[C-1-1] MUST implement the
APIs
allowing a Device Policy Controller (DPC) application to
become the
owner of a new Managed Profile
.
[C-1-2] The managed profile provisioning process (the flow initiated by
android.app.action.PROVISION_MANAGED_PROFILE
) users experience MUST align with
the AOSP implementation.
[C-1-3] MUST provide the following user affordances within the Settings to indicate to the
user when a particular system function has been disabled by the Device Policy Controller
(DPC):
A consistent icon or other user affordance (for example the upstream AOSP
info icon) to represent when a particular setting is restricted by a Device
Admin.
A short explanation message, as provided by the Device Admin via the
setShortSupportMessage
.
The DPC application’s icon.
3.9.2 Managed Profile Support
If device implementations declare
android.software.managed_users
, they:
[C-1-1] MUST support managed profiles via the
android.app.admin.DevicePolicyManager
APIs.
[C-1-2] MUST allow one and only
one managed profile to be created
.
[C-1-3] MUST use an icon badge (similar to the AOSP upstream work badge) to represent
the managed applications and widgets and other badged UI elements like Recents &
Notifications.
[C-1-4] MUST display a notification icon (similar to the AOSP upstream work badge) to
indicate when user is within a managed profile application.
[C-1-5] MUST display a toast indicating that the user is in the managed profile if and when
the device wakes up (ACTION_USER_PRESENT) and the foreground application is within
the managed profile.
[C-1-6] Where a managed profile exists, MUST show a visual affordance in the Intent
'Chooser' to allow the user to forward the intent from the managed profile to the primary
user or vice versa, if enabled by the Device Policy Controller.
[C-1-7] Where a managed profile exists, MUST expose the following user affordances for
both the primary user and the managed profile:
Separate accounting for battery, location, mobile data and storage usage for
the primary user and managed profile.
Independent management of VPN Applications installed within the primary
user or managed profile.
Independent management of applications installed within the primary user or
managed profile.
Independent management of accounts within the primary user or managed
profile.
[C-1-8] MUST ensure the preinstalled dialer, contacts and messaging applications can
search for and look up caller information from the managed profile (if one exists)
alongside those from the primary profile, if the Device Policy Controller permits it.
[C-1-9] MUST ensure that it satisfies all the security requirements applicable for a device
with multiple users enabled (see
section 9.5
), even though the managed profile is not
counted as another user in addition to the primary user.
[C-1-10] MUST support the ability to specify a separate lock screen meeting the following
requirements to grant access to apps running in a managed profile.
Device implementations MUST honor the
Page 48 of 132