوربین و دسترسی کاربر به کلید دسترسی به دوربین را کنترل می کند.

microphoneAccess

enum ( MicrophoneAccess )

استفاده از میکروفون و دسترسی کاربر به کلید دسترسی میکروفون را کنترل می کند. این فقط در دستگاه های کاملاً مدیریت شده اعمال می شود.

deviceConnectivityManagement

object ( DeviceConnectivityManagement )

کنترل‌های اتصال دستگاه مانند Wi-Fi، دسترسی به داده‌های USB، اتصالات صفحه‌کلید/موس و غیره را پوشش می‌دهد.

deviceRadioState

object ( DeviceRadioState )

کنترل‌های وضعیت رادیویی مانند Wi-Fi، بلوتوث و موارد دیگر را پوشش می‌دهد.

credentialProviderPolicyDefault

enum ( CredentialProviderPolicyDefault )

برنامه‌ها را کنترل می‌کند که به‌عنوان ارائه‌دهنده اعتبار در Android نسخه ۱۴ و بالاتر عمل کنند. این برنامه‌ها اعتبارنامه‌ها را ذخیره می‌کنند، برای جزئیات بیشتر این و این را ببینید. همچنین به credentialProviderPolicy مراجعه کنید.

printingPolicy

enum ( PrintingPolicy )

اختیاری. کنترل می کند که آیا چاپ مجاز است یا خیر. این در دستگاه های دارای اندروید 9 و بالاتر پشتیبانی می شود. .

displaySettings

object ( DisplaySettings )

اختیاری. کنترل تنظیمات نمایشگر

assistContentPolicy

enum ( AssistContentPolicy )

اختیاری. کنترل می کند که آیا AssistContent مجاز است به یک برنامه ممتاز مانند برنامه دستیار ارسال شود یا خیر. AssistContent شامل اسکرین شات ها و اطلاعات مربوط به یک برنامه، مانند نام بسته است. این در اندروید 15 و بالاتر پشتیبانی می شود.

workAccountSetupConfig

object ( WorkAccountSetupConfig )

اختیاری. پیکربندی راه‌اندازی حساب کاری را کنترل می‌کند، مانند جزئیات مربوط به اینکه آیا یک حساب تأیید شده Google مورد نیاز است یا خیر.

wipeDataFlags[]

enum ( WipeDataFlag )

اختیاری. پرچم‌ها را پاک کنید تا مشخص کنید وقتی پاک کردن یک دستگاه یا نمایه به هر دلیلی (مثلاً عدم انطباق) فعال می‌شود، چه داده‌هایی پاک می‌شوند. این برای روش enterprises.devices.delete اعمال نمی شود. . این لیست نباید تکراری باشد.

enterpriseDisplayNameVisibility

enum ( EnterpriseDisplayNameVisibility )

اختیاری. اینکه آیا enterpriseDisplayName در دستگاه قابل مشاهده است یا خیر (مثلاً پیام صفحه قفل در دستگاه های متعلق به شرکت) را کنترل می کند.

appFunctions

enum ( AppFunctions )

اختیاری. کنترل می‌کند که آیا برنامه‌های موجود در دستگاه برای دستگاه‌های کاملاً مدیریت‌شده یا در نمایه کاری دستگاه‌های دارای نمایه کاری مجاز به نمایش عملکردهای برنامه هستند.

defaultApplicationSettings[]

object ( DefaultApplicationSetting )

اختیاری. تنظیم برنامه پیش فرض برای انواع پشتیبانی شده. اگر برنامه پیش‌فرض با موفقیت برای حداقل یک نوع برنامه در یک نمایه تنظیم شود، کاربران از تغییر برنامه‌های پیش‌فرض در آن نمایه جلوگیری می‌کنند.

فقط یک DefaultApplicationSetting برای هر DefaultApplicationType مجاز است.

برای جزئیات بیشتر به راهنمای تنظیمات برنامه پیش فرض مراجعه کنید.

سیاست کاربردی

خط مشی برای یک برنامه جداگانه. توجه: در صورت فعال بودن installAppsDisabled ، در دسترس بودن برنامه در دستگاه معین را نمی توان با استفاده از این خط مشی تغییر داد. حداکثر تعداد برنامه هایی که می توانید برای هر خط مشی مشخص کنید 3000 است.

نمایندگی JSON 
{
  "packageName": string,
  "installType": enum (InstallType),
  "lockTaskAllowed": boolean,
  "defaultPermissionPolicy": enum (PermissionPolicy),
  "permissionGrants": [
    {
      object (PermissionGrant)
    }
  ],
  "managedConfiguration": {
    object
  },
  "disabled": boolean,
  "minimumVersionCode": integer,
  "delegatedScopes": [
    enum (DelegatedScope)
  ],
  "managedConfigurationTemplate": {
    object (ManagedConfigurationTemplate)
  },
  "accessibleTrackIds": [
    string
  ],
  "connectedWorkAndPersonalApp": enum (ConnectedWorkAndPersonalApp),
  "autoUpdateMode": enum (AutoUpdateMode),
  "extensionConfig": {
    object (ExtensionConfig)
  },
  "alwaysOnVpnLockdownExemption": enum (AlwaysOnVpnLockdownExemption),
  "workProfileWidgets": enum (WorkProfileWidgets),
  "credentialProviderPolicy": enum (CredentialProviderPolicy),
  "customAppConfig": {
    object (CustomAppConfig)
  },
  "installConstraint": [
    {
      object (InstallConstraint)
    }
  ],
  "installPriority": integer,
  "userControlSettings": enum (UserControlSettings),
  "preferentialNetworkId": enum (PreferentialNetworkId),
  "signingKeyCerts": [
    {
      object (ApplicationSigningKeyCert)
    }
  ],
  "roles": [
    {
      object (Role)
    }
  ]
}
فیلدها
packageName

string

نام بسته برنامه به عنوان مثال، com.google.android.youtube برای برنامه YouTube.

installType

enum ( InstallType )

نوع نصب برای انجام.

lockTaskAllowed
(deprecated)

boolean

اینکه آیا برنامه مجاز است در حالت تمام صفحه خود را قفل کند یا خیر. منسوخ شده برای پیکربندی دستگاه اختصاصی از InstallType KIOSK یا kioskCustomLauncherEnabled استفاده کنید.

defaultPermissionPolicy

enum ( PermissionPolicy )

خط مشی پیش فرض برای همه مجوزهای درخواست شده توسط برنامه. اگر مشخص شده باشد، این defaultPermissionPolicy در سطح خط‌مشی را لغو می‌کند که برای همه برنامه‌ها اعمال می‌شود. permissionGrants که برای همه برنامه ها اعمال می شود لغو نمی کند.

permissionGrants[]

object ( PermissionGrant )

اعطای مجوز یا رد صریح برای برنامه. این مقادیر defaultPermissionPolicy و permissionGrants را که برای همه برنامه ها اعمال می شود، لغو می کند.

managedConfiguration

object ( Struct format)

پیکربندی مدیریت شده روی برنامه اعمال شده است. فرمت پیکربندی توسط مقادیر ManagedProperty که توسط برنامه پشتیبانی می‌شود دیکته می‌شود. نام هر فیلد در پیکربندی مدیریت شده باید با فیلد key ManagedProperty مطابقت داشته باشد. مقدار فیلد باید با type ManagedProperty سازگار باشد:

نوع مقدار JSON
BOOL true یا false
STRING رشته
INTEGER شماره
CHOICE رشته
MULTISELECT آرایه ای از رشته ها
HIDDEN رشته
BUNDLE_ARRAY آرایه ای از اشیاء

disabled

boolean

اینکه آیا برنامه غیرفعال است. وقتی غیرفعال است، داده های برنامه همچنان حفظ می شود.

minimumVersionCode

integer

حداقل نسخه برنامه ای که روی دستگاه اجرا می شود. اگر تنظیم شود، دستگاه تلاش می‌کند برنامه را حداقل به این کد نسخه به‌روزرسانی کند. اگر برنامه به‌روز نباشد، دستگاه حاوی یک NonComplianceDetail با nonComplianceReason است که روی APP_NOT_UPDATED تنظیم شده است. برنامه باید قبلاً با کد نسخه بزرگتر یا مساوی این مقدار در Google Play منتشر شده باشد. حداکثر 20 برنامه ممکن است حداقل کد نسخه را برای هر خط مشی مشخص کنند.

delegatedScopes[]

enum ( DelegatedScope )

محدوده‌هایی که از سیاست دستگاه Android به برنامه واگذار شده است. اینها امتیازات اضافی را برای برنامه هایی که برای آنها اعمال می شود فراهم می کند.

managedConfigurationTemplate

object ( ManagedConfigurationTemplate )

الگوی پیکربندی های مدیریت شده برای برنامه، ذخیره شده از پیکربندی های مدیریت شده iframe . اگر مدیریت پیکربندی تنظیم شده باشد، این فیلد نادیده گرفته می شود.

accessibleTrackIds[]

string

فهرست شناسه‌های آهنگ برنامه که دستگاه متعلق به شرکت می‌تواند به آنها دسترسی داشته باشد. اگر فهرست شامل چندین شناسه آهنگ باشد، دستگاه‌ها آخرین نسخه را از بین تمام آهنگ‌های قابل دسترسی دریافت می‌کنند. اگر لیست فاقد شناسه آهنگ باشد، دستگاه‌ها فقط به مسیر تولید برنامه دسترسی دارند. جزئیات بیشتر در مورد هر آهنگ در AppTrackInfo موجود است.

connectedWorkAndPersonalApp

enum ( ConnectedWorkAndPersonalApp )

کنترل می‌کند که آیا برنامه می‌تواند در نمایه‌های کاری و شخصی دستگاه با خودش ارتباط برقرار کند، مشروط به رضایت کاربر.

autoUpdateMode

enum ( AutoUpdateMode )

حالت به روز رسانی خودکار برنامه را کنترل می کند.

extensionConfig
(deprecated)

object ( ExtensionConfig )

پیکربندی برای فعال کردن این برنامه به عنوان یک برنامه افزودنی، با قابلیت تعامل با Android Device Policy به صورت آفلاین.

این فیلد حداکثر برای یک برنامه قابل تنظیم است. اگر برنامه‌ای با نقش COMPANION_APP وجود دارد، این فیلد قابل تنظیم نیست.

اثر انگشت گواهی کلید امضای برنامه در دستگاه باید با یکی از ورودی‌های ApplicationPolicy.signingKeyCerts یا ExtensionConfig.signingKeyFingerprintsSha256 (منسوخ شده) یا اثر انگشت گواهی کلید امضای دریافت‌شده از Play Store مطابقت داشته باشد تا برنامه بتواند با خط‌مشی دستگاه Android ارتباط برقرار کند. اگر برنامه در فروشگاه Play نیست و اگر ApplicationPolicy.signingKeyCerts و ExtensionConfig.signingKeyFingerprintsSha256 (منسوخ شده) تنظیم نشده باشند، یک NonComplianceDetail با INVALID_VALUE گزارش می شود.

alwaysOnVpnLockdownExemption

enum ( AlwaysOnVpnLockdownExemption )

مشخص می‌کند وقتی VPN وصل نیست و alwaysOnVpnPackage.lockdownEnabled فعال است، برنامه مجاز به شبکه‌سازی باشد یا خیر. اگر روی VPN_LOCKDOWN_ENFORCED تنظیم شود، برنامه مجاز به شبکه‌سازی نیست و اگر روی VPN_LOCKDOWN_EXEMPTION تنظیم شود، برنامه مجاز به شبکه‌سازی است. فقط در دستگاه های دارای Android 10 و بالاتر پشتیبانی می شود. اگر این مورد توسط دستگاه پشتیبانی نشود، دستگاه حاوی یک NonComplianceDetail با nonComplianceReason تنظیم شده روی API_LEVEL و یک مسیر فیلد خواهد بود. اگر این مورد برای برنامه کاربردی نباشد، دستگاه حاوی یک NonComplianceDetail با nonComplianceReason تنظیم شده روی UNSUPPORTED و یک fieldPath خواهد بود. fieldPath روی applications[i].alwaysOnVpnLockdownExemption تنظیم شده است، جایی که i نمایه بسته در خط مشی applications است.

workProfileWidgets

enum ( WorkProfileWidgets )

مشخص می کند که آیا برنامه نصب شده در نمایه کاری مجاز به افزودن ویجت ها به صفحه اصلی است یا خیر.

credentialProviderPolicy

enum ( CredentialProviderPolicy )

اختیاری. این که آیا برنامه مجاز است به عنوان یک ارائه دهنده اعتبار در Android نسخه 14 و بالاتر عمل کند یا خیر.

customAppConfig

object ( CustomAppConfig )

اختیاری. پیکربندی برای این برنامه سفارشی.

installType باید روی CUSTOM تنظیم شود تا تنظیم شود.

installConstraint[]

object ( InstallConstraint )

اختیاری. محدودیت های نصب برنامه شما می توانید حداکثر یک InstallConstraint تعیین کنید. محدودیت های متعدد رد می شوند.

installPriority

integer

اختیاری. در بین برنامه‌هایی که installType روی آنها تنظیم شده است:

این اولویت نسبی نصب را کنترل می کند. مقدار 0 (پیش‌فرض) به این معنی است که این برنامه هیچ اولویتی نسبت به سایر برنامه‌ها ندارد. برای مقادیر بین 1 تا 10000، مقدار کمتر به معنای اولویت بالاتر است. مقادیر خارج از محدوده 0 تا 10000 شامل رد می شوند.

userControlSettings

enum ( UserControlSettings )

اختیاری. مشخص می کند که آیا کنترل کاربر برای برنامه مجاز است یا خیر. کنترل کاربر شامل اقدامات کاربر مانند توقف اجباری و پاک کردن داده های برنامه است. انواع خاصی از برنامه ها رفتار خاصی دارند، برای جزئیات بیشتر به USER_CONTROL_SETTINGS_UNSPECIFIED و USER_CONTROL_ALLOWED مراجعه کنید.

preferentialNetworkId

enum ( PreferentialNetworkId )

اختیاری. شناسه شبکه ترجیحی مورد استفاده برنامه. باید یک پیکربندی برای شناسه شبکه مشخص شده در preferentialNetworkServiceConfigs وجود داشته باشد. اگر روی PREFERENTIAL_NETWORK_ID_UNSPECIFIED تنظیم شود، برنامه از شناسه شبکه پیش‌فرض مشخص شده در defaultPreferentialNetworkId استفاده می‌کند. مستندات defaultPreferentialNetworkId را برای لیست برنامه‌های حذف شده از این پیش‌فرض ببینید. این هم در نمایه‌های کاری و هم در دستگاه‌های کاملاً مدیریت‌شده در Android نسخه ۱۳ و بالاتر اعمال می‌شود.

signingKeyCerts[]

object ( ApplicationSigningKeyCert )

اختیاری. امضای گواهینامه های کلیدی برنامه

این فیلد در موارد زیر الزامی است:

  • برنامه installType روی CUSTOM (یعنی یک برنامه سفارشی) تنظیم کرده است.
  • این برنامه دارای roles است که روی یک لیست غیرخالی تنظیم شده‌اند و برنامه در فروشگاه Play وجود ندارد.
  • برنامه دارای مجموعه extensionConfig (یعنی برنامه افزونه) است اما ExtensionConfig.signingKeyFingerprintsSha256 (منسوخ شده) تنظیم نشده است و برنامه در فروشگاه Play وجود ندارد.

اگر این قسمت برای یک برنامه سفارشی تنظیم نشده باشد، این خط‌مشی رد می‌شود. اگر زمانی که برای یک برنامه غیر سفارشی مورد نیاز است تنظیم نشود، یک NonComplianceDetail با INVALID_VALUE گزارش می شود.

برای سایر موارد، این فیلد اختیاری است و از گواهینامه های کلید امضا که از فروشگاه پلی استور گرفته شده است استفاده می شود.

