From d248c4d3601d7d8692b932c0415d5514395d5516 Mon Sep 17 00:00:00 2001 From: Kaveesha Mihirangi Date: Wed, 29 Jan 2020 11:13:08 +0000 Subject: [PATCH] Update android xml by adding new structure to get policy ui configurations --- .../main/resources/devicetypes/android.xml | 2918 +++++++++++++++++ 1 file changed, 2918 insertions(+) diff --git a/features/mobile-plugins-feature/android-plugin-feature/org.wso2.carbon.device.mgt.mobile.android.feature/src/main/resources/devicetypes/android.xml b/features/mobile-plugins-feature/android-plugin-feature/org.wso2.carbon.device.mgt.mobile.android.feature/src/main/resources/devicetypes/android.xml index 161c74f01..370bc5316 100644 --- a/features/mobile-plugins-feature/android-plugin-feature/org.wso2.carbon.device.mgt.mobile.android.feature/src/main/resources/devicetypes/android.xml +++ b/features/mobile-plugins-feature/android-plugin-feature/org.wso2.carbon.device.mgt.mobile.android.feature/src/main/resources/devicetypes/android.xml @@ -853,4 +853,2922 @@ 35 + + + + Passcode Policy + + + Passcode Policy + Enforce a configured passcode policy on Android devices. Once this profile is applied, + the device owners won't be able to modify the password settings on their devices. + + + + Permits repeating, ascending and descending character sequences + allowSimple + + true + + + + + Mandates to contain both letters and numbers + requireAlphanumeric + + true + + + + + Minimum number of characters allowed in a passcode + minLength + + + + + + + + + + + + + + + + + + + + + Minimum number of complex or non-alphanumeric characters allowed in a passcode + minComplexChars + + + + + + + + + + + + + + Number of days after which a passcode must be changed + maxPINAgeInDays + + Should be in between 1-to-730 days or 0 for none + + ^(?:0|[1-9]|[1-9][1-9]|[0-6][0-9][0-9]|7[0-2][0-9]|730)$ + Should be in between 1-to-730 days or 0 for none + false + + + + + + Number of consequent unique passcodes to be used before reuse + pinHistory + + Should be in between 1-to-50 passcodes or 0 for none + + ^(?:0|[1-9]|[1-4][0-9]|50)$ + Should be in between 1-to-50 passcodes or 0 for none + false + + + + + + The maximum number of incorrect password entries allowed. If the correct password is not entered within the allowed number of attempts, the data on the device will be erased. + maxFailedAttempts + + + + + + + + + + + + + + + + + + + + Enabled Work profile passcode. + passcodePolicyWPExist + + false + + + workProfilePasscode + + + + Permits repeating, ascending and descending character sequences + passcodePolicyAllowSimpleWP + + true + + + + + Mandates to contain both letters and numbers + passcodePolicyRequireAlphanumericWP + + true + + + + + Minimum number of characters allowed in a passcode + passcodePolicyMinLengthWP + + + + + + + + + + + + + + + + + + + + + Minimum number of complex or non-alphanumeric characters allowed in a passcode + passcodePolicyMinComplexCharsWP + + + + + + + + + + + + + + Number of days after which a passcode must be changed + passcodePolicyMaxPasscodeAgeInDaysWP + + Should be in between 1-to-730 days or 0 for none + + ^(?:0|[1-9]|[1-9][1-9]|[0-6][0-9][0-9]|7[0-2][0-9]|730)$ + Should be in between 1-to-730 days or 0 for none + false + + + + + + Number of consequent unique passcodes to be used before reuse + passcodePolicyPasscodeHistoryWP + + Should be in between 1-to-50 passcodes or 0 for none + + ^(?:0|[1-9]|[1-4][0-9]|50)$ + Should be in between 1-to-50 passcodes or 0 for none + false + + + + + + The maximum number of incorrect password entries allowed. If the correct password is not entered within the allowed number of attempts, the data on the device will be erased. + passcodePolicyMaxFailedAttemptsWP + + + + + + + + + + + + + + + + + + + + + + + + + Restrictions + + + Restrictions + This configurations can be used to restrict certain settings on an Android device. Once this configuration profile is installed on a device, corresponding users will not be able to modify these settings on their devices. + + + + Enables the usage of device camera + CAMERA + + true + + + + + + + + Users are restricted from configuring VPN. + DISALLOW_CONFIG_VPN + + false + + + + + Restricts users from modifying applications in the device's settings or launchers. + DISALLOW_APPS_CONTROL + + false + + + + + Device owners are restricted from copying items that are copied to the clipboard from the managed profile to the parent profile or vice-versa. + DISALLOW_CROSS_PROFILE_COPY_PASTE + + false + + + + + Users are restricted from accessing debug logs. + DISALLOW_DEBUGGING_FEATURES + + false + + + + + Users are restricted from installing applications. + DISALLOW_INSTALL_APPS + + false + + + + + Users are restricted from installing applications from unknown origin. + DISALLOW_INSTALL_UNKNOWN_SOURCES + + false + + + + + Users are restricted from modifying user accounts. + DISALLOW_MODIFY_ACCOUNTS + + false + + + + + Users are restricted from using NFC bump. + DISALLOW_OUTGOING_BEAM + + false + + + + + Users are restricted from sharing their geo-location. + DISALLOW_SHARE_LOCATION + + false + + + + + Users are restricted from uninstalling applications. + DISALLOW_UNINSTALL_APPS + + false + + + + + Allows apps in the parent profile to access or handle web links from the managed profile. + ALLOW_PARENT_PROFILE_APP_LINKING + + false + + + + + + + + Users are restricted from setting wallpapers. + DISALLOW_SET_WALLPAPER + + false + + + + + Users are restricted from changing their icon. + DISALLOW_SET_USER_ICON + + false + + + + + Users are restricted from removing the managed profile. + DISALLOW_REMOVE_MANAGEMENT_PROFILE + + false + + + + + Users are restricted from using autofill services. + DISALLOW_AUTOFILL + + false + + + + + Bluetooth is disallowed on the device. + DISALLOW_BLUETOOTH + + false + + + + + Users are restricted from Bluetooth sharing on the device. + DISALLOW_BLUETOOTH_SHARING + + false + + + + + Users are restricted from removing user itself. + DISALLOW_CONFIG_CREDENTIALS + + false + + + + + + + + Users are restricted from sending SMS messages. + DISALLOW_SMS + + false + + + + + Ensure app verification. + ENSURE_VERIFY_APPS + + false + + + + + Enables the auto time feature that is in the device's Settings > Data and Time. + AUTO_TIME + + false + + + + + Screen capturing would be disable. + SET_SCREEN_CAPTURE_DISABLED + + false + + + + + Users are restricted from adjusting device volume. + DISALLOW_ADJUST_VOLUME + + false + + + + + Users are restricted from configuring cell broadcast. + DISALLOW_CONFIG_CELL_BROADCASTS + + false + + + + + Users are restricted from configuring bluetooth. + DISALLOW_CONFIG_BLUETOOTH + + false + + + + + Users are restricted from configuring mobile network. + DISALLOW_CONFIG_MOBILE_NETWORKS + + false + + + + + Users are restricted from configuring tethering. + DISALLOW_CONFIG_TETHERING + + false + + + + + Users are restricted from configuring Wifi. + DISALLOW_CONFIG_WIFI + + false + + + + + Users are restricted to enter safe boot mode. + DISALLOW_SAFE_BOOT + + false + + + + + Users are restricted from taking calls. + DISALLOW_OUTGOING_CALLS + + false + + + + + Users are restricted from mounting the device as physical media. + DISALLOW_MOUNT_PHYSICAL_MEDIA + + false + + + + + Restricts device owners from opening new windows beside the app windows. + DISALLOW_CREATE_WINDOWS + + false + + + + + Users are restricted from performing factory reset. + DISALLOW_FACTORY_RESET + + false + + + + + Users are restricted from removing user. + DISALLOW_REMOVE_USER + + false + + + + + Users are restricted from creating new users. + DISALLOW_ADD_USER + + false + + + + + Users are restricted from resetting network. + DISALLOW_NETWORK_RESET + + false + + + + + Users are restricted from transferring files via USB. + DISALLOW_USB_FILE_TRANSFER + + false + + + + + Users are restricted from unmuting the microphone. + DISALLOW_UNMUTE_MICROPHONE + + false + + + + + + + + Checking this will disable the status bar. + SET_STATUS_BAR_DISABLED + + false + + + + + Users are restricted from using cellular data when roaming. + DISALLOW_DATA_ROAMING + + false + + + + + Device backup service will be enabled. + DISALLOW_CONFIG_CREDENTIALS + + false + + + + + + + + Encryption Settings + + + Encryption Settings + This configuration can be used to encrypt