Starting with Android 14, multiple device policy
management agents can set policies using
DevicePolicyManager
APIs.
General principles
In cases where more than one device policy management agent enforces policies over a user:
- Device policy management agents can query the enforced/resolved policy for any policy they are able to set.
- Every policy set results in a callback (
onPolicySetResult) indicating either that the policy was set correctly or failed to set for a given reason (such as a policy conflict or hardware failure). - If the resolved state of a policy changes later, a callback
(
onPolicyChanged) is received indicating if the policy matches what that agent set. - Most policies operate on a strictest-win basis. This means that the strictest policy chosen by any device policy management agent gets enforced.
Android 14 (API level 34) and higher
In Android 14 (API level 34) and higher,
Android-compatible devices must implement the policy resolution mechanism as
defined in the table below to resolve conflicts when a policy is set by more
than one device policy management agent. The resolution mechanisms referenced in
the table below (MostRecent, MostRestrictive, StringSetUnion, and
TopPriority) are class names of the resolution mechanisms defined in the
Android Open Source Project.
DevicePolicyManager API |
Resolution Mechanism |
|---|---|
MostRecent: The most-recent policy is enforced when set
by multiple admins. |
|
|
MostRestrictive: Sets the user restriction if any admin
has set it. |
StringSetUnion: Resolves as
the union of policies set by one or more admins (for policies
represented as a Set of Strings). |
|
TopPriority: Resolves with the following most-to-least
priority order defined by the role held by the device policy
management agent:
|