برای مشاهده نحوه استفاده از این فیلد به تنظیمات خط مشی زیر مراجعه کنید:

roles[]

object ( Role )

اختیاری. نقش هایی که برنامه دارد.

برنامه‌هایی که نقش‌های خاصی دارند می‌توانند از محدودیت‌های اجرای برق و پس‌زمینه، تعلیق و خواب زمستانی در اندروید 14 و بالاتر معاف شوند. همچنین می‌توان کنترل کاربر را برای برنامه‌هایی با نقش‌های خاص در اندروید ۱۱ و بالاتر غیرمجاز کرد. برای جزئیات بیشتر به مستندات هر RoleType مراجعه کنید.

اگر برنامه دارای یک سرویس گیرنده اعلان با <meta-data android:name="com.google.android.managementapi.notification.NotificationReceiverService.SERVICE_APP_ROLES" android:value="" /> به برنامه درباره نقش هایی که برای آن تنظیم شده است اطلاع داده می شود. برنامه هر زمان که نقش‌هایش به‌روزرسانی می‌شوند یا پس از نصب برنامه زمانی که فهرست نقش‌های خالی ندارد، مطلع می‌شود. برنامه می تواند از این اعلان برای بوت استرپ خود پس از نصب استفاده کند. برای جزئیات بیشتر در مورد الزامات این سرویس ، به راهنمای AMAPI SDK و مدیریت نقش های برنامه ادغام کنید.

برای اعمال معافیت‌ها و اطلاع برنامه در مورد نقش‌ها، اثر انگشت گواهی کلید امضای برنامه روی دستگاه باید با یکی از اثرانگشت‌های گواهی کلید امضا که از فروشگاه Play یا یکی از ورودی‌های ApplicationPolicy.signingKeyCerts به دست آمده باشد، مطابقت داشته باشد. در غیر این صورت، یک NonComplianceDetail با APP_SIGNING_CERT_MISMATCH گزارش می شود.

نباید نقش های تکراری با همان roleType وجود داشته باشد. چندین برنامه نمی‌توانند نقشی را با یک roleType نگه دارند. نقش با نوع ROLE_TYPE_UNSPECIFIED مجاز نیست.

InstallType

نوع نصبی که باید برای یک برنامه انجام شود. اگر setupAction به یک برنامه ارجاع دهد، باید installType به عنوان REQUIRED_FOR_SETUP تنظیم کرده باشد، در غیر این صورت راه‌اندازی با شکست مواجه می‌شود.

Enums
INSTALL_TYPE_UNSPECIFIED نامشخص پیش‌فرض روی AVAILABLE است.
PREINSTALLED برنامه به طور خودکار نصب می شود و کاربر می تواند آن را حذف کند.
FORCE_INSTALLED برنامه بدون در نظر گرفتن یک پنجره تعمیر و نگهداری تنظیم شده به طور خودکار نصب می شود و کاربر نمی تواند آن را حذف کند.
BLOCKED برنامه مسدود شده است و نمی توان آن را نصب کرد. اگر برنامه طبق خط مشی قبلی نصب شده باشد، حذف نصب خواهد شد. این همچنین عملکرد برنامه فوری آن را مسدود می کند.
AVAILABLE برنامه برای نصب در دسترس است.
REQUIRED_FOR_SETUP برنامه به طور خودکار نصب می شود و کاربر نمی تواند آن را حذف کند و تا زمانی که نصب کامل نشود، از تکمیل راه اندازی جلوگیری می کند.
KIOSK

برنامه به طور خودکار در حالت کیوسک نصب می شود: به عنوان هدف خانه ترجیحی تنظیم شده و برای حالت کار قفل در لیست سفید قرار گرفته است. تا زمانی که برنامه نصب نشود، راه‌اندازی دستگاه کامل نمی‌شود. پس از نصب، کاربران نمی توانند برنامه را حذف کنند. شما فقط می‌توانید این installType برای هر خط‌مشی برای یک برنامه تنظیم کنید. وقتی این مورد در خط‌مشی وجود دارد، نوار وضعیت به‌طور خودکار غیرفعال می‌شود.

اگر برنامه‌ای با نقش KIOSK وجود دارد، این نوع نصب را نمی‌توان برای هیچ برنامه‌ای تنظیم کرد.

CUSTOM

این برنامه فقط از طریق دستور AMAPI SDK قابل نصب و به روز رسانی است.

توجه:

سیاست مجوز

خط‌مشی اعطای درخواست‌های مجوز به برنامه‌ها.

Enums
PERMISSION_POLICY_UNSPECIFIED خط مشی مشخص نشده است. اگر هیچ خط‌مشی برای مجوز در هر سطحی مشخص نشده باشد، رفتار PROMPT به طور پیش‌فرض استفاده می‌شود.
PROMPT از کاربر بخواهید که مجوز بدهد.
GRANT

اعطای مجوز به صورت خودکار

در Android 12 و بالاتر، READ_SMS و مجوزهای مربوط به حسگر زیر را فقط می‌توان در دستگاه‌های کاملاً مدیریت‌شده اعطا کرد:

DENY به طور خودکار یک مجوز را رد کنید.

اعطای مجوز

پیکربندی مجوز Android و وضعیت اعطای آن.

نمایندگی JSON 
{
  "permission": string,
  "policy": enum (PermissionPolicy)
}
فیلدها
permission

string

مجوز یا گروه Android، به عنوان مثال android.permission.READ_CALENDAR یا android.permission_group.CALENDAR .

policy

enum ( PermissionPolicy )

سیاست اعطای مجوز

DelegatedScope

محدوده های تفویض اختیار که بسته دیگری می تواند از سیاست دستگاه Android بدست آورد. اینها امتیازات اضافی را برای برنامه هایی که برای آنها اعمال می شود فراهم می کند.

Enums
DELEGATED_SCOPE_UNSPECIFIED هیچ حوزه نمایندگی مشخص نشده است.
CERT_INSTALL اجازه دسترسی به نصب و مدیریت گواهی را می دهد. این محدوده را می توان به چندین برنامه تفویض کرد.
MANAGED_CONFIGURATIONS اجازه دسترسی به مدیریت پیکربندی های مدیریت شده را می دهد. این محدوده را می توان به چندین برنامه تفویض کرد.
BLOCK_UNINSTALL اجازه دسترسی به مسدود کردن حذف نصب را می دهد. این محدوده را می توان به چندین برنامه تفویض کرد.
PERMISSION_GRANT اجازه دسترسی به خط مشی مجوز و وضعیت اعطای مجوز را می دهد. این محدوده را می توان به چندین برنامه تفویض کرد.
PACKAGE_ACCESS اجازه دسترسی به وضعیت دسترسی به بسته را می دهد. این محدوده را می توان به چندین برنامه تفویض کرد.
ENABLE_SYSTEM_APP اجازه دسترسی برای فعال کردن برنامه های سیستم را می دهد. این محدوده را می توان به چندین برنامه تفویض کرد.
NETWORK_ACTIVITY_LOGS اجازه دسترسی به گزارش‌های فعالیت شبکه را می‌دهد. به برنامه تفویض شده اجازه می‌دهد تا روش‌های setNetworkLoggingEnabled ، isNetworkLoggingEnabled فراخوانی کند و روش‌های retrieveNetworkLogs . این محدوده را می توان حداکثر به یک برنامه تفویض کرد. برای دستگاه های کاملاً مدیریت شده در Android 10 و بالاتر پشتیبانی می شود. برای نمایه کاری در Android 12 و بالاتر پشتیبانی می شود. وقتی تفویض اختیار پشتیبانی می‌شود و تنظیم می‌شود، NETWORK_ACTIVITY_LOGS نادیده گرفته می‌شود.
SECURITY_LOGS اجازه دسترسی به گزارش های امنیتی را می دهد. به برنامه تفویض شده اجازه می دهد تا روش های setSecurityLoggingEnabled ، isSecurityLoggingEnabled ، retrieveSecurityLogs و retrievePreRebootSecurityLogs فراخوانی کند. این محدوده را می توان حداکثر به یک برنامه تفویض کرد. برای دستگاه‌های کاملاً مدیریت شده و دستگاه‌های متعلق به شرکت با نمایه کاری در Android 12 و بالاتر پشتیبانی می‌شود. وقتی تفویض اختیار پشتیبانی می‌شود و تنظیم می‌شود، SECURITY_LOGS نادیده گرفته می‌شود.
CERT_SELECTION از طرف برنامه‌های درخواست‌کننده به انتخاب گواهی‌های KeyChain دسترسی می‌دهد. پس از اعطا، برنامه تفویض شده شروع به دریافت DelegatedAdminReceiver#onChoosePrivateKeyAlias ​​می کند. به برنامه تفویض شده اجازه می دهد تا روش های grantKeyPairToApp و revokeKeyPairFromApp فراخوانی کند. این محدوده را می توان حداکثر به یک برنامه تفویض کرد. choosePrivateKeyRules must be empty and privateKeySelectionEnabled has no effect if certificate selection is delegated to an application.

ManagedConfigurationTemplate

The managed configurations template for the app, saved from the managed configurations iframe .

JSON representation 
{
  "templateId": string,
  "configurationVariables": {
    string: string,
    ...
  }
}
فیلدها
templateId

string

The ID of the managed configurations template.

configurationVariables

map (key: string, value: string)

Optional, a map containing <key, value> configuration variables defined for the configuration.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" } .

ConnectedWorkAndPersonalApp

Controls whether the app can communicate with itself cross-profile, subject to user consent.

Enums
CONNECTED_WORK_AND_PERSONAL_APP_UNSPECIFIED Unspecified. Defaults to CONNECTED_WORK_AND_PERSONAL_APPS_DISALLOWED.
CONNECTED_WORK_AND_PERSONAL_APP_DISALLOWED پیش فرض Prevents the app from communicating cross-profile.
CONNECTED_WORK_AND_PERSONAL_APP_ALLOWED Allows the app to communicate across profiles after receiving user consent.

AutoUpdateMode

Controls the auto-update mode for the app. If a device user makes changes to the device settings manually, these choices are ignored by AutoUpdateMode as it takes precedence.

Enums
AUTO_UPDATE_MODE_UNSPECIFIED Unspecified. Defaults to AUTO_UPDATE_DEFAULT .
AUTO_UPDATE_DEFAULT

The default update mode.

The app is automatically updated with low priority to minimize the impact on the user.

The app is updated when all of the following constraints are met:

  • The device is not actively used.
  • The device is connected to an unmetered network.
  • دستگاه در حال شارژ شدن است.
  • برنامه ای که باید به روز شود در پیش زمینه اجرا نمی شود.

The device is notified about a new update within 24 hours after it is published by the developer, after which the app is updated the next time the constraints above are met.

AUTO_UPDATE_POSTPONED

The app is not automatically updated for a maximum of 90 days after the app becomes out of date.

90 days after the app becomes out of date, the latest available version is installed automatically with low priority (see AUTO_UPDATE_DEFAULT ). After the app is updated it is not automatically updated again until 90 days after it becomes out of date again.

The user can still manually update the app from the Play Store at any time.

AUTO_UPDATE_HIGH_PRIORITY

The app is updated as soon as possible. No constraints are applied.

The device is notified as soon as possible about a new update after it becomes available.

NOTE: Updates to apps with larger deployments across Android's ecosystem can take up to 24h.

ExtensionConfig

Configuration to enable an app as an extension app, with the capability of interacting with Android Device Policy offline. For Android versions 11 and above, extension apps are exempt from battery restrictions so will not be placed into the restricted App Standby Bucket . Extensions apps are also protected against users clearing their data or force-closing the application, although admins can continue to use the clear app data command on extension apps if needed for Android 11 and above.

JSON representation 
{
  "signingKeyFingerprintsSha256": [
    string
  ],
  "notificationReceiver": string
}
فیلدها
signingKeyFingerprintsSha256[]
(deprecated)

string

Hex-encoded SHA-256 hashes of the signing key certificates of the extension app. Only hexadecimal string representations of 64 characters are valid.

The signing key certificate fingerprints are always obtained from the Play Store and this field is used to provide additional signing key certificate fingerprints. However, if the application is not available on the Play Store, this field needs to be set. A NonComplianceDetail with INVALID_VALUE is reported if this field is not set when the application is not available on the Play Store.

The signing key certificate fingerprint of the extension app on the device must match one of the signing key certificate fingerprints obtained from the Play Store or the ones provided in this field for the app to be able to communicate with Android Device Policy.

In production use cases, it is recommended to leave this empty.

notificationReceiver
(deprecated)

string

Fully qualified class name of the receiver service class for Android Device Policy to notify the extension app of any local command status updates. The service must be exported in the extension app's AndroidManifest.xml and extend NotificationReceiverService (see Integrate with the AMAPI SDK guide for more details).

AlwaysOnVpnLockdownExemption

Controls whether an app is exempt from the alwaysOnVpnPackage.lockdownEnabled setting.

Enums
ALWAYS_ON_VPN_LOCKDOWN_EXEMPTION_UNSPECIFIED Unspecified. Defaults to VPN_LOCKDOWN_ENFORCED .
VPN_LOCKDOWN_ENFORCED The app respects the always-on VPN lockdown setting.
VPN_LOCKDOWN_EXEMPTION The app is exempt from the always-on VPN lockdown setting.

WorkProfileWidgets

Controls if a work profile application is allowed to add widgets to the home screen.

Enums
WORK_PROFILE_WIDGETS_UNSPECIFIED Unspecified. Defaults to workProfileWidgetsDefault
WORK_PROFILE_WIDGETS_ALLOWED Work profile widgets are allowed. This means the application will be able to add widgets to the home screen.
WORK_PROFILE_WIDGETS_DISALLOWED Work profile widgets are disallowed. This means the application will not be able to add widgets to the home screen.

CredentialProviderPolicy

Whether the app is allowed to act as a credential provider on Android 14 and above.

Enums
CREDENTIAL_PROVIDER_POLICY_UNSPECIFIED Unspecified. The behaviour is governed by credentialProviderPolicyDefault .
CREDENTIAL_PROVIDER_ALLOWED App is allowed to act as a credential provider.

CustomAppConfig

Configuration for a custom app.

JSON representation 
{
  "userUninstallSettings": enum (UserUninstallSettings)
}
فیلدها
userUninstallSettings

enum ( UserUninstallSettings )

اختیاری. User uninstall settings of the custom app.

UserUninstallSettings

Specifies if a user is allowed to uninstall the custom app.

Enums
USER_UNINSTALL_SETTINGS_UNSPECIFIED Unspecified. Defaults to DISALLOW_UNINSTALL_BY_USER .
DISALLOW_UNINSTALL_BY_USER User is not allowed to uninstall the custom app.
ALLOW_UNINSTALL_BY_USER User is allowed to uninstall the custom app.

InstallConstraint

Amongst apps with InstallType set to:

this defines a set of restrictions for the app installation. At least one of the fields must be set. When multiple fields are set, then all the constraints need to be satisfied for the app to be installed.

JSON representation 
{
  "networkTypeConstraint": enum (NetworkTypeConstraint),
  "chargingConstraint": enum (ChargingConstraint),
  "deviceIdleConstraint": enum (DeviceIdleConstraint)
}
فیلدها
networkTypeConstraint

enum ( NetworkTypeConstraint )

اختیاری. Network type constraint.

chargingConstraint

enum ( ChargingConstraint )

اختیاری. Charging constraint.

deviceIdleConstraint

enum ( DeviceIdleConstraint )

اختیاری. Device idle constraint.

NetworkTypeConstraint

Network type constraint.

Enums
NETWORK_TYPE_CONSTRAINT_UNSPECIFIED Unspecified. Default to INSTALL_ON_ANY_NETWORK .
INSTALL_ON_ANY_NETWORK Any active networks (Wi-Fi, cellular, etc.).
INSTALL_ONLY_ON_UNMETERED_NETWORK Any unmetered network (eg Wi-FI).

ChargingConstraint

Charging constraint.

Enums
CHARGING_CONSTRAINT_UNSPECIFIED Unspecified. Default to CHARGING_NOT_REQUIRED .
CHARGING_NOT_REQUIRED Device doesn't have to be charging.
INSTALL_ONLY_WHEN_CHARGING Device has to be charging.