data on an Android device, when the device is locked and make it readable when the passcode is entered. Once this configuration profile is installed on a device, corresponding users will not be able to modify these settings on their devices. + + + + + + + Having this checked would enable Storage-encryption in the device. + ENCRYPT_STORAGE + + true + + + + + + + + Wi-Fi Settings + + + Wi-Fi Settings + This configurations can be used to configure Wi-Fi access on an Android device. Once this configuration profile is installed on a device, corresponding users will not be able to modify these settings on their devices. + + + + + + + Identification of the wireless network to be configured. + ssid + + Should be 1-to-30 characters long + + ^.{1,30}$ + Should be 1-to-30 characters long + false + + + + + + Minimum number of complex or non-alphanumeric characters allowed in a passcode + type + + + + + + + + + + + none + + + + + + wep + + + + Password for the wireless network. + password + + + + + + false + + + + + + + wpa + + + + Password for the wireless network. + password + + + + + + false + + + + + + + 802eap + + + + EAP Method of the wireless network to be configured. + eap + + peap + + + + + + + + + + + peap + + + + Phase 2 authentication of the wireless network to be configured. + phase2 + + + + + + + + + + + + + Identify of the wireless network to be configured. + identity + + Should be 1 to 30 characters long + + + + false + + + + + + Identity of the wireless network to be configured. + anonymousIdentity + + Should be 1 to 30 characters long + + + + false + + + + + + CA Certificate for the wireless network. + cacert + + + + + + false + + + + + + Password for the wireless network. + XXXXXXXXXXXXwirelessnetworkpw + + + + + + false + + + + + + + ttls + + + + Phase 2 authentication of the wireless network to be configured. + phase2 + + + + + + + + + + + + + Identify of the wireless network to be configured. + identity + + Should be 1 to 30 characters long + + + + false + + + + + + Identity of the wireless network to be configured. + anonymousIdentity + + Should be 1 to 30 characters long + + + + false + + + + + + CA Certificate for the wireless network. + cacert + + + + + + false + + + + + + Password for the wireless network. + XXXXXXXXXXXXwirelessnetworkpw + + + + + + false + + + + + + + tls + + + + Identify of the wireless network to be configured. + identity + + Should be 1 to 30 characters long + + + + false + + + + + + CA Certificate for the wireless network. + cacert + + + + + + false + + + + + + + pwd + + + + Identify of the wireless network to be configured. + identity + + Should be 1 to 30 characters long + + + + false + + + + + + Password for the wireless network. + XXXXXXXXXXXXwirelessnetworkpw + + + + + + false + + + + + + + sim + + + + + + aka + + + + + + + + + + + + + + + + + + Global Proxy Settings + + + Global Proxy Settings + This configurations can be used to set a network-independent global HTTP proxy on an Android device. Once this configuration profile is installed on a device, all the network traffic will be routed through the proxy server. + + + + + + + + + + + + + Select the configuration type. + proxyConfigType + + MANUAL + + + Manual + MANUAL + + + Auto + AUTO + + + + + MANUAL + + + + Host name/IP address of the proxy server. + XXXXXXXXXXXXproxyHost + + 192.168.8.1 + + ^(0|[0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]{1,3})\.(0|[0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]{1,3})\.(0|[0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]{1,3})\.