DeviceIdleConstraint

Device idle state constraint.

Enums
DEVICE_IDLE_CONSTRAINT_UNSPECIFIED Unspecified. Default to DEVICE_IDLE_NOT_REQUIRED .
DEVICE_IDLE_NOT_REQUIRED Device doesn't have to be idle, app can be installed while the user is interacting with the device.
INSTALL_ONLY_WHEN_DEVICE_IDLE Device has to be idle.

UserControlSettings

Specifies whether user control is permitted for a given app. User control includes user actions like force-stopping and clearing app data.

Enums
USER_CONTROL_SETTINGS_UNSPECIFIED

Uses the default behaviour of the app to determine if user control is allowed or disallowed. User control is allowed by default for most apps but disallowed for following types of apps:

  • extension apps (see extensionConfig for more details)
  • kiosk apps (see KIOSK install type for more details)
  • apps with roles set to a nonempty list
  • other critical system apps
USER_CONTROL_ALLOWED

User control is allowed for the app. Kiosk apps can use this to allow user control. For extension apps (see extensionConfig for more details), user control is disallowed even if this value is set.

For apps with roles set to a nonempty list (except roles containing only KIOSK role), this value cannot be set.

For kiosk apps (see KIOSK install type and KIOSK role type for more details), this value can be used to allow user control.

USER_CONTROL_DISALLOWED User control is disallowed for the app. This is supported on Android 11 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 11.

PreferentialNetworkId

Preferential network identifier.

Enums
PREFERENTIAL_NETWORK_ID_UNSPECIFIED Whether this value is valid and what it means depends on where it is used, and this is documented on the relevant fields.
NO_PREFERENTIAL_NETWORK Application does not use any preferential network.
PREFERENTIAL_NETWORK_ID_ONE Preferential network identifier 1.
PREFERENTIAL_NETWORK_ID_TWO Preferential network identifier 2.
PREFERENTIAL_NETWORK_ID_THREE Preferential network identifier 3.
PREFERENTIAL_NETWORK_ID_FOUR Preferential network identifier 4.
PREFERENTIAL_NETWORK_ID_FIVE Preferential network identifier 5.

ApplicationSigningKeyCert

The application signing key certificate.

JSON representation 
{
  "signingKeyCertFingerprintSha256": string
}
فیلدها
signingKeyCertFingerprintSha256

string ( bytes format)

مورد نیاز. The SHA-256 hash value of the signing key certificate of the app. This must be a valid SHA-256 hash value, ie 32 bytes. Otherwise, the policy is rejected.

A base64-encoded string.

نقش

Role an app can have.

JSON representation 
{
  "roleType": enum (RoleType)
}
فیلدها
roleType

enum ( RoleType )

مورد نیاز. The type of the role an app can have.

RoleType

The type of the role an app can hold.

Enums
ROLE_TYPE_UNSPECIFIED The role type is unspecified. This value must not be used.
COMPANION_APP

The role type for companion apps. This role enables the app as a companion app with the capability of interacting with Android Device Policy offline. This is the recommended way to configure an app as a companion app. For legacy way, see extensionConfig .

On Android 14 and above, the app with this role is exempted from power and background execution restrictions, suspension and hibernation. On Android 11 and above, the user control is disallowed for the app with this role. userControlSettings cannot be set to USER_CONTROL_ALLOWED for the app with this role.

Android Device Policy notifies the companion app of any local command status updates if the app has a service with <meta-data android:name="com.google.android.managementapi.notification.NotificationReceiverService.SERVICE_COMMAND_STATUS" android:value="" /> . See Integrate with the AMAPI SDK guide for more details on the requirements for the service.

KIOSK

The role type for kiosk apps. An app can have this role only if it has installType set to REQUIRED_FOR_SETUP or CUSTOM . Before adding this role to an app with CUSTOM install type, the app must already be installed on the device.

The app having this role type is set as the preferred home intent and allowlisted for lock task mode. When there is an app with this role type, status bar will be automatically disabled.

This is preferable to setting installType to KIOSK .

On Android 11 and above, the user control is disallowed but userControlSettings can be set to USER_CONTROL_ALLOWED to allow user control for the app with this role.

MOBILE_THREAT_DEFENSE_ENDPOINT_DETECTION_RESPONSE

The role type for Mobile Threat Defense (MTD) / Endpoint Detection & Response (EDR) apps.

On Android 14 and above, the app with this role is exempted from power and background execution restrictions, suspension and hibernation. On Android 11 and above, the user control is disallowed and userControlSettings cannot be set to USER_CONTROL_ALLOWED for the app with this role.

SYSTEM_HEALTH_MONITORING

The role type for system health monitoring apps.

On Android 14 and above, the app with this role is exempted from power and background execution restrictions, suspension and hibernation. On Android 11 and above, the user control is disallowed and userControlSettings cannot be set to USER_CONTROL_ALLOWED for the app with this role.

KeyguardDisabledFeature

Keyguard (lock screen) features that can be disabled..

Enums
KEYGUARD_DISABLED_FEATURE_UNSPECIFIED This value is ignored.
CAMERA Disable the camera on secure keyguard screens (eg PIN).
NOTIFICATIONS Disable showing all notifications on secure keyguard screens.
UNREDACTED_NOTIFICATIONS Disable unredacted notifications on secure keyguard screens.
TRUST_AGENTS Ignore trust agent state on secure keyguard screens.
DISABLE_FINGERPRINT Disable fingerprint sensor on secure keyguard screens.
DISABLE_REMOTE_INPUT On devices running Android 6 and below, disables text entry into notifications on secure keyguard screens. Has no effect on Android 7 and above.
FACE Disable face authentication on secure keyguard screens.
IRIS Disable iris authentication on secure keyguard screens.
BIOMETRICS Disable all biometric authentication on secure keyguard screens.
SHORTCUTS Disable all shortcuts on secure keyguard screen on Android 14 and above.
ALL_FEATURES Disable all current and future keyguard customizations.

PersistentPreferredActivity

A default activity for handling intents that match a particular intent filter. Note: To set up a kiosk, use InstallType to KIOSK rather than use persistent preferred activities.

JSON representation 
{
  "receiverActivity": string,
  "actions": [
    string
  ],
  "categories": [
    string
  ]
}
فیلدها
receiverActivity

string

The activity that should be the default intent handler. This should be an Android component name, eg com.android.enterprise.app/.MainActivity . Alternatively, the value may be the package name of an app, which causes Android Device Policy to choose an appropriate activity from the app to handle the intent.

actions[]

string

The intent actions to match in the filter. If any actions are included in the filter, then an intent's action must be one of those values for it to match. If no actions are included, the intent action is ignored.

categories[]

string

The intent categories to match in the filter. An intent includes the categories that it requires, all of which must be included in the filter in order to match. In other words, adding a category to the filter has no impact on matching unless that category is specified in the intent.

SystemUpdate

Configuration for managing system updates

Note: Google Play system updates (also called Mainline updates) are automatically downloaded but require a device reboot to be installed. Refer to the mainline section in Manage system updates for further details.

JSON representation 
{
  "type": enum (SystemUpdateType),
  "startMinutes": integer,
  "endMinutes": integer,
  "freezePeriods": [
    {
      object (FreezePeriod)
    }
  ]
}
فیلدها
type

enum ( SystemUpdateType )

The type of system update to configure.

startMinutes

integer

If the type is WINDOWED , the start of the maintenance window, measured as the number of minutes after midnight in the device's local time. This value must be between 0 and 1439, inclusive.

endMinutes

integer

If the type is WINDOWED , the end of the maintenance window, measured as the number of minutes after midnight in device's local time. This value must be between 0 and 1439, inclusive. If this value is less than startMinutes , then the maintenance window spans midnight. If the maintenance window specified is smaller than 30 minutes, the actual window is extended to 30 minutes beyond the start time.

freezePeriods[]

object ( FreezePeriod )

An annually repeating time period in which over-the-air (OTA) system updates are postponed to freeze the OS version running on a device. To prevent freezing the device indefinitely, each freeze period must be separated by at least 60 days.

SystemUpdateType

The type of system update configuration.

Enums
SYSTEM_UPDATE_TYPE_UNSPECIFIED Follow the default update behavior for the device, which typically requires the user to accept system updates.
AUTOMATIC Install automatically as soon as an update is available.
WINDOWED

Install automatically within a daily maintenance window. This also configures Play apps to be updated within the window. This is strongly recommended for kiosk devices because this is the only way apps persistently pinned to the foreground can be updated by Play.

If autoUpdateMode is set to AUTO_UPDATE_HIGH_PRIORITY for an app, then the maintenance window is ignored for that app and it is updated as soon as possible even outside of the maintenance window.

POSTPONE Postpone automatic install up to a maximum of 30 days. This policy does not affect security updates (eg monthly security patches).

FreezePeriod

A system freeze period. When a device's clock is within the freeze period, all incoming system updates (including security patches) are blocked and won't be installed.

When the device is outside any set freeze periods, the normal policy behavior (automatic, windowed, or postponed) applies.

Leap years are ignored in freeze period calculations, in particular:

  • If Feb. 29th is set as the start or end date of a freeze period, the freeze period will start or end on Feb. 28th instead.
  • When a device's system clock reads Feb. 29th, it's treated as Feb. 28th.
  • When calculating the number of days in a freeze period or the time between two freeze periods, Feb. 29th is ignored and not counted as a day.

Note: For Freeze Periods to take effect, SystemUpdateType cannot be specified as SYSTEM_UPDATE_TYPE_UNSPECIFIED , because freeze periods require a defined policy to be specified.

JSON representation 
{
  "startDate": {
    object (Date)
  },
  "endDate": {
    object (Date)
  }
}
فیلدها
startDate

object ( Date )

The start date (inclusive) of the freeze period. Note: day and month must be set. year should not be set as it is not used. For example, {"month": 1,"date": 30} .

endDate

object ( Date )

The end date (inclusive) of the freeze period. Must be no later than 90 days from the start date. If the end date is earlier than the start date, the freeze period is considered wrapping year-end. Note: day and month must be set. year should not be set as it is not used. For example, {"month": 1,"date": 30} .

تاریخ

Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following:

  • A full date, with non-zero year, month, and day values.
  • A month and day, with a zero year (for example, an anniversary).
  • A year on its own, with a zero month and a zero day.
  • A year and month, with a zero day (for example, a credit card expiration date).

Related types:

JSON representation 
{
  "year": integer,
  "month": integer,
  "day": integer
}
فیلدها
year

integer

Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.

month

integer

Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.

day

integer

Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.

StatusReportingSettings

Settings controlling the behavior of status reports.

JSON representation 
{
  "applicationReportsEnabled": boolean,
  "deviceSettingsEnabled": boolean,
  "softwareInfoEnabled": boolean,
  "memoryInfoEnabled": boolean,
  "networkInfoEnabled": boolean,
  "displayInfoEnabled": boolean,
  "powerManagementEventsEnabled": boolean,
  "hardwareStatusEnabled": boolean,
  "systemPropertiesEnabled": boolean,
  "applicationReportingSettings": {
    object (ApplicationReportingSettings)
  },
  "commonCriteriaModeEnabled": boolean,
  "defaultApplicationInfoReportingEnabled": boolean
}
فیلدها
applicationReportsEnabled

boolean

Whether app reports are enabled.

deviceSettingsEnabled

boolean

Whether device settings reporting is enabled.

softwareInfoEnabled

boolean

Whether software info reporting is enabled.

memoryInfoEnabled

boolean

Whether memory event reporting is enabled.

networkInfoEnabled

boolean

Whether network info reporting is enabled.

displayInfoEnabled

boolean

Whether displays reporting is enabled. Report data is not available for personally owned devices with work profiles.

powerManagementEventsEnabled

boolean

Whether power management event reporting is enabled. Report data is not available for personally owned devices with work profiles.

hardwareStatusEnabled

boolean

Whether hardware status reporting is enabled. Report data is not available for personally owned devices with work profiles.

systemPropertiesEnabled

boolean

Whether system properties reporting is enabled.

applicationReportingSettings

object ( ApplicationReportingSettings )

Application reporting settings. Only applicable if applicationReportsEnabled is true.

commonCriteriaModeEnabled

boolean

Whether Common Criteria Mode reporting is enabled. This is supported only on company-owned devices.

defaultApplicationInfoReportingEnabled

boolean

اختیاری. Whether defaultApplicationInfo reporting is enabled.

ApplicationReportingSettings

Settings controlling the behavior of application reports.

JSON representation 
{
  "includeRemovedApps": boolean
}
فیلدها
includeRemovedApps

boolean

Whether removed apps are included in application reports.

PackageNameList

A list of package names.

JSON representation 
{
  "packageNames": [
    string
  ]
}
فیلدها
packageNames[]

string

A list of package names.

BatteryPluggedMode

Modes for plugging in the battery.

Enums
BATTERY_PLUGGED_MODE_UNSPECIFIED This value is ignored.
AC Power source is an AC charger.
USB Power source is a USB port.
WIRELESS Power source is wireless.

ProxyInfo

Configuration info for an HTTP proxy. For a direct proxy, set the host , port , and excludedHosts fields. For a PAC script proxy, set the pacUri field.

JSON representation 
{
  "host": string,
  "port": integer,
  "excludedHosts": [
    string
  ],
  "pacUri": string
}
فیلدها
host

string

The host of the direct proxy.

port

integer

The port of the direct proxy.

excludedHosts[]

string

For a direct proxy, the hosts for which the proxy is bypassed. The host names may contain wildcards such as *.example.com.

pacUri

string

The URI of the PAC script used to configure the proxy.

ChoosePrivateKeyRule

Controls apps' access to private keys. The rule determines which private key, if any, Android Device Policy grants to the specified app. Access is granted either when the app calls KeyChain.choosePrivateKeyAlias (or any overloads) to request a private key alias for a given URL, or for rules that are not URL-specific (that is, if urlPattern is not set, or set to the empty string or .* ) on Android 11 and above, directly so that the app can call KeyChain.getPrivateKey , without first having to call KeyChain.choosePrivateKeyAlias .

When an app calls KeyChain.choosePrivateKeyAlias if more than one choosePrivateKeyRules matches, the last matching rule defines which key alias to return.

JSON representation 
{
  "urlPattern": string,
  "packageNames": [
    string
  ],
  "privateKeyAlias": string
}
فیلدها
urlPattern

string

The URL pattern to match against the URL of the request. If not set or empty, it matches all URLs. This uses the regular expression syntax of java.util.regex.Pattern .

packageNames[]

string

The package names to which this rule applies. The signing key certificate fingerprint of the app is verified against the signing key certificate fingerprints provided by Play Store and ApplicationPolicy.signingKeyCerts . If no package names are specified, then the alias is provided to all apps that call KeyChain.choosePrivateKeyAlias or any overloads (but not without calling KeyChain.choosePrivateKeyAlias , even on Android 11 and above). Any app with the same Android UID as a package specified here will have access when they call KeyChain.choosePrivateKeyAlias .

privateKeyAlias

string

The alias of the private key to be used.

AlwaysOnVpnPackage

Configuration for an always-on VPN connection.

JSON representation 
{
  "packageName": string,
  "lockdownEnabled": boolean
}
فیلدها
packageName

string

The package name of the VPN app.

lockdownEnabled

boolean

Disallows networking when the VPN is not connected.

LocationMode

The degree of location detection enabled on work profile and fully managed devices.

Enums
LOCATION_MODE_UNSPECIFIED Defaults to LOCATION_USER_CHOICE .
HIGH_ACCURACY

On Android 8 and below, all location detection methods are enabled, including GPS, networks, and other sensors. On Android 9 and above, this is equivalent to LOCATION_ENFORCED .

SENSORS_ONLY

On Android 8 and below, only GPS and other sensors are enabled. On Android 9 and above, this is equivalent to LOCATION_ENFORCED .

BATTERY_SAVING

On Android 8 and below, only the network location provider is enabled. On Android 9 and above, this is equivalent to LOCATION_ENFORCED .

OFF

On Android 8 and below, location setting and accuracy are disabled. On Android 9 and above, this is equivalent to LOCATION_DISABLED .

LOCATION_USER_CHOICE Location setting is not restricted on the device. No specific behavior is set or enforced.
LOCATION_ENFORCED Enable location setting on the device.
LOCATION_DISABLED Disable location setting on the device.

ComplianceRule

A rule declaring which mitigating actions to take when a device is not compliant with its policy. For every rule, there is always an implicit mitigating action to set policyCompliant to false for the Device resource, and display a message on the device indicating that the device is not compliant with its policy. Other mitigating actions may optionally be taken as well, depending on the field values in the rule.

JSON representation 
{
  "disableApps": boolean,
  "packageNamesToDisable": [
    string
  ],

  // Union field condition can be only one of the following:
  "nonComplianceDetailCondition": {
    object (NonComplianceDetailCondition)
  },
  "apiLevelCondition": {
    object (ApiLevelCondition)
  }
  // End of list of possible types for union field condition.
}
فیلدها
disableApps

boolean

If set to true, the rule includes a mitigating action to disable apps so that the device is effectively disabled, but app data is preserved. If the device is running an app in locked task mode, the app will be closed and a UI showing the reason for non-compliance will be displayed.

packageNamesToDisable[]

string

If set, the rule includes a mitigating action to disable apps specified in the list, but app data is preserved.

Union field condition . The condition, which when satisfied, triggers the mitigating actions defined in the rule. Exactly one of the conditions must be set. condition can be only one of the following:
nonComplianceDetailCondition

object ( NonComplianceDetailCondition )

A condition which is satisfied if there exists any matching NonComplianceDetail for the device.

apiLevelCondition

object ( ApiLevelCondition )

A condition which is satisfied if the Android Framework API level on the device doesn't meet a minimum requirement.

NonComplianceDetailCondition

A compliance rule condition which is satisfied if there exists any matching NonComplianceDetail for the device. A NonComplianceDetail matches a NonComplianceDetailCondition if all the fields which are set within the NonComplianceDetailCondition match the corresponding NonComplianceDetail fields.

JSON representation 
{
  "settingName": string,
  "nonComplianceReason": enum (NonComplianceReason),
  "packageName": string
}
فیلدها
settingName

string

The name of the policy setting. This is the JSON field name of a top-level Policy field. If not set, then this condition matches any setting name.

nonComplianceReason

enum ( NonComplianceReason )

The reason the device is not in compliance with the setting. If not set, then this condition matches any reason.

packageName

string

The package name of the app that's out of compliance. If not set, then this condition matches any package name.

ApiLevelCondition

A compliance rule condition which is satisfied if the Android Framework API level on the device doesn't meet a minimum requirement. There can only be one rule with this type of condition per policy.

JSON representation 
{
  "minApiLevel": integer
}
فیلدها
minApiLevel

integer

The minimum desired Android Framework API level. If the device doesn't meet the minimum requirement, this condition is satisfied. Must be greater than zero.

AppAutoUpdatePolicy

Recommended alternative: autoUpdateMode which is set per app, provides greater flexibility around update frequency.

When autoUpdateMode is set to AUTO_UPDATE_POSTPONED or AUTO_UPDATE_HIGH_PRIORITY , this field has no effect.

The app auto-update policy, which controls when automatic app updates can be applied.

Enums
APP_AUTO_UPDATE_POLICY_UNSPECIFIED The auto-update policy is not set. Equivalent to CHOICE_TO_THE_USER .
CHOICE_TO_THE_USER The user can control auto-updates.
NEVER Apps are never auto-updated.
WIFI_ONLY Apps are auto-updated over Wi-Fi only.
ALWAYS Apps are auto-updated at any time. ممکن است هزینه داده اعمال شود.

AppTrack

A Google Play app release track.

Enums
APP_TRACK_UNSPECIFIED This value is ignored.
PRODUCTION The production track, which provides the latest stable release.
BETA The beta track, which provides the latest beta release.

EncryptionPolicy

Type of encryption

Enums
ENCRYPTION_POLICY_UNSPECIFIED This value is ignored, ie no encryption required
ENABLED_WITHOUT_PASSWORD Encryption required but no password required to boot
ENABLED_WITH_PASSWORD Encryption required with password required to boot

PlayStoreMode

Possible values for Play Store mode policy.

Enums
PLAY_STORE_MODE_UNSPECIFIED Unspecified. Defaults to WHITELIST.
WHITELIST Only apps that are in the policy are available and any app not in the policy will be automatically uninstalled from the device.
BLACKLIST All apps are available and any app that should not be on the device should be explicitly marked as 'BLOCKED' in the applications policy.

SetupAction

An action executed during setup.

JSON representation 
{
  "title": {
    object (UserFacingMessage)
  },
  "description": {
    object (UserFacingMessage)
  },

  // Union field action can be only one of the following:
  "launchApp": {
    object (LaunchAppAction)
  }
  // End of list of possible types for union field action.
}
فیلدها
title

object ( UserFacingMessage )

Title of this action.

description

object ( UserFacingMessage )

Description of this action.

Union field action . The action to execute during setup. action can be only one of the following:
launchApp

object ( LaunchAppAction )

An action to launch an app. The app will be launched with an intent containing an extra with key com.google.android.apps.work.clouddpc.EXTRA_LAUNCHED_AS_SETUP_ACTION set to the boolean value true to indicate that this is a setup action flow. If SetupAction references an app, the corresponding installType in the application policy must be set as REQUIRED_FOR_SETUP or said setup will fail.

LaunchAppAction

An action to launch an app.

JSON representation 
{

  // Union field launch can be only one of the following:
  "packageName": string
  // End of list of possible types for union field launch.
}
فیلدها
Union field launch . Description of launch action to be executed launch can be only one of the following:
packageName

string

Package name of app to be launched

PolicyEnforcementRule

A rule that defines the actions to take if a device or work profile is not compliant with the policy specified in settingName . In the case of multiple matching or multiple triggered enforcement rules, a merge will occur with the most severe action being taken. However, all triggered rules are still kept track of: this includes initial trigger time and all associated non-compliance details. In the situation where the most severe enforcement rule is satisfied, the next most appropriate action is applied.

JSON representation 
{
  "blockAction": {
    object (BlockAction)
  },
  "wipeAction": {
    object (WipeAction)
  },

  // Union field trigger can be only one of the following:
  "settingName": string
  // End of list of possible types for union field trigger.
}
فیلدها
blockAction

object ( BlockAction )

An action to block access to apps and data on a company owned device or in a work profile. This action also triggers a user-facing notification with information (where possible) on how to correct the compliance issue. Note: wipeAction must also be specified.

wipeAction

object ( WipeAction )

An action to reset a company owned device or delete a work profile. Note: blockAction must also be specified.

Union field trigger . Condition which will trigger this rule. trigger can be only one of the following:
settingName

string

The top-level policy to enforce. For example, applications or passwordPolicies .

BlockAction

An action to block access to apps and data on a fully managed device or in a work profile. This action also triggers a device or work profile to displays a user-facing notification with information (where possible) on how to correct the compliance issue. Note: wipeAction must also be specified.

JSON representation 
{
  "blockAfterDays": integer,
  "blockScope": enum (BlockScope)
}
فیلدها
blockAfterDays

integer

Number of days the policy is non-compliant before the device or work profile is blocked. To block access immediately, set to 0. blockAfterDays must be less than wipeAfterDays .

blockScope

enum ( BlockScope )

Specifies the scope of this BlockAction . Only applicable to devices that are company-owned.

BlockScope

Specifies the scope of BlockAction . Only applicable to devices that are company-owned.

Enums
BLOCK_SCOPE_UNSPECIFIED Unspecified. Defaults to BLOCK_SCOPE_WORK_PROFILE .
BLOCK_SCOPE_WORK_PROFILE Block action is only applied to apps in the work profile. Apps in the personal profile are unaffected.
BLOCK_SCOPE_DEVICE Block action is applied to the entire device, including apps in the personal profile.

WipeAction

An action to reset a company owned device or delete a work profile. Note: blockAction must also be specified.

JSON representation 
{
  "wipeAfterDays": integer,
  "preserveFrp": boolean
}
فیلدها
wipeAfterDays

integer

Number of days the policy is non-compliant before the device or work profile is wiped. wipeAfterDays must be greater than blockAfterDays .

preserveFrp

boolean

Whether the factory-reset protection data is preserved on the device. This setting doesn't apply to work profiles.

KioskCustomization

Settings controlling the behavior of a device in kiosk mode. To enable kiosk mode, set kioskCustomLauncherEnabled to true or specify an app in the policy with installType KIOSK .

JSON representation 
{
  "powerButtonActions": enum (PowerButtonActions),
  "systemErrorWarnings": enum (SystemErrorWarnings),
  "systemNavigation": enum (SystemNavigation),
  "statusBar": enum (StatusBar),
  "deviceSettings": enum (DeviceSettings)
}
فیلدها
powerButtonActions

enum ( PowerButtonActions )

Sets the behavior of a device in kiosk mode when a user presses and holds (long-presses) the Power button.

systemErrorWarnings

enum ( SystemErrorWarnings )

Specifies whether system error dialogs for crashed or unresponsive apps are blocked in kiosk mode. When blocked, the system will force-stop the app as if the user chooses the "close app" option on the UI.

systemNavigation

enum ( SystemNavigation )

Specifies which navigation features are enabled (eg Home, Overview buttons) in kiosk mode.

statusBar

enum ( StatusBar )

Specifies whether system info and notifications are disabled in kiosk mode.

deviceSettings

enum ( DeviceSettings )

Specifies whether the Settings app is allowed in kiosk mode.

PowerButtonActions

Sets the behavior of a device in kiosk mode when a user presses and holds (long-presses) the Power button.

Enums
POWER_BUTTON_ACTIONS_UNSPECIFIED Unspecified, defaults to POWER_BUTTON_AVAILABLE .
POWER_BUTTON_AVAILABLE The power menu (eg Power off, Restart) is shown when a user long-presses the Power button of a device in kiosk mode.
POWER_BUTTON_BLOCKED The power menu (eg Power off, Restart) is not shown when a user long-presses the Power button of a device in kiosk mode. Note: this may prevent users from turning off the device.

SystemErrorWarnings

Specifies whether system error dialogs for crashed or unresponsive apps are blocked in kiosk mode.

Enums
SYSTEM_ERROR_WARNINGS_UNSPECIFIED Unspecified, defaults to ERROR_AND_WARNINGS_MUTED .
ERROR_AND_WARNINGS_ENABLED All system error dialogs such as crash and app not responding (ANR) are displayed.
ERROR_AND_WARNINGS_MUTED All system error dialogs, such as crash and app not responding (ANR) are blocked. When blocked, the system force-stops the app as if the user closes the app from the UI.

SystemNavigation

Specifies which navigation features are enabled (eg Home, Overview buttons) in kiosk mode.

Enums
SYSTEM_NAVIGATION_UNSPECIFIED Unspecified, defaults to NAVIGATION_DISABLED .
NAVIGATION_ENABLED Home and overview buttons are enabled.
NAVIGATION_DISABLED The home and Overview buttons are not accessible.
HOME_BUTTON_ONLY Only the home button is enabled.

نوار وضعیت

Specifies whether system info and notifications are disabled in kiosk mode.

Enums
STATUS_BAR_UNSPECIFIED Unspecified, defaults to INFO_AND_NOTIFICATIONS_DISABLED .
NOTIFICATIONS_AND_SYSTEM_INFO_ENABLED

System info and notifications are shown on the status bar in kiosk mode.

Note: For this policy to take effect, the device's home button must be enabled using kioskCustomization.systemNavigation .

NOTIFICATIONS_AND_SYSTEM_INFO_DISABLED System info and notifications are disabled in kiosk mode.
SYSTEM_INFO_ONLY Only system info is shown on the status bar.

DeviceSettings

Specifies whether a user can access the device's Settings app while in kiosk mode.

Enums
DEVICE_SETTINGS_UNSPECIFIED Unspecified, defaults to SETTINGS_ACCESS_ALLOWED .
SETTINGS_ACCESS_ALLOWED Access to the Settings app is allowed in kiosk mode.
SETTINGS_ACCESS_BLOCKED Access to the Settings app is not allowed in kiosk mode.

AdvancedSecurityOverrides

Advanced security settings. In most cases, setting these is not needed.

JSON representation 
{
  "untrustedAppsPolicy": enum (UntrustedAppsPolicy),
  "googlePlayProtectVerifyApps": enum (GooglePlayProtectVerifyApps),
  "developerSettings": enum (DeveloperSettings),
  "commonCriteriaMode": enum (CommonCriteriaMode),
  "personalAppsThatCanReadWorkNotifications": [
    string
  ],
  "mtePolicy": enum (MtePolicy),
  "contentProtectionPolicy": enum (ContentProtectionPolicy)
}
فیلدها
untrustedAppsPolicy

enum ( UntrustedAppsPolicy )

The policy for untrusted apps (apps from unknown sources) enforced on the device. Replaces installUnknownSourcesAllowed (deprecated).

googlePlayProtectVerifyApps

enum ( GooglePlayProtectVerifyApps )

Whether Google Play Protect verification is enforced. Replaces ensureVerifyAppsEnabled (deprecated).

developerSettings

enum ( DeveloperSettings )

Controls access to developer settings: developer options and safe boot. Replaces safeBootDisabled (deprecated) and debuggingFeaturesAllowed (deprecated). On personally-owned devices with a work profile, setting this policy will not disable safe boot. In this case, a NonComplianceDetail with MANAGEMENT_MODE is reported.

commonCriteriaMode

enum ( CommonCriteriaMode )

Controls Common Criteria Mode—security standards defined in the Common Criteria for Information Technology Security Evaluation (CC). Enabling Common Criteria Mode increases certain security components on a device, see CommonCriteriaMode for details.

Warning: Common Criteria Mode enforces a strict security model typically only required for IT products used in national security systems and other highly sensitive organizations. Standard device use may be affected. Only enabled if required. If Common Criteria Mode is turned off after being enabled previously, all user-configured Wi-Fi networks may be lost and any enterprise-configured Wi-Fi networks that require user input may need to be reconfigured.

personalAppsThatCanReadWorkNotifications[]

string

Personal apps that can read work profile notifications using a NotificationListenerService . By default, no personal apps (aside from system apps) can read work notifications. Each value in the list must be a package name.

mtePolicy

enum ( MtePolicy )

اختیاری. Controls Memory Tagging Extension (MTE) on the device. The device needs to be rebooted to apply changes to the MTE policy.

contentProtectionPolicy

enum ( ContentProtectionPolicy )

اختیاری. Controls whether content protection, which scans for deceptive apps, is enabled. This is supported on Android 15 and above.

UntrustedAppsPolicy

The policy for untrusted apps (apps from unknown sources) enforced on the device. Replaces installUnknownSourcesAllowed (deprecated).

Enums
UNTRUSTED_APPS_POLICY_UNSPECIFIED Unspecified. Defaults to DISALLOW_INSTALL.
DISALLOW_INSTALL پیش فرض Disallow untrusted app installs on entire device.
ALLOW_INSTALL_IN_PERSONAL_PROFILE_ONLY For devices with work profiles, allow untrusted app installs in the device's personal profile only.
ALLOW_INSTALL_DEVICE_WIDE Allow untrusted app installs on entire device.

GooglePlayProtectVerifyApps

Whether Google Play Protect verification is enforced. Replaces ensureVerifyAppsEnabled (deprecated).

Enums
GOOGLE_PLAY_PROTECT_VERIFY_APPS_UNSPECIFIED Unspecified. Defaults to VERIFY_APPS_ENFORCED.
VERIFY_APPS_ENFORCED پیش فرض Force-enables app verification.
VERIFY_APPS_USER_CHOICE Allows the user to choose whether to enable app verification.