(0|[0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]{1,3})$ + Please enter valid IP address + false + + + + + + Target port for the proxy server. + XXXXXXXXXXXXproxyPort + + Target port 0 - 65535 + + ^(?:0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-5][0-9][0-9][0-9][0-9]|6[0-4][0-9][0-9][0-9]|65[0-4][0-9][0-9]|655[0-2][0-9]|6553[0-5])$ + Please enter valid port + false + + + + + + Add host names to this separated by commas to prevent them from routing through the proxy server. The hostname entries can be wildcards such as *.example.com + XXXXXXXXXXXXproxyExclList + + Example : localhost, *.example.com + + + + false + + + + + + + AUTO + + + + URL for the proxy auto config PAC script. + XXXXXXXXXXXXproxyPacUrl + + http://exampleproxy.com/proxy.pac + + + + false + + + + + + + + + + + + + + Virtual Private Network + + + VPN Settings + Configure the OpenVPN settings on Android devices. In order to enable this, device needs to have "OpenVPN for Android" application installed. + + + + OpenVPN configurations ovpn file. + XXXXXXXXXXvccvXX + + + + + + Always On VPN Settings + Configure an always-on VPN connection through a specific VPN client application. + + + + + + + Package name of the VPN client application to be configured. + XXXXXXXXXXpackageName + + Should be a valid package name + + + + false + + + + + + + + + Certificates Install + + + Certificate Install Settings + Configure the certificate install settings on Android devices. + + + + Add a certificate. + CERT_LIST + + + certificateInstallList + + + Certificate name + + Cert name + text + + + + Certificate File + + + + + + + + + + + Work-Profile Configurations + + + Work-Profile Configurations + Configure these settings to manage the applications in the work profile. + + + + name of the Work-Profile created by IOT Server Agent. + XXXXXXXXczxProfilenam + + + + + + false + + + + + + The set of system apps needed to be added to the work-profile. + XXXXXXXXXXXXEnableSystemApps + + Should be exact package names separated by commas. Ex: com.google.android.apps.maps, com.google.android.calculator + 4 + + + + + The set of system apps needed to be hide in the work-profile. + XXXXXXXXXXXXHideSystemApps + + Should be exact package names separated by commas. Ex: com.google.android.apps.maps, com.google.android.calculator + 4 + + + + + The set of system apps needed to be unhide in the work-profile. + XXXXXXXXXXXXUNHideSystemApps + + Should be exact package names separated by commas. Ex: com.google.android.apps.maps, com.google.android.calculator + 4 + + + + + The set of apps needed to be installed from Google PlayStore to work-profile. + XXXXXXXXXXXXEnableGooglePlayStore + + Should be exact package names separated by commas. Ex: com.google.android.apps.maps, com.google.android.calculator + 4 + + + + + + + + COSU Profile Configurations + + + COSU Profile Configurations + This policy can be used to configure the profile of COSU Devices. + + + + xxxxxxxxxxxRestrictDeviceOperationTime + + false + + + + + + Start time for the device + STARTTIME + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Lock-down time for the device + ENDTIME + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + xxxxxxxxxxxDeviceGlobalConfiguration + + false + + + + + + + + + This is the image that will be displayed in kiosk background. + XXXXXXXXXXXXLauncherbackgroundimage + + Should be a valid URL of jpg or jpeg or png + + + false + + + + + + + Company logo to display + XXXLauncherbackgroundimage + + Should be a valid URL ending with .jpg, .png, .jpeg + + + false + + + + + + + Company name + XXXXXXXXCompanyName + + + + + false + + + + + + + Is single application mode + XXXXXSingleAppMode + + false + + + + + + + + + Is single mode app built for Kisosk. Enable if lock task method is called in the application + XXXXXXXBuildKoisk + + true + + + + + + + + + + Is idle media enabled + XXXXXXXXXXIsidlemediaenabled + + false + + + + + + Media to display while the device is idle + XXXXXXxxxxxxMediadisplaywhileidle + + Should be a valid URL ending with .jpg, .png, .jpeg, .mp4, .3gp, .wmv, .mkv + + + false + + + + + + + Idle graphic begin after the defined seconds + XXXXXXxxxxxxIdlegraphicbeginafter + + Idle timeout in seconds + + + false + + + + + + + + + + + + Is multi-user device. + XXXXXXXXXXIsimultiUserdevice + + false + + + + + + Permits repeating, ascending and descending character sequences + isLoginRequired + + true + + + + + + + + Primary User is the user to which the device is enrolled + primaryUserApps + + Applications + + + false + + + + + + + Add User Applications. + XXXXXXXXXXXXXXXXENCRYcbchdPT_STORAGE + + + cosu-user-app-config + + + User + + Username + text + + + + Applications + + + text + + + + + + + + + + + + + Device display orientation + XXXXXXXXXXXDevicedisplayorientation + + + + + + + + + + + Browser Properties + XXXXXXXXXXXXXXEnableBrowserProperties + + false + + + + + + Primary URL + XXXXXXXXXXXXprimaryURL + + Should be a valid URL + + + false + + + + + + + Enables address bar of the browser + isAddressBarEnabled + + false + + + + + Allow to go back in a page + showBackController + + false + + + + + Is it allowed to go forward in a web page + isForwardControllerEnabled + + false + + + + + Is home button enabled + isHomeButtonEnabled + + false + + + + + Is page reload enabled + isReloadEnabled + + false + + + + + Only allowed to visit the primary url + lockToPrimaryURL + + true + + + + + Is javascript enabled + isJavascriptEnabled + + true + + + + + Is copying to visit the primary url + isTextCopyEnabled + + false + + + + + Is downloading files enabled + isDownloadsEnabled + + false + + + + + Is Kiosk limited to one webapp + isLockedToBrowser + + false + + + + + Is form auto-fill enabled. + isFormAutoFillEnabled + + false + + + + + Enables or disable content URL access within WebView. Content URL access allows WebView to load content from a content provider installed in the system. + isContentAccessEnabled + + false + + + + + Sets whether javascript running in the context of a file schema URL should be allowed to access content from other file scheme URLs. + isFileAccessAllowed + + false + + + + + Sets whether JavaScript running in the context of a file scheme URL should be allowed to access content from any origin + isAllowedUniversalAccessFromFileURLs + + false + + + + + Is application cache enabled + isAppCacheEnabled + + false + + + + + Sets the path to the Application Cache files. In order for the Application Caches API to be enabled, this method must be called with a path to which the application can write + appCachePath + + Should be a valid path + + + + false + + + + + + Overrides the way the cache is used. The way the cache is used is based on the navigation + type. For a normal page load, the cache is checked and content is re-validated as needed. + When navigating back, content is not revalidated, instead the content is just retrieved from the cache. + This method allows the client to override this behavior by specifying one of LOAD_DEFAULT, + LOAD_CACHE_ELSE_NETWORK, LOAD_NO_CACHE or LOAD_CACHE_ONLY + cacheMode + + + + + + + + + + + + Sets whether the browser should load image resources (through network and cached). + Note that this method controls loading of all images, including those embedded using the data URI + scheme. + isLoadsImagesAutomatically + + true + + + + + Sets whether the browser should not load image resources from the network (resources accessed via http and https URI schemes) + isBlockNetworkImage + + false + + + + + Sets whether the browser should not load any resources from the network. + isBlockNetworkLoads + + false + + + + + Sets whether the browser should support zooming using its on-screen zoom controls and gestures + isSupportZoomEnabled + + false + + + + + Sets whether the browser should display on-screen zoom controls. Gesture based controllers are still available + isDisplayZoomControls + + false + + + + + Sets the text zoom of the page in percent + textZoom + + Should be a positive number + + + + false + + + + + + Sets the default font size + defaultFontSize + + Should be a positive number between 1 and 72 + + + + false + + + + + + Sets the default text encoding name to use when decoding html pages + defaultTextEncodingName + + Should a valid text encoding + + + + false + + + + + + Sets whether the database storage API is enabled. + isDatabaseEnabled + + false + + + + + Sets whether the DOM storage API is enabled. + isDomStorageEnabled + + false + + + + + Sets whether Geo-location API is enabled. + geolocationEnabled + + false + + + + + JavaScript can open window automatically or not. This applies to the JavaScript function window.open() + isJavaScriptCanOpenWindowsAutomatically + + false + + + + + Sets whether the browser requires a user gesture to play media. If false, the browser can play media without user consent + isMediaPlaybackRequiresUserGesture + + true + + + + + Sets