DeveloperSettings

Controls access to developer settings: developer options and safe boot. Replaces safeBootDisabled (deprecated) and debuggingFeaturesAllowed (deprecated).

Enums
DEVELOPER_SETTINGS_UNSPECIFIED Unspecified. Defaults to DEVELOPER_SETTINGS_DISABLED.
DEVELOPER_SETTINGS_DISABLED پیش فرض Disables all developer settings and prevents the user from accessing them.
DEVELOPER_SETTINGS_ALLOWED Allows all developer settings. The user can access and optionally configure the settings.

CommonCriteriaMode

Controls Common Criteria Mode—security standards defined in the Common Criteria for Information Technology Security Evaluation (CC). Enabling Common Criteria Mode increases certain security components on a device, including:

  1. AES-GCM encryption of Bluetooth Long Term Keys
  2. Wi-Fi configuration stores
  3. Additional network certificates validation requiring the use of TLSv1.2 to connect to AM API destination hosts
  4. Cryptographic policy integrity check. It is recommended to set statusReportingSettings.commonCriteriaModeEnabled to true to obtain the status of policy integrity check. If the policy signature verification fails, then the policy is not applied on the device and commonCriteriaModeInfo.policy_signature_verification_status is set to POLICY_SIGNATURE_VERIFICATION_FAILED .

Common Criteria Mode is only supported on company-owned devices running Android 11 or above.

Warning: Common Criteria Mode enforces a strict security model typically only required for IT products used in national security systems and other highly sensitive organizations. Standard device use may be affected. Only enabled if required. If Common Criteria Mode is turned off after being enabled previously, all user-configured Wi-Fi networks may be lost and any enterprise-configured Wi-Fi networks that require user input may need to be reconfigured.

Enums
COMMON_CRITERIA_MODE_UNSPECIFIED Unspecified. Defaults to COMMON_CRITERIA_MODE_DISABLED.
COMMON_CRITERIA_MODE_DISABLED پیش فرض Disables Common Criteria Mode.
COMMON_CRITERIA_MODE_ENABLED Enables Common Criteria Mode.

MtePolicy

Controls Memory Tagging Extension (MTE) on the device.

Enums
MTE_POLICY_UNSPECIFIED Unspecified. Defaults to MTE_USER_CHOICE .
MTE_USER_CHOICE The user can choose to enable or disable MTE on the device if the device supports this.
MTE_ENFORCED

MTE is enabled on the device and the user is not allowed to change this setting. This can be set on fully managed devices and work profiles on company-owned devices. A NonComplianceDetail with MANAGEMENT_MODE is reported for other management modes. A NonComplianceDetail with DEVICE_INCOMPATIBLE is reported if the device does not support MTE.

Supported on Android 14 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 14.

MTE_DISABLED

MTE is disabled on the device and the user is not allowed to change this setting. This applies only on fully managed devices. In other cases, a NonComplianceDetail with MANAGEMENT_MODE is reported. A NonComplianceDetail with DEVICE_INCOMPATIBLE is reported if the device does not support MTE.

Supported on Android 14 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 14.

ContentProtectionPolicy

Controls whether content protection, which scans for deceptive apps, is enabled. This is supported on Android 15 and above.

Enums
CONTENT_PROTECTION_POLICY_UNSPECIFIED Unspecified. Defaults to CONTENT_PROTECTION_DISABLED .
CONTENT_PROTECTION_DISABLED Content protection is disabled and the user cannot change this.
CONTENT_PROTECTION_ENFORCED

Content protection is enabled and the user cannot change this.

Supported on Android 15 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 15.

CONTENT_PROTECTION_USER_CHOICE

Content protection is not controlled by the policy. The user is allowed to choose the behavior of content protection.

Supported on Android 15 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 15.

PersonalUsagePolicies

Policies controlling personal usage on a company-owned device with a work profile.

JSON representation 
{
  "cameraDisabled": boolean,
  "screenCaptureDisabled": boolean,
  "accountTypesWithManagementDisabled": [
    string
  ],
  "maxDaysWithWorkOff": integer,
  "personalPlayStoreMode": enum (PlayStoreMode),
  "personalApplications": [
    {
      object (PersonalApplicationPolicy)
    }
  ],
  "privateSpacePolicy": enum (PrivateSpacePolicy),
  "bluetoothSharing": enum (BluetoothSharing)
}
فیلدها
cameraDisabled

boolean

If true, the camera is disabled on the personal profile.

screenCaptureDisabled

boolean

If true, screen capture is disabled for all users.

accountTypesWithManagementDisabled[]

string

Account types that can't be managed by the user.

maxDaysWithWorkOff

integer

Controls how long the work profile can stay off. The minimum duration must be at least 3 days. Other details are as follows:

  • If the duration is set to 0, the feature is turned off.
  • If the duration is set to a value smaller than the minimum duration, the feature returns an error.
Note: If you want to avoid personal profiles being suspended during long periods of off-time, you can temporarily set a large value for this parameter.

personalPlayStoreMode

enum ( PlayStoreMode )

Used together with personalApplications to control how apps in the personal profile are allowed or blocked.

personalApplications[]

object ( PersonalApplicationPolicy )

Policy applied to applications in the personal profile.

privateSpacePolicy

enum ( PrivateSpacePolicy )

اختیاری. Controls whether a private space is allowed on the device.

bluetoothSharing

enum ( BluetoothSharing )

اختیاری. Whether bluetooth sharing is allowed.

PlayStoreMode

Used together with personalApplications to control how apps in the personal profile are allowed or blocked.

Enums
PLAY_STORE_MODE_UNSPECIFIED Unspecified. Defaults to BLOCKLIST .
BLACKLIST

All Play Store apps are available for installation in the personal profile, except those whose installType is BLOCKED in personalApplications .

BLOCKLIST All Play Store apps are available for installation in the personal profile, except those whose installType is BLOCKED in personalApplications .
ALLOWLIST Only apps explicitly specified in personalApplications with installType set to AVAILABLE are allowed to be installed in the personal profile.

PersonalApplicationPolicy

Policies for apps in the personal profile of a company-owned device with a work profile.

JSON representation 
{
  "packageName": string,
  "installType": enum (InstallType)
}
فیلدها
packageName

string

The package name of the application.

installType

enum ( InstallType )

The type of installation to perform.

InstallType

Types of installation behaviors a personal profile application can have.

Enums
INSTALL_TYPE_UNSPECIFIED Unspecified. Defaults to AVAILABLE .
BLOCKED The app is blocked and can't be installed in the personal profile. If the app was previously installed in the device, it will be uninstalled.
AVAILABLE The app is available to install in the personal profile.

PrivateSpacePolicy

Controls whether a private space is allowed on the device.

Enums
PRIVATE_SPACE_POLICY_UNSPECIFIED Unspecified. Defaults to PRIVATE_SPACE_ALLOWED .
PRIVATE_SPACE_ALLOWED Users can create a private space profile.
PRIVATE_SPACE_DISALLOWED Users cannot create a private space profile. Supported only for company-owned devices with a work profile. Caution: Any existing private space will be removed.

BluetoothSharing

Whether bluetooth sharing is allowed in the personal profile of a company-owned device with a work profile.

Enums
BLUETOOTH_SHARING_UNSPECIFIED Unspecified. Defaults to BLUETOOTH_SHARING_ALLOWED .
BLUETOOTH_SHARING_ALLOWED

Bluetooth sharing is allowed on personal profile.

Supported on Android 8 and above. A NonComplianceDetail with MANAGEMENT_MODE is reported if this is set for a personal device.

BLUETOOTH_SHARING_DISALLOWED

Bluetooth sharing is disallowed on personal profile.

Supported on Android 8 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 8. A NonComplianceDetail with MANAGEMENT_MODE is reported if this is set for a personal device.

AutoDateAndTimeZone

Whether auto date, time, and time zone is enabled on a company-owned device.

Enums
AUTO_DATE_AND_TIME_ZONE_UNSPECIFIED Unspecified. Defaults to AUTO_DATE_AND_TIME_ZONE_USER_CHOICE .
AUTO_DATE_AND_TIME_ZONE_USER_CHOICE Auto date, time, and time zone are left to user's choice.
AUTO_DATE_AND_TIME_ZONE_ENFORCED Enforce auto date, time, and time zone on the device.

OncCertificateProvider

This feature is not generally available.

JSON representation 
{
  "certificateReferences": [
    string
  ],

  // Union field endpoint can be only one of the following:
  "contentProviderEndpoint": {
    object (ContentProviderEndpoint)
  }
  // End of list of possible types for union field endpoint.
}
فیلدها
certificateReferences[]

string

This feature is not generally available.

Union field endpoint .

This feature is not generally available. endpoint can be only one of the following:

contentProviderEndpoint

object ( ContentProviderEndpoint )

This feature is not generally available.

ContentProviderEndpoint

This feature is not generally available.

JSON representation 
{
  "uri": string,
  "packageName": string,
  "signingCertsSha256": [
    string
  ]
}
فیلدها
uri

string

This feature is not generally available.

packageName

string

This feature is not generally available.

signingCertsSha256[]

string

مورد نیاز. This feature is not generally available.

CrossProfilePolicies

Controls the data from the work profile that can be accessed from the personal profile and vice versa. A NonComplianceDetail with MANAGEMENT_MODE is reported if the device does not have a work profile.

JSON representation 
{
  "showWorkContactsInPersonalProfile": enum (ShowWorkContactsInPersonalProfile),
  "crossProfileCopyPaste": enum (CrossProfileCopyPaste),
  "crossProfileDataSharing": enum (CrossProfileDataSharing),
  "workProfileWidgetsDefault": enum (WorkProfileWidgetsDefault),
  "crossProfileAppFunctions": enum (CrossProfileAppFunctions),
  "exemptionsToShowWorkContactsInPersonalProfile": {
    object (PackageNameList)
  }
}
فیلدها
showWorkContactsInPersonalProfile

enum ( ShowWorkContactsInPersonalProfile )

Whether personal apps can access contacts stored in the work profile.

See also exemptionsToShowWorkContactsInPersonalProfile .

crossProfileCopyPaste

enum ( CrossProfileCopyPaste )

Whether text copied from one profile (personal or work) can be pasted in the other profile.

crossProfileDataSharing

enum ( CrossProfileDataSharing )

Whether data from one profile (personal or work) can be shared with apps in the other profile. Specifically controls simple data sharing via intents. Management of other cross-profile communication channels, such as contact search, copy/paste, or connected work & personal apps, are configured separately.

workProfileWidgetsDefault

enum ( WorkProfileWidgetsDefault )

Specifies the default behaviour for work profile widgets. If the policy does not specify workProfileWidgets for a specific application, it will behave according to the value specified here.

crossProfileAppFunctions

enum ( CrossProfileAppFunctions )

اختیاری. Controls whether personal profile apps can invoke app functions exposed by apps in the work profile.

exemptionsToShowWorkContactsInPersonalProfile

object ( PackageNameList )

List of apps which are excluded from the ShowWorkContactsInPersonalProfile setting. For this to be set, ShowWorkContactsInPersonalProfile must be set to one of the following values:

Supported on Android 14 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 14.

ShowWorkContactsInPersonalProfile

Whether personal apps can access work profile contacts including contact searches and incoming calls

Note : Once a work contact is accessed by any personal app, it cannot be guaranteed to stay with the same app, as the contact could be shared or transferred to any other app, depending on the allowed app's behaviour.

Enums
SHOW_WORK_CONTACTS_IN_PERSONAL_PROFILE_UNSPECIFIED

Unspecified. Defaults to SHOW_WORK_CONTACTS_IN_PERSONAL_PROFILE_ALLOWED .

When this is set, exemptionsToShowWorkContactsInPersonalProfile must not be set.

SHOW_WORK_CONTACTS_IN_PERSONAL_PROFILE_DISALLOWED

Prevents personal apps from accessing work profile contacts and looking up work contacts.

When this is set, personal apps specified in exemptionsToShowWorkContactsInPersonalProfile are allowlisted and can access work profile contacts directly.

Supported on Android 7.0 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 7.0.

SHOW_WORK_CONTACTS_IN_PERSONAL_PROFILE_ALLOWED

پیش فرض Allows apps in the personal profile to access work profile contacts including contact searches and incoming calls.

When this is set, personal apps specified in exemptionsToShowWorkContactsInPersonalProfile are blocklisted and can not access work profile contacts directly.

Supported on Android 7.0 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 7.0.

SHOW_WORK_CONTACTS_IN_PERSONAL_PROFILE_DISALLOWED_EXCEPT_SYSTEM

Prevents most personal apps from accessing work profile contacts including contact searches and incoming calls, except for the OEM default Dialer, Messages, and Contacts apps. Neither user-configured Dialer, Messages, and Contacts apps, nor any other system or play installed apps, will be able to query work contacts directly.

When this is set, personal apps specified in exemptionsToShowWorkContactsInPersonalProfile are allowlisted and can access work profile contacts.

Supported on Android 14 and above. If this is set on a device with Android version less than 14, the behaviour falls back to SHOW_WORK_CONTACTS_IN_PERSONAL_PROFILE_DISALLOWED and a NonComplianceDetail with API_LEVEL is reported.

CrossProfileCopyPaste

Whether text copied from one profile (personal or work) can be pasted in the other profile.

Enums
CROSS_PROFILE_COPY_PASTE_UNSPECIFIED Unspecified. Defaults to COPY_FROM_WORK_TO_PERSONAL_DISALLOWED
COPY_FROM_WORK_TO_PERSONAL_DISALLOWED پیش فرض Prevents users from pasting into the personal profile text copied from the work profile. Text copied from the personal profile can be pasted into the work profile, and text copied from the work profile can be pasted into the work profile.
CROSS_PROFILE_COPY_PASTE_ALLOWED Text copied in either profile can be pasted in the other profile.

CrossProfileDataSharing

Whether data from one profile (personal or work) can be shared with apps in the other profile. Specifically controls simple data sharing via intents. This includes actions like opening a web browser, opening a map, sharing content, opening a document, etc. Management of other cross-profile communication channels, such as contact search, copy/paste, or connected work & personal apps, are configured separately.

Enums
CROSS_PROFILE_DATA_SHARING_UNSPECIFIED Unspecified. Defaults to DATA_SHARING_FROM_WORK_TO_PERSONAL_DISALLOWED.
CROSS_PROFILE_DATA_SHARING_DISALLOWED Prevents data from being shared from both the personal profile to the work profile and the work profile to the personal profile.
DATA_SHARING_FROM_WORK_TO_PERSONAL_DISALLOWED پیش فرض Prevents users from sharing data from the work profile to apps in the personal profile. Personal data can be shared with work apps.
CROSS_PROFILE_DATA_SHARING_ALLOWED Data from either profile can be shared with the other profile.

WorkProfileWidgetsDefault

Controls if work profile applications are allowed to add widgets to the home screen, where no app-specific policy is defined. Otherwise, the app-specific policy will have priority over this.

Enums
WORK_PROFILE_WIDGETS_DEFAULT_UNSPECIFIED Unspecified. Defaults to WORK_PROFILE_WIDGETS_DEFAULT_DISALLOWED.
WORK_PROFILE_WIDGETS_DEFAULT_ALLOWED Work profile widgets are allowed by default. This means that if the policy does not specify workProfileWidgets as WORK_PROFILE_WIDGETS_DISALLOWED for the application, it will be able to add widgets to the home screen.
WORK_PROFILE_WIDGETS_DEFAULT_DISALLOWED Work profile widgets are disallowed by default. This means that if the policy does not specify workProfileWidgets as WORK_PROFILE_WIDGETS_ALLOWED for the application, it will be unable to add widgets to the home screen.

CrossProfileAppFunctions

Controls whether personal profile apps are allowed to invoke app functions exposed by apps in the work profile.

Enums
CROSS_PROFILE_APP_FUNCTIONS_UNSPECIFIED Unspecified. If appFunctions is set to APP_FUNCTIONS_ALLOWED , defaults to CROSS_PROFILE_APP_FUNCTIONS_ALLOWED . If appFunctions is set to APP_FUNCTIONS_DISALLOWED , defaults to CROSS_PROFILE_APP_FUNCTIONS_DISALLOWED .
CROSS_PROFILE_APP_FUNCTIONS_DISALLOWED Personal profile apps are not allowed to invoke app functions exposed by apps in the work profile.
CROSS_PROFILE_APP_FUNCTIONS_ALLOWED Personal profile apps can invoke app functions exposed by apps in the work profile. If this is set, appFunctions must not be set to APP_FUNCTIONS_DISALLOWED , otherwise the policy will be rejected.

PreferentialNetworkService

Controls whether preferential network service is enabled on the work profile or on fully managed devices. See preferentialNetworkService for details.

Enums
PREFERENTIAL_NETWORK_SERVICE_UNSPECIFIED Unspecified. Defaults to PREFERENTIAL_NETWORK_SERVICES_DISABLED .
PREFERENTIAL_NETWORK_SERVICE_DISABLED Preferential network service is disabled on the work profile.
PREFERENTIAL_NETWORK_SERVICE_ENABLED Preferential network service is enabled on the work profile. This setting is only supported on work profiles on devices running Android 12 or above. Starting with Android 13, fully managed devices are also supported.

UsageLog

Controls types of device activity logs collected from the device and reported via Pub/Sub notification .

JSON representation 
{
  "enabledLogTypes": [
    enum (LogType)
  ],
  "uploadOnCellularAllowed": [
    enum (LogType)
  ]
}
فیلدها
enabledLogTypes[]

enum ( LogType )

Specifies which log types are enabled. Note that users will receive on-device messaging when usage logging is enabled.

uploadOnCellularAllowed[]

enum ( LogType )

Specifies which of the enabled log types can be uploaded over mobile data. By default logs are queued for upload when the device connects to WiFi.

LogType

The types of device activity logs that are reported from the device.

Enums
LOG_TYPE_UNSPECIFIED This value is not used.
SECURITY_LOGS Enable logging of on-device security events, like when the device password is incorrectly entered or removable storage is mounted. See UsageLogEvent for a complete description of the logged security events. Supported for fully managed devices on Android 7 and above. Supported for company-owned devices with a work profile on Android 12 and above, on which only security events from the work profile are logged. Can be overridden by the application delegated scope SECURITY_LOGS
NETWORK_ACTIVITY_LOGS Enable logging of on-device network events, like DNS lookups and TCP connections. See UsageLogEvent for a complete description of the logged network events. Supported for fully managed devices on Android 8 and above. Supported for company-owned devices with a work profile on Android 12 and above, on which only network events from the work profile are logged. Can be overridden by the application delegated scope NETWORK_ACTIVITY_LOGS

CameraAccess

Controls the use of the camera and whether the user has access to the camera access toggle. The camera access toggle exists on Android 12 and above. As a general principle, the possibility of disabling the camera applies device-wide on fully managed devices and only within the work profile on devices with a work profile. The possibility of disabling the camera access toggle applies only on fully managed devices, in which case it applies device-wide. For specifics, see the enum values.

Enums
CAMERA_ACCESS_UNSPECIFIED If cameraDisabled is true, this is equivalent to CAMERA_ACCESS_DISABLED . Otherwise, this is equivalent to CAMERA_ACCESS_USER_CHOICE .
CAMERA_ACCESS_USER_CHOICE The field cameraDisabled is ignored. This is the default device behaviour: all cameras on the device are available. On Android 12 and above, the user can use the camera access toggle.
CAMERA_ACCESS_DISABLED

The field cameraDisabled is ignored. All cameras on the device are disabled (for fully managed devices, this applies device-wide and for work profiles this applies only to the work profile).

There are no explicit restrictions placed on the camera access toggle on Android 12 and above: on fully managed devices, the camera access toggle has no effect as all cameras are disabled. On devices with a work profile, this toggle has no effect on apps in the work profile, but it affects apps outside the work profile.

CAMERA_ACCESS_ENFORCED The field cameraDisabled is ignored. All cameras on the device are available. On fully managed devices running Android 12 and above, the user is unable to use the camera access toggle. On devices which are not fully managed or which run Android 11 or below, this is equivalent to CAMERA_ACCESS_USER_CHOICE .

MicrophoneAccess

On fully managed devices, controls the use of the microphone and whether the user has access to the microphone access toggle. This setting has no effect on devices which are not fully managed. The microphone access toggle exists on Android 12 and above.

Enums
MICROPHONE_ACCESS_UNSPECIFIED If unmuteMicrophoneDisabled is true, this is equivalent to MICROPHONE_ACCESS_DISABLED . Otherwise, this is equivalent to MICROPHONE_ACCESS_USER_CHOICE .
MICROPHONE_ACCESS_USER_CHOICE The field unmuteMicrophoneDisabled is ignored. This is the default device behaviour: the microphone on the device is available. On Android 12 and above, the user can use the microphone access toggle.
MICROPHONE_ACCESS_DISABLED

The field unmuteMicrophoneDisabled is ignored. The microphone on the device is disabled (for fully managed devices, this applies device-wide).

The microphone access toggle has no effect as the microphone is disabled.

MICROPHONE_ACCESS_ENFORCED The field unmuteMicrophoneDisabled is ignored. The microphone on the device is available. On devices running Android 12 and above, the user is unable to use the microphone access toggle. On devices which run Android 11 or below, this is equivalent to MICROPHONE_ACCESS_USER_CHOICE .

DeviceConnectivityManagement

Covers controls for device connectivity such as Wi-Fi, USB data access, keyboard/mouse connections, and more.

JSON representation 
{
  "usbDataAccess": enum (UsbDataAccess),
  "configureWifi": enum (ConfigureWifi),
  "wifiDirectSettings": enum (WifiDirectSettings),
  "tetheringSettings": enum (TetheringSettings),
  "wifiSsidPolicy": {
    object (WifiSsidPolicy)
  },
  "wifiRoamingPolicy": {
    object (WifiRoamingPolicy)
  },
  "bluetoothSharing": enum (BluetoothSharing),
  "preferentialNetworkServiceSettings": {
    object (PreferentialNetworkServiceSettings)
  },
  "apnPolicy": {
    object (ApnPolicy)
  }
}
فیلدها
usbDataAccess

enum ( UsbDataAccess )

Controls what files and/or data can be transferred via USB. Supported only on company-owned devices.

configureWifi

enum ( ConfigureWifi )

Controls Wi-Fi configuring privileges. Based on the option set, user will have either full or limited or no control in configuring Wi-Fi networks.

wifiDirectSettings

enum ( WifiDirectSettings )

Controls configuring and using Wi-Fi direct settings. Supported on company-owned devices running Android 13 and above.

tetheringSettings

enum ( TetheringSettings )

Controls tethering settings. Based on the value set, the user is partially or fully disallowed from using different forms of tethering.

wifiSsidPolicy

object ( WifiSsidPolicy )

Restrictions on which Wi-Fi SSIDs the device can connect to. Note that this does not affect which networks can be configured on the device. Supported on company-owned devices running Android 13 and above.

wifiRoamingPolicy

object ( WifiRoamingPolicy )

اختیاری. Wi-Fi roaming policy.

bluetoothSharing

enum ( BluetoothSharing )

اختیاری. Controls whether Bluetooth sharing is allowed.

preferentialNetworkServiceSettings

object ( PreferentialNetworkServiceSettings )

اختیاری. Preferential network service configuration. Setting this field will override preferentialNetworkService . This can be set on both work profiles and fully managed devices on Android 13 and above. See 5G network slicing guide for more details.

apnPolicy

object ( ApnPolicy )

اختیاری. Access Point Name (APN) policy. Configuration for Access Point Names (APNs) which may override any other APNs on the device. See OVERRIDE_APNS_ENABLED and overrideApns for details.

UsbDataAccess

Controls what files and/or data can be transferred via USB. Does not impact charging functions. Supported only on company-owned devices.

Enums
USB_DATA_ACCESS_UNSPECIFIED Unspecified. Defaults to DISALLOW_USB_FILE_TRANSFER .
ALLOW_USB_DATA_TRANSFER All types of USB data transfers are allowed. usbFileTransferDisabled is ignored.
DISALLOW_USB_FILE_TRANSFER Transferring files over USB is disallowed. Other types of USB data connections, such as mouse and keyboard connection, are allowed. usbFileTransferDisabled is ignored.
DISALLOW_USB_DATA_TRANSFER When set, all types of USB data transfers are prohibited. Supported for devices running Android 12 or above with USB HAL 1.3 or above. If the setting is not supported, DISALLOW_USB_FILE_TRANSFER will be set. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 12. A NonComplianceDetail with DEVICE_INCOMPATIBLE is reported if the device does not have USB HAL 1.3 or above. usbFileTransferDisabled is ignored.

ConfigureWifi

Controls Wi-Fi configuring privileges. Based on the option set, the user will have either full or limited or no control in configuring Wi-Fi networks.

Enums
CONFIGURE_WIFI_UNSPECIFIED Unspecified. Defaults to ALLOW_CONFIGURING_WIFI unless wifiConfigDisabled is set to true. If wifiConfigDisabled is set to true, this is equivalent to DISALLOW_CONFIGURING_WIFI .
ALLOW_CONFIGURING_WIFI The user is allowed to configure Wi-Fi. wifiConfigDisabled is ignored.
DISALLOW_ADD_WIFI_CONFIG Adding new Wi-Fi configurations is disallowed. The user is only able to switch between already configured networks. Supported on Android 13 and above, on fully managed devices and work profiles on company-owned devices. If the setting is not supported, ALLOW_CONFIGURING_WIFI is set. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 13. wifiConfigDisabled is ignored.
DISALLOW_CONFIGURING_WIFI Disallows configuring Wi-Fi networks. The setting wifiConfigDisabled is ignored when this value is set. Supported on fully managed devices and work profile on company-owned devices, on all supported API levels. For fully managed devices, setting this removes all configured networks and retains only the networks configured using openNetworkConfiguration policy. For work profiles on company-owned devices, existing configured networks are not affected and the user is not allowed to add, remove, or modify Wi-Fi networks. Note: If a network connection can't be made at boot time and configuring Wi-Fi is disabled then network escape hatch will be shown in order to refresh the device policy (see networkEscapeHatchEnabled ).

WifiDirectSettings

Controls Wi-Fi direct settings. Supported on company-owned devices running Android 13 and above.

Enums
WIFI_DIRECT_SETTINGS_UNSPECIFIED Unspecified. Defaults to ALLOW_WIFI_DIRECT
ALLOW_WIFI_DIRECT The user is allowed to use Wi-Fi direct.
DISALLOW_WIFI_DIRECT The user is not allowed to use Wi-Fi direct. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 13.

TetheringSettings

Controls the extent to which the user is allowed to use different forms of tethering like Wi-Fi tethering, bluetooth tethering, etc.

Enums
TETHERING_SETTINGS_UNSPECIFIED Unspecified. Defaults to ALLOW_ALL_TETHERING unless tetheringConfigDisabled is set to true. If tetheringConfigDisabled is set to true, this is equivalent to DISALLOW_ALL_TETHERING .
ALLOW_ALL_TETHERING Allows configuration and use of all forms of tethering. tetheringConfigDisabled is ignored.
DISALLOW_WIFI_TETHERING Disallows the user from using Wi-Fi tethering. Supported on company owned devices running Android 13 and above. If the setting is not supported, ALLOW_ALL_TETHERING will be set. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 13. tetheringConfigDisabled is ignored.
DISALLOW_ALL_TETHERING Disallows all forms of tethering. Supported on fully managed devices and work profile on company-owned devices, on all supported android versions. The setting tetheringConfigDisabled is ignored.

WifiSsidPolicy

Restrictions on which Wi-Fi SSIDs the device can connect to. Note that this does not affect which networks can be configured on the device. Supported on company-owned devices running Android 13 and above.

JSON representation 
{
  "wifiSsidPolicyType": enum (WifiSsidPolicyType),
  "wifiSsids": [
    {
      object (WifiSsid)
    }
  ]
}
فیلدها
wifiSsidPolicyType

enum ( WifiSsidPolicyType )

Type of the Wi-Fi SSID policy to be applied.

wifiSsids[]

object ( WifiSsid )

اختیاری. List of Wi-Fi SSIDs that should be applied in the policy. This field must be non-empty when WifiSsidPolicyType is set to WIFI_SSID_ALLOWLIST . If this is set to a non-empty list, then a NonComplianceDetail detail with API_LEVEL is reported if the Android version is less than 13 and a NonComplianceDetail with MANAGEMENT_MODE is reported for non-company-owned devices.

WifiSsidPolicyType

The types of Wi-Fi SSID policy that can be applied on the device.

Enums
WIFI_SSID_POLICY_TYPE_UNSPECIFIED Defaults to WIFI_SSID_DENYLIST . wifiSsids must not be set. There are no restrictions on which SSID the device can connect to.
WIFI_SSID_DENYLIST The device cannot connect to any Wi-Fi network whose SSID is in wifiSsids , but can connect to other networks.
WIFI_SSID_ALLOWLIST The device can make Wi-Fi connections only to the SSIDs in wifiSsids . wifiSsids must not be empty. The device will not be able to connect to any other Wi-Fi network.

WifiSsid

Represents a Wi-Fi SSID.

JSON representation 
{
  "wifiSsid": string
}
فیلدها
wifiSsid

string

مورد نیاز. Wi-Fi SSID represented as a string.

WifiRoamingPolicy

Wi-Fi roaming policy.

JSON representation 
{
  "wifiRoamingSettings": [
    {
      object (WifiRoamingSetting)
    }
  ]
}
فیلدها
wifiRoamingSettings[]

object ( WifiRoamingSetting )

اختیاری. Wi-Fi roaming settings. SSIDs provided in this list must be unique, the policy will be rejected otherwise.

WifiRoamingSetting

Wi-Fi roaming setting.

JSON representation 
{
  "wifiSsid": string,
  "wifiRoamingMode": enum (WifiRoamingMode)
}
فیلدها
wifiSsid

string

مورد نیاز. SSID of the Wi-Fi network.

wifiRoamingMode

enum ( WifiRoamingMode )

مورد نیاز. Wi-Fi roaming mode for the specified SSID.

WifiRoamingMode

Wi-Fi roaming mode.

Enums
WIFI_ROAMING_MODE_UNSPECIFIED Unspecified. Defaults to WIFI_ROAMING_DEFAULT .
WIFI_ROAMING_DISABLED Wi-Fi roaming is disabled. Supported on Android 15 and above on fully managed devices and work profiles on company-owned devices. A NonComplianceDetail with MANAGEMENT_MODE is reported for other management modes. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 15.
WIFI_ROAMING_DEFAULT Default Wi-Fi roaming mode of the device.
WIFI_ROAMING_AGGRESSIVE Aggressive roaming mode which allows quicker Wi-Fi roaming. Supported on Android 15 and above on fully managed devices and work profiles on company-owned devices. A NonComplianceDetail with MANAGEMENT_MODE is reported for other management modes. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 15. A NonComplianceDetail with DEVICE_INCOMPATIBLE is reported if the device does not support aggressive roaming mode.

BluetoothSharing

Controls whether Bluetooth sharing is allowed.

Enums
BLUETOOTH_SHARING_UNSPECIFIED Unspecified. Defaults to BLUETOOTH_SHARING_DISALLOWED on work profiles and BLUETOOTH_SHARING_ALLOWED on fully managed devices.
BLUETOOTH_SHARING_ALLOWED

Bluetooth sharing is allowed.

Supported on Android 8 and above. A NonComplianceDetail with API_LEVEL is reported on work profiles if the Android version is less than 8.

BLUETOOTH_SHARING_DISALLOWED

Bluetooth sharing is disallowed.

Supported on Android 8 and above. A NonComplianceDetail with API_LEVEL is reported on fully managed devices if the Android version is less than 8.

PreferentialNetworkServiceSettings

Preferential network service settings.