whether safe browsing in enabled. Safe browsing allows browser to protect against malware and phishing attacks by verifying the links. + isSafeBrowsingEnabled + + true + + + + + Sets whether the browser should enable support for the viewport HTML meta tag or should + use a wide viewport. When the value of the setting is false, the layout width is always set to the + width of the browser control in device-independent (CSS) pixels. When the value is true and the + page contains the viewport meta tag, the value of the width specified in th tag is used. If the page + does not contain the tag or does not provide a width, then a wide viewport will be used + isUseWideViewPort + + true + + + + + Sets the WebView's user-agent string + XXXXXXXuserAgentString + + Should be a valid user agent string + + false + + + + + + + + Configures the browser's behavior when a secure origin attempts to load a resource from an insecure origin + mixedContentMode + + + + + + + + + + + + + + + + + + + + + + + + Application Restrictions + + + Application Restriction Settings + This configuration can be used to encrypt data on an Android device, when the device is locked and make it readable when the passcode is entered. Once this configuration profile is installed on a device, corresponding users will not be able to modify these settings on their devices. + + + + Select a type to proceed + restrictionType + + + + + + + + + + + Add an application to restrict. + RestrictedApplicationList + + + RestrictedApplicationList + + + Application name/Description + + Gmail + email + + + + Package name + + com.google.android.gm + text + + + + + + + + + + + Runtime Permission Policy + + + Runtime Permission Policy (COSU / Work Profile) + This configuration can be used to set a runtime permission policy to an Android Device. + + + + defaultPermissionType + When an app requests a runtime permission this enforces whether the user needs to prompted or the permission either automatically granted or denied + + + + + + + + + + + + Add an application and set permission policy for a specific permission it need. + restricted-applications + + + restrictedRuntimePermissionsList + + + Application + + Android Pay + text + + + + Package name + + com.google.android.pay + text + + + + Permission name + + android.permission.NFC + text + + + + Permission Type + + 1 + + + + + + + + + + + + + + + + System Update Policy (COSU) + + + System Update Policy (COSU) + This configuration can be used to set a passcode policy to an Android Device. Once this configuration profile is installed on a device, corresponding users will not be able to modify these settings on their devices. + + + + Type of the System Update to be set by the Device Owner. + xxxxxxxxxENCRYPT_STORAGE + + automatic + + + Automatic + automatic + + + Postpone + postpone + + + Window + window + + + + + automatic + + + + + + postpone + + + + + + window + + + + + + + Window start time for system update + cosuSystemUpdatePolicyWindowStartTime + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Window end time for system update + cosuSystemUpdatePolicyWindowEndTime + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Enrollment Application Install + + + Enrollment Application Install + This configuration can be used to install applications during Android device enrollment. + + + + + + + + + + + + + The Auto-update policy for apps installed on the device + autoUpdatePolicy + + + + + + + + + + + + The availability granted to the user for the specified app + productSetBehavior + + + + + + + + + + + + + + Display Message Configuration + + + Display Message Configuration + Configure these settings to manage the applications in the show message. + + + + The message that needs to show on the lock-screen + lockScreenMessage + + Below lock screen message is valid only when the Agent is the device owner. + + 4 + + + + + The message that needs to show on the device administrators apps. + settingAppSupportMessage + + + 4 + + + + + The message that needs to show on the screens where functionality has been disabled by the admin. Max length is 200 + disabledSettingSupportMessage + + + 4 + + + + + + +