JSON representation 
{
  "preferentialNetworkServiceConfigs": [
    {
      object (PreferentialNetworkServiceConfig)
    }
  ],
  "defaultPreferentialNetworkId": enum (PreferentialNetworkId)
}
فیلدها
preferentialNetworkServiceConfigs[]

object ( PreferentialNetworkServiceConfig )

مورد نیاز. Preferential network service configurations which enables having multiple enterprise slices. There must not be multiple configurations with the same preferentialNetworkId . If a configuration is not referenced by any application by setting ApplicationPolicy.preferentialNetworkId or by setting defaultPreferentialNetworkId , it will be ignored. For devices on 4G networks, enterprise APN needs to be configured additionally to set up data call for preferential network service. These APNs can be added using apnPolicy .

defaultPreferentialNetworkId

enum ( PreferentialNetworkId )

مورد نیاز. Default preferential network ID for the applications that are not in applications or if ApplicationPolicy.preferentialNetworkId is set to PREFERENTIAL_NETWORK_ID_UNSPECIFIED . There must be a configuration for the specified network ID in preferentialNetworkServiceConfigs , unless this is set to NO_PREFERENTIAL_NETWORK . If set to PREFERENTIAL_NETWORK_ID_UNSPECIFIED or unset, this defaults to NO_PREFERENTIAL_NETWORK . Note: If the default preferential network is misconfigured, applications with no ApplicationPolicy.preferentialNetworkId set are not able to access the internet. This setting does not apply to the following critical apps:

  • com.google.android.apps.work.clouddpc
  • com.google.android.gms

ApplicationPolicy.preferentialNetworkId can still be used to configure the preferential network for them.

PreferentialNetworkServiceConfig

Individual preferential network service configuration.

JSON representation 
{
  "preferentialNetworkId": enum (PreferentialNetworkId),
  "fallbackToDefaultConnection": enum (FallbackToDefaultConnection),
  "nonMatchingNetworks": enum (NonMatchingNetworks)
}
فیلدها
preferentialNetworkId

enum ( PreferentialNetworkId )

مورد نیاز. Preferential network identifier. This must not be set to NO_PREFERENTIAL_NETWORK or PREFERENTIAL_NETWORK_ID_UNSPECIFIED , the policy will be rejected otherwise.

fallbackToDefaultConnection

enum ( FallbackToDefaultConnection )

اختیاری. Whether fallback to the device-wide default network is allowed. If this is set to FALLBACK_TO_DEFAULT_CONNECTION_ALLOWED , then nonMatchingNetworks must not be set to NON_MATCHING_NETWORKS_DISALLOWED , the policy will be rejected otherwise. Note: If this is set to FALLBACK_TO_DEFAULT_CONNECTION_DISALLOWED , applications are not able to access the internet if the 5G slice is not available.

nonMatchingNetworks

enum ( NonMatchingNetworks )

اختیاری. Whether apps this configuration applies to are blocked from using networks other than the preferential service. If this is set to NON_MATCHING_NETWORKS_DISALLOWED , then fallbackToDefaultConnection must be set to FALLBACK_TO_DEFAULT_CONNECTION_DISALLOWED .

FallbackToDefaultConnection

Whether fallback to the device-wide default network is allowed. Note that while this setting determines whether the apps subject to this configuration have a default network in the absence of a preferential service, apps can still explicitly decide to use another network than their default network by requesting them from the system. This setting does not determine whether the apps are blocked from using such other networks. See nonMatchingNetworks for this setting.

Enums
FALLBACK_TO_DEFAULT_CONNECTION_UNSPECIFIED Unspecified. Defaults to FALLBACK_TO_DEFAULT_CONNECTION_ALLOWED .
FALLBACK_TO_DEFAULT_CONNECTION_ALLOWED Fallback to default connection is allowed. If this is set, nonMatchingNetworks must not be set to NON_MATCHING_NETWORKS_DISALLOWED , the policy will be rejected otherwise.
FALLBACK_TO_DEFAULT_CONNECTION_DISALLOWED Fallback to default connection is not allowed.

NonMatchingNetworks

Whether apps this configuration applies to are allowed to use networks other than the preferential service. Apps can inspect the list of available networks on the device and choose to use multiple networks concurrently for performance, privacy or other reasons.

Enums
NON_MATCHING_NETWORKS_UNSPECIFIED Unspecified. Defaults to NON_MATCHING_NETWORKS_ALLOWED .
NON_MATCHING_NETWORKS_ALLOWED Apps this configuration applies to are allowed to use networks other than the preferential service.
NON_MATCHING_NETWORKS_DISALLOWED Apps this configuration applies to are disallowed from using other networks than the preferential service. This can be set on Android 14 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 14. If this is set, fallbackToDefaultConnection must be set to FALLBACK_TO_DEFAULT_CONNECTION_DISALLOWED , the policy will be rejected otherwise.

ApnPolicy

Access Point Name (APN) policy. Configuration for Access Point Names (APNs) which may override any other APNs on the device. See OVERRIDE_APNS_ENABLED and overrideApns for details.

JSON representation 
{
  "overrideApns": enum (OverrideApns),
  "apnSettings": [
    {
      object (ApnSetting)
    }
  ]
}
فیلدها
overrideApns

enum ( OverrideApns )

اختیاری. Whether override APNs are disabled or enabled. See DevicePolicyManager.setOverrideApnsEnabled for more details.

apnSettings[]

object ( ApnSetting )

اختیاری. APN settings for override APNs. There must not be any conflict between any of APN settings provided, otherwise the policy will be rejected. Two ApnSetting s are considered to conflict when all of the following fields match on both: numericOperatorId , apn , proxyAddress , proxyPort , mmsProxyAddress , mmsProxyPort , mmsc , mvnoType , protocol , roamingProtocol . If some of the APN settings result in non-compliance of INVALID_VALUE , they will be ignored. This can be set on fully managed devices on Android 10 and above. This can also be set on work profiles on Android 13 and above and only with ApnSetting 's with ENTERPRISE APN type. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 10. A NonComplianceDetail with MANAGEMENT_MODE is reported for work profiles on Android versions less than 13.

OverrideApns

Whether override APNs are disabled or enabled. See DevicePolicyManager.setOverrideApnsEnabled for more details.

Enums
OVERRIDE_APNS_UNSPECIFIED Unspecified. Defaults to OVERRIDE_APNS_DISABLED .
OVERRIDE_APNS_DISABLED Override APNs disabled. Any configured apnSettings are saved on the device, but are disabled and have no effect. Any other APNs on the device remain in use.
OVERRIDE_APNS_ENABLED Override APNs enabled. Only override APNs are in use, any other APNs are ignored. This can only be set on fully managed devices on Android 10 and above. For work profiles override APNs are enabled via preferentialNetworkServiceSettings and this value cannot be set. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 10. A NonComplianceDetail with MANAGEMENT_MODE is reported for work profiles.

ApnSetting

An Access Point Name (APN) configuration for a carrier data connection. The APN provides configuration to connect a cellular network device to an IP data network. A carrier uses this setting to decide which IP address to assign, any security methods to apply, and how the device might be connected to private networks.

JSON representation 
{
  "apnTypes": [
    enum (ApnType)
  ],
  "apn": string,
  "displayName": string,
  "alwaysOnSetting": enum (AlwaysOnSetting),
  "authType": enum (AuthType),
  "carrierId": integer,
  "mmsProxyAddress": string,
  "mmsProxyPort": integer,
  "mmsc": string,
  "mtuV4": integer,
  "mtuV6": integer,
  "mvnoType": enum (MvnoType),
  "networkTypes": [
    enum (NetworkType)
  ],
  "username": string,
  "password": string,
  "numericOperatorId": string,
  "protocol": enum (Protocol),
  "roamingProtocol": enum (Protocol),
  "proxyAddress": string,
  "proxyPort": integer
}
فیلدها
apnTypes[]

enum ( ApnType )

مورد نیاز. Usage categories for the APN. Policy will be rejected if this field is empty or contains APN_TYPE_UNSPECIFIED or duplicates. Multiple APN types can be set on fully managed devices. ENTERPRISE is the only allowed APN type on work profiles. A NonComplianceDetail with MANAGEMENT_MODE is reported for any other value on work profiles. APN types that are not supported on the device or management mode will be ignored. If this results in the empty list, the APN setting will be ignored, because apnTypes is a required field. A NonComplianceDetail with INVALID_VALUE is reported if none of the APN types are supported on the device or management mode.

apn

string

مورد نیاز. Name of the APN. Policy will be rejected if this field is empty.

displayName

string

مورد نیاز. Human-readable name that describes the APN. Policy will be rejected if this field is empty.

alwaysOnSetting

enum ( AlwaysOnSetting )

اختیاری. Whether User Plane resources have to be activated during every transition from CM-IDLE mode to CM-CONNECTED state for this APN. See 3GPP TS 23.501 section 5.6.13.

authType

enum ( AuthType )

اختیاری. Authentication type of the APN.

carrierId

integer

اختیاری. Carrier ID for the APN. A value of 0 (default) means not set and negative values are rejected.

mmsProxyAddress

string

اختیاری. MMS (Multimedia Messaging Service) proxy address of the APN which can be an IP address or hostname (not a URL).

mmsProxyPort

integer

اختیاری. MMS (Multimedia Messaging Service) proxy port of the APN. A value of 0 (default) means not set and negative values are rejected.

mmsc

string

اختیاری. MMSC (Multimedia Messaging Service Center) URI of the APN.

mtuV4

integer

اختیاری. The default MTU (Maximum Transmission Unit) size in bytes of the IPv4 routes brought up by this APN setting. A value of 0 (default) means not set and negative values are rejected. Supported on Android 13 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 13.

mtuV6

integer

اختیاری. The MTU (Maximum Transmission Unit) size of the IPv6 mobile interface to which the APN connected. A value of 0 (default) means not set and negative values are rejected. Supported on Android 13 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 13.

mvnoType

enum ( MvnoType )

اختیاری. MVNO match type for the APN.

networkTypes[]

enum ( NetworkType )

اختیاری. Radio technologies (network types) the APN may use. Policy will be rejected if this field contains NETWORK_TYPE_UNSPECIFIED or duplicates.

username

string

اختیاری. APN username of the APN.

password

string

اختیاری. APN password of the APN.

numericOperatorId

string

اختیاری. The numeric operator ID of the APN. Numeric operator ID is defined as MCC (Mobile Country Code) + MNC (Mobile Network Code).

protocol

enum ( Protocol )

اختیاری. The protocol to use to connect to this APN.

roamingProtocol

enum ( Protocol )

اختیاری. The protocol to use to connect to this APN while the device is roaming.

proxyAddress

string

اختیاری. The proxy address of the APN.

proxyPort

integer

اختیاری. The proxy port of the APN. A value of 0 (default) means not set and negative values are rejected.

ApnType

Usage category for the APN.

Enums
APN_TYPE_UNSPECIFIED Unspecified. This value is not used.
ENTERPRISE APN type for enterprise traffic. Supported on Android 13 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 13.
BIP APN type for BIP (Bearer Independent Protocol). This can only be set on fully managed devices on Android 12 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 12. A NonComplianceDetail with MANAGEMENT_MODE is reported for work profiles.
CBS APN type for CBS (Carrier Branded Services). This can only be set on fully managed devices. A NonComplianceDetail with MANAGEMENT_MODE is reported for work profiles.
DEFAULT APN type for default data traffic. This can only be set on fully managed devices. A NonComplianceDetail with MANAGEMENT_MODE is reported for work profiles.
DUN APN type for DUN (Dial-up networking) traffic. This can only be set on fully managed devices. A NonComplianceDetail with MANAGEMENT_MODE is reported for work profiles.
EMERGENCY APN type for Emergency PDN. This is not an IA apn, but is used for access to carrier services in an emergency call situation. This can only be set on fully managed devices. A NonComplianceDetail with MANAGEMENT_MODE is reported for work profiles.
FOTA APN type for accessing the carrier's FOTA (Firmware Over-the-Air) portal, used for over the air updates. This can only be set on fully managed devices. A NonComplianceDetail with MANAGEMENT_MODE is reported for work profiles.
HIPRI APN type for HiPri (high-priority) traffic. This can only be set on fully managed devices. A NonComplianceDetail with MANAGEMENT_MODE is reported for work profiles.
IA APN type for IA (Initial Attach) APN. This can only be set on fully managed devices. A NonComplianceDetail with MANAGEMENT_MODE is reported for work profiles.
IMS APN type for IMS (IP Multimedia Subsystem) traffic. This can only be set on fully managed devices. A NonComplianceDetail with MANAGEMENT_MODE is reported for work profiles.
MCX APN type for MCX (Mission Critical Service) where X can be PTT/Video/Data. This can only be set on fully managed devices. A NonComplianceDetail with MANAGEMENT_MODE is reported for work profiles.
MMS APN type for MMS (Multimedia Messaging Service) traffic. This can only be set on fully managed devices. A NonComplianceDetail with MANAGEMENT_MODE is reported for work profiles.
RCS APN type for RCS (Rich Communication Services). This can only be set on fully managed devices on Android 15 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 15. A NonComplianceDetail with MANAGEMENT_MODE is reported for work profiles.
SUPL APN type for SUPL (Secure User Plane Location) assisted GPS. This can only be set on fully managed devices. A NonComplianceDetail with MANAGEMENT_MODE is reported for work profiles.
VSIM APN type for VSIM (Virtual SIM) service. This can only be set on fully managed devices on Android 12 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 12. A NonComplianceDetail with MANAGEMENT_MODE is reported for work profiles.
XCAP APN type for XCAP (XML Configuration Access Protocol) traffic. This can only be set on fully managed devices on Android 11 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 11. A NonComplianceDetail with MANAGEMENT_MODE is reported for work profiles.

AlwaysOnSetting

Whether User Plane resources have to be activated during every transition from CM-IDLE mode to CM-CONNECTED state for this APN. See 3GPP TS 23.501 section 5.6.13.

Enums
ALWAYS_ON_SETTING_UNSPECIFIED Unspecified. Defaults to NOT_ALWAYS_ON .
NOT_ALWAYS_ON The PDU session brought up by this APN should not be always on.
ALWAYS_ON The PDU session brought up by this APN should always be on. Supported on Android 15 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 15.

AuthType

Authentication type of the APN.

Enums
AUTH_TYPE_UNSPECIFIED Unspecified. If username is empty, defaults to NONE . Otherwise, defaults to PAP_OR_CHAP .
NONE احراز هویت لازم نیست.
PAP Authentication type for PAP.
CHAP Authentication type for CHAP.
PAP_OR_CHAP Authentication type for PAP or CHAP.

MvnoType

MVNO match type for the APN.

Enums
MVNO_TYPE_UNSPECIFIED The MVNO type is not specified.
GID MVNO type for group identifier level 1.
ICCID MVNO type for ICCID.
IMSI MVNO type for IMSI.
SPN MVNO type for SPN (service provider name).

NetworkType

Radio technology (network type) the APN may use.

Enums
NETWORK_TYPE_UNSPECIFIED Unspecified. This value must not be used.
EDGE Radio technology EDGE.
GPRS Radio technology GPRS.
GSM Radio technology GSM.
HSDPA Radio technology HSDPA.
HSPA Radio technology HSPA.
HSPAP Radio technology HSPAP.
HSUPA Radio technology HSUPA.
IWLAN Radio technology IWLAN.
LTE Radio technology LTE.
NR Radio technology NR (New Radio) 5G.
TD_SCDMA Radio technology TD_SCDMA.
UMTS Radio technology UMTS.

پروتکل

The protocol to use to connect to the APN.

Enums
PROTOCOL_UNSPECIFIED The protocol is not specified.
IP پروتکل اینترنت
IPV4V6 Virtual PDP type introduced to handle dual IP stack UE capability.
IPV6 Internet protocol, version 6.
NON_IP Transfer of Non-IP data to external packet data network.
PPP Point to point protocol.
UNSTRUCTURED Transfer of Unstructured data to the Data Network via N6.

DeviceRadioState

Controls for device radio settings.

JSON representation 
{
  "wifiState": enum (WifiState),
  "airplaneModeState": enum (AirplaneModeState),
  "ultraWidebandState": enum (UltraWidebandState),
  "cellularTwoGState": enum (CellularTwoGState),
  "minimumWifiSecurityLevel": enum (MinimumWifiSecurityLevel)
}
فیلدها
wifiState

enum ( WifiState )

Controls current state of Wi-Fi and if user can change its state.

airplaneModeState

enum ( AirplaneModeState )

Controls whether airplane mode can be toggled by the user or not.

ultraWidebandState

enum ( UltraWidebandState )

Controls the state of the ultra wideband setting and whether the user can toggle it on or off.

cellularTwoGState

enum ( CellularTwoGState )

Controls whether cellular 2G setting can be toggled by the user or not.

minimumWifiSecurityLevel

enum ( MinimumWifiSecurityLevel )

The minimum required security level of Wi-Fi networks that the device can connect to.

WifiState

Controls whether the Wi-Fi is on or off as a state and if the user can change said state. Supported on company-owned devices running Android 13 and above.

Enums
WIFI_STATE_UNSPECIFIED Unspecified. Defaults to WIFI_STATE_USER_CHOICE
WIFI_STATE_USER_CHOICE User is allowed to enable/disable Wi-Fi.
WIFI_ENABLED Wi-Fi is on and the user is not allowed to turn it off. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 13.
WIFI_DISABLED Wi-Fi is off and the user is not allowed to turn it on. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 13.

AirplaneModeState

Controls the state of airplane mode and whether the user can toggle it on or off. Supported on Android 9 and above. Supported on fully managed devices and work profiles on company-owned devices.

Enums
AIRPLANE_MODE_STATE_UNSPECIFIED Unspecified. Defaults to AIRPLANE_MODE_USER_CHOICE .
AIRPLANE_MODE_USER_CHOICE The user is allowed to toggle airplane mode on or off.
AIRPLANE_MODE_DISABLED Airplane mode is disabled. The user is not allowed to toggle airplane mode on. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 9.

UltraWidebandState

Controls the state of the ultra wideband setting and whether the user can toggle it on or off. Supported on Android 14 and above. Supported on fully managed devices and work profiles on company-owned devices.

Enums
ULTRA_WIDEBAND_STATE_UNSPECIFIED Unspecified. Defaults to ULTRA_WIDEBAND_USER_CHOICE .
ULTRA_WIDEBAND_USER_CHOICE The user is allowed to toggle ultra wideband on or off.
ULTRA_WIDEBAND_DISABLED Ultra wideband is disabled. The user is not allowed to toggle ultra wideband on via settings. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 14.

CellularTwoGState

Controls the state of cellular 2G setting and whether the user can toggle it on or off. Supported on Android 14 and above. Supported on fully managed devices and work profiles on company-owned devices.

Enums
CELLULAR_TWO_G_STATE_UNSPECIFIED Unspecified. Defaults to CELLULAR_TWO_G_USER_CHOICE .
CELLULAR_TWO_G_USER_CHOICE The user is allowed to toggle cellular 2G on or off.
CELLULAR_TWO_G_DISABLED Cellular 2G is disabled. The user is not allowed to toggle cellular 2G on via settings. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 14.

MinimumWifiSecurityLevel

Defines the different minimum Wi-Fi security levels required to connect to Wi-Fi networks. Supported on Android 13 and above. Supported on fully managed devices and work profiles on company-owned devices.

Enums
MINIMUM_WIFI_SECURITY_LEVEL_UNSPECIFIED Defaults to OPEN_NETWORK_SECURITY , which means the device will be able to connect to all types of Wi-Fi networks.
OPEN_NETWORK_SECURITY The device will be able to connect to all types of Wi-Fi networks.
PERSONAL_NETWORK_SECURITY A personal network such as WEP, WPA2-PSK is the minimum required security. The device will not be able to connect to open wifi networks. This is stricter than OPEN_NETWORK_SECURITY . A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 13.
ENTERPRISE_NETWORK_SECURITY An enterprise EAP network is the minimum required security level. The device will not be able to connect to Wi-Fi network below this security level. This is stricter than PERSONAL_NETWORK_SECURITY . A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 13.
ENTERPRISE_BIT192_NETWORK_SECURITY A 192-bit enterprise network is the minimum required security level. The device will not be able to connect to Wi-Fi network below this security level. This is stricter than ENTERPRISE_NETWORK_SECURITY . A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 13.

CredentialProviderPolicyDefault

Controls which apps are allowed to act as credential providers on Android 14 and above. These apps store credentials, see this and this for details. See also credentialProviderPolicy .

Enums
CREDENTIAL_PROVIDER_POLICY_DEFAULT_UNSPECIFIED Unspecified. Defaults to CREDENTIAL_PROVIDER_DEFAULT_DISALLOWED.
CREDENTIAL_PROVIDER_DEFAULT_DISALLOWED Apps with credentialProviderPolicy unspecified are not allowed to act as a credential provider.
CREDENTIAL_PROVIDER_DEFAULT_DISALLOWED_EXCEPT_SYSTEM Apps with credentialProviderPolicy unspecified are not allowed to act as a credential provider except for the OEM default credential providers. OEM default credential providers are always allowed to act as credential providers.

PrintingPolicy

Controls whether printing is allowed. This is supported on devices running Android 9 and above.

Enums
PRINTING_POLICY_UNSPECIFIED Unspecified. Defaults to PRINTING_ALLOWED .
PRINTING_DISALLOWED Printing is disallowed. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 9.
PRINTING_ALLOWED Printing is allowed.

DisplaySettings

Controls for the display settings.

JSON representation 
{
  "screenBrightnessSettings": {
    object (ScreenBrightnessSettings)
  },
  "screenTimeoutSettings": {
    object (ScreenTimeoutSettings)
  }
}
فیلدها
screenBrightnessSettings

object ( ScreenBrightnessSettings )

اختیاری. Controls the screen brightness settings.

screenTimeoutSettings

object ( ScreenTimeoutSettings )

اختیاری. Controls the screen timeout settings.

ScreenBrightnessSettings

Controls for the screen brightness settings.

JSON representation 
{
  "screenBrightnessMode": enum (ScreenBrightnessMode),
  "screenBrightness": integer
}
فیلدها
screenBrightnessMode

enum ( ScreenBrightnessMode )

اختیاری. Controls the screen brightness mode.

screenBrightness

integer

اختیاری. The screen brightness between 1 and 255 where 1 is the lowest and 255 is the highest brightness. A value of 0 (default) means no screen brightness set. Any other value is rejected. screenBrightnessMode must be either BRIGHTNESS_AUTOMATIC or BRIGHTNESS_FIXED to set this. Supported on Android 9 and above on fully managed devices. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 9. Supported on work profiles on company-owned devices on Android 15 and above.

ScreenBrightnessMode

Controls the screen brightness mode.

Enums
SCREEN_BRIGHTNESS_MODE_UNSPECIFIED Unspecified. Defaults to BRIGHTNESS_USER_CHOICE .
BRIGHTNESS_USER_CHOICE The user is allowed to configure the screen brightness. screenBrightness must not be set.
BRIGHTNESS_AUTOMATIC The screen brightness mode is automatic in which the brightness is automatically adjusted and the user is not allowed to configure the screen brightness. screenBrightness can still be set and it is taken into account while the brightness is automatically adjusted. Supported on Android 9 and above on fully managed devices. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 9. Supported on work profiles on company-owned devices on Android 15 and above.
BRIGHTNESS_FIXED The screen brightness mode is fixed in which the brightness is set to screenBrightness and the user is not allowed to configure the screen brightness. screenBrightness must be set. Supported on Android 9 and above on fully managed devices. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 9. Supported on work profiles on company-owned devices on Android 15 and above.

ScreenTimeoutSettings

Controls the screen timeout settings.

JSON representation 
{
  "screenTimeoutMode": enum (ScreenTimeoutMode),
  "screenTimeout": string
}
فیلدها
screenTimeoutMode

enum ( ScreenTimeoutMode )

اختیاری. Controls whether the user is allowed to configure the screen timeout.

screenTimeout

string ( Duration format)

اختیاری. Controls the screen timeout duration. The screen timeout duration must be greater than 0, otherwise it is rejected. Additionally, it should not be greater than maximumTimeToLock , otherwise the screen timeout is set to maximumTimeToLock and a NonComplianceDetail with INVALID_VALUE reason and SCREEN_TIMEOUT_GREATER_THAN_MAXIMUM_TIME_TO_LOCK specific reason is reported. If the screen timeout is less than a certain lower bound, it is set to the lower bound. The lower bound may vary across devices. If this is set, screenTimeoutMode must be SCREEN_TIMEOUT_ENFORCED . Supported on Android 9 and above on fully managed devices. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 9. Supported on work profiles on company-owned devices on Android 15 and above.

A duration in seconds with up to nine fractional digits, ending with ' s '. Example: "3.5s" .

ScreenTimeoutMode

Controls whether the user is allowed to configure the screen timeout.

Enums
SCREEN_TIMEOUT_MODE_UNSPECIFIED Unspecified. Defaults to SCREEN_TIMEOUT_USER_CHOICE .
SCREEN_TIMEOUT_USER_CHOICE The user is allowed to configure the screen timeout. screenTimeout must not be set.
SCREEN_TIMEOUT_ENFORCED The screen timeout is set to screenTimeout and the user is not allowed to configure the timeout. screenTimeout must be set. Supported on Android 9 and above on fully managed devices. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 9. Supported on work profiles on company-owned devices on Android 15 and above.

AssistContentPolicy

Controls whether AssistContent is allowed to be sent to a privileged app such as an assistant app. AssistContent includes screenshots and information about an app, such as package name. This is supported on Android 15 and above.

Enums
ASSIST_CONTENT_POLICY_UNSPECIFIED Unspecified. Defaults to ASSIST_CONTENT_ALLOWED .
ASSIST_CONTENT_DISALLOWED

Assist content is blocked from being sent to a privileged app.

Supported on Android 15 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 15.

ASSIST_CONTENT_ALLOWED

Assist content is allowed to be sent to a privileged app.

Supported on Android 15 and above.

WorkAccountSetupConfig

Controls the work account setup configuration, such as details of whether a Google authenticated account is required.

JSON representation 
{
  "authenticationType": enum (AuthenticationType),
  "requiredAccountEmail": string
}
فیلدها
authenticationType

enum ( AuthenticationType )

اختیاری. The authentication type of the user on the device.

requiredAccountEmail

string

اختیاری. The specific google work account email address to be added. This field is only relevant if authenticationType is GOOGLE_AUTHENTICATED . This must be an enterprise account and not a consumer account. Once set and a Google authenticated account is added to the device, changing this field will have no effect, and thus recommended to be set only once.

AuthenticationType

The authentication type of the user on the device.

Enums
AUTHENTICATION_TYPE_UNSPECIFIED Unspecified. Defaults to AUTHENTICATION_TYPE_NOT_ENFORCED .
AUTHENTICATION_TYPE_NOT_ENFORCED Authentication status of user on device is not enforced.
GOOGLE_AUTHENTICATED Requires device to be managed with a Google authenticated account.

WipeDataFlag

Wipe flags to indicate what data is wiped when a device or profile wipe is triggered due to any reason. (For example, when the device is non-compliant). This does not apply to the enterprises.devices.delete method.

Enums
WIPE_DATA_FLAG_UNSPECIFIED This value must not be used.
WIPE_ESIMS For company-owned devices, setting this in wipeDataFlags will remove all eSIMs on the device when wipe is triggered due to any reason. On personally-owned devices, this will remove only managed eSIMs on the device. (eSIMs which are added via the ADD_ESIM command). This is supported on devices running Android 15 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 15.

EnterpriseDisplayNameVisibility

Controls whether the enterpriseDisplayName is visible on the device (eg lock screen message on company-owned devices).

Enums
ENTERPRISE_DISPLAY_NAME_VISIBILITY_UNSPECIFIED Unspecified. Defaults to displaying the enterprise name that's set at the time of device setup. In future, this will default to ENTERPRISE_DISPLAY_NAME_VISIBLE .
ENTERPRISE_DISPLAY_NAME_VISIBLE The enterprise display name is visible on the device. Supported on work profiles on Android 7 and above. Supported on fully managed devices on Android 8 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 7. A NonComplianceDetail with MANAGEMENT_MODE is reported on fully managed devices on Android 7.
ENTERPRISE_DISPLAY_NAME_HIDDEN The enterprise display name is hidden on the device.

AppFunctions

Controls whether apps on the device for fully managed devices or in the work profile for devices with work profiles are allowed to expose app functions.

Enums
APP_FUNCTIONS_UNSPECIFIED Unspecified. Defaults to APP_FUNCTIONS_ALLOWED .
APP_FUNCTIONS_DISALLOWED Apps on the device for fully managed devices or in the work profile for devices with work profiles are not allowed to expose app functions. If this is set, crossProfileAppFunctions must not be set to CROSS_PROFILE_APP_FUNCTIONS_ALLOWED , otherwise the policy will be rejected.
APP_FUNCTIONS_ALLOWED Apps on the device for fully managed devices or in the work profile for devices with work profiles are allowed to expose app functions.

DefaultApplicationSetting

The default application setting for a DefaultApplicationType .

JSON representation 
{
  "defaultApplicationType": enum (DefaultApplicationType),
  "defaultApplications": [
    {
      object (DefaultApplication)
    }
  ],
  "defaultApplicationScopes": [
    enum (DefaultApplicationScope)
  ]
}
فیلدها
defaultApplicationType

enum ( DefaultApplicationType )

مورد نیاز. The app type to set the default application.

defaultApplications[]

object ( DefaultApplication )

مورد نیاز. The list of applications that can be set as the default app for a given type. This list must not be empty or contain duplicates. The first app in the list that is installed and qualified for the defaultApplicationType (eg SMS app for DEFAULT_SMS ) is set as the default app. The signing key certificate fingerprint of the app on the device must also match one of the signing key certificate fingerprints obtained from Play Store or one of the entries in ApplicationPolicy.signingKeyCerts in order to be set as the default.

If the defaultApplicationScopes contains SCOPE_FULLY_MANAGED or SCOPE_WORK_PROFILE , the app must have an entry in applications with installType set to a value other than BLOCKED .

A NonComplianceDetail with APP_NOT_INSTALLED reason and DEFAULT_APPLICATION_SETTING_FAILED_FOR_SCOPE specific reason is reported if none of the apps in the list are installed. A NonComplianceDetail with INVALID_VALUE reason and DEFAULT_APPLICATION_SETTING_FAILED_FOR_SCOPE specific reason is reported if at least one app is installed but the policy fails to apply due to other reasons (eg the app is not of the right type).

When applying to SCOPE_PERSONAL_PROFILE on a company-owned device with a work profile, only pre-installed system apps can be set as the default. A NonComplianceDetail with INVALID_VALUE reason and DEFAULT_APPLICATION_SETTING_FAILED_FOR_SCOPE specific reason is reported if the policy fails to apply to the personal profile.

defaultApplicationScopes[]

enum ( DefaultApplicationScope )

مورد نیاز. The scopes to which the policy should be applied. This list must not be empty or contain duplicates.

A NonComplianceDetail with MANAGEMENT_MODE reason and DEFAULT_APPLICATION_SETTING_UNSUPPORTED_SCOPES specific reason is reported if none of the specified scopes can be applied to the management mode (eg a fully managed device receives a policy with only SCOPE_PERSONAL_PROFILE in the list).

DefaultApplication

Information about the application to be set as the default.

JSON representation 
{
  "packageName": string
}
فیلدها
packageName

string

مورد نیاز. The package name that should be set as the default application. The policy is rejected if the package name is invalid.

روش ها

delete

 Deletes a policy.

get

 Gets a policy.

list

 Lists policies for a given enterprise.

modifyPolicyApplications

 Updates or creates applications in a policy.

patch

 Updates or creates a policy.

removePolicyApplications

 Removes applications in a policy.