Struct Policy

pub struct Policy {

    pub account_types_with_management_disabled: Option<Vec<String>>,
    pub add_user_disabled: Option<bool>,
    pub adjust_volume_disabled: Option<bool>,
    pub advanced_security_overrides: Option<AdvancedSecurityOverrides>,
    pub always_on_vpn_package: Option<AlwaysOnVpnPackage>,
    pub android_device_policy_tracks: Option<Vec<String>>,
    pub app_auto_update_policy: Option<String>,
    pub applications: Option<Vec<ApplicationPolicy>>,
    pub auto_date_and_time_zone: Option<String>,
    pub auto_time_required: Option<bool>,
    pub block_applications_enabled: Option<bool>,
    pub bluetooth_config_disabled: Option<bool>,
    pub bluetooth_contact_sharing_disabled: Option<bool>,
    pub bluetooth_disabled: Option<bool>,
    pub camera_access: Option<String>,
    pub camera_disabled: Option<bool>,
    pub cell_broadcasts_config_disabled: Option<bool>,
    pub choose_private_key_rules: Option<Vec<ChoosePrivateKeyRule>>,
    pub compliance_rules: Option<Vec<ComplianceRule>>,
    pub create_windows_disabled: Option<bool>,
    pub credential_provider_policy_default: Option<String>,
    pub credentials_config_disabled: Option<bool>,
    pub cross_profile_policies: Option<CrossProfilePolicies>,
    pub data_roaming_disabled: Option<bool>,
    pub debugging_features_allowed: Option<bool>,
    pub default_permission_policy: Option<String>,
    pub device_connectivity_management: Option<DeviceConnectivityManagement>,
    pub device_owner_lock_screen_info: Option<UserFacingMessage>,
    pub device_radio_state: Option<DeviceRadioState>,
    pub display_settings: Option<DisplaySettings>,
    pub encryption_policy: Option<String>,
    pub ensure_verify_apps_enabled: Option<bool>,
    pub factory_reset_disabled: Option<bool>,
    pub frp_admin_emails: Option<Vec<String>>,
    pub fun_disabled: Option<bool>,
    pub install_apps_disabled: Option<bool>,
    pub install_unknown_sources_allowed: Option<bool>,
    pub keyguard_disabled: Option<bool>,
    pub keyguard_disabled_features: Option<Vec<String>>,
    pub kiosk_custom_launcher_enabled: Option<bool>,
    pub kiosk_customization: Option<KioskCustomization>,
    pub location_mode: Option<String>,
    pub long_support_message: Option<UserFacingMessage>,
    pub maximum_time_to_lock: Option<i64>,
    pub microphone_access: Option<String>,
    pub minimum_api_level: Option<i32>,
    pub mobile_networks_config_disabled: Option<bool>,
    pub modify_accounts_disabled: Option<bool>,
    pub mount_physical_media_disabled: Option<bool>,
    pub name: Option<String>,
    pub network_escape_hatch_enabled: Option<bool>,
    pub network_reset_disabled: Option<bool>,
    pub onc_certificate_providers: Option<Vec<OncCertificateProvider>>,
    pub open_network_configuration: Option<HashMap<String, Value>>,
    pub outgoing_beam_disabled: Option<bool>,
    pub outgoing_calls_disabled: Option<bool>,
    pub password_policies: Option<Vec<PasswordRequirements>>,
    pub password_requirements: Option<PasswordRequirements>,
    pub permission_grants: Option<Vec<PermissionGrant>>,
    pub permitted_accessibility_services: Option<PackageNameList>,
    pub permitted_input_methods: Option<PackageNameList>,
    pub persistent_preferred_activities: Option<Vec<PersistentPreferredActivity>>,
    pub personal_usage_policies: Option<PersonalUsagePolicies>,
    pub play_store_mode: Option<String>,
    pub policy_enforcement_rules: Option<Vec<PolicyEnforcementRule>>,
    pub preferential_network_service: Option<String>,
    pub printing_policy: Option<String>,
    pub private_key_selection_enabled: Option<bool>,
    pub recommended_global_proxy: Option<ProxyInfo>,
    pub remove_user_disabled: Option<bool>,
    pub safe_boot_disabled: Option<bool>,
    pub screen_capture_disabled: Option<bool>,
    pub set_user_icon_disabled: Option<bool>,
    pub set_wallpaper_disabled: Option<bool>,
    pub setup_actions: Option<Vec<SetupAction>>,
    pub share_location_disabled: Option<bool>,
    pub short_support_message: Option<UserFacingMessage>,
    pub skip_first_use_hints_enabled: Option<bool>,
    pub sms_disabled: Option<bool>,
    pub status_bar_disabled: Option<bool>,
    pub status_reporting_settings: Option<StatusReportingSettings>,
    pub stay_on_plugged_modes: Option<Vec<String>>,
    pub system_update: Option<SystemUpdate>,
    pub tethering_config_disabled: Option<bool>,
    pub uninstall_apps_disabled: Option<bool>,
    pub unmute_microphone_disabled: Option<bool>,
    pub usage_log: Option<UsageLog>,
    pub usb_file_transfer_disabled: Option<bool>,
    pub usb_mass_storage_enabled: Option<bool>,
    pub version: Option<i64>,
    pub vpn_config_disabled: Option<bool>,
    pub wifi_config_disabled: Option<bool>,
    pub wifi_configs_lockdown_enabled: Option<bool>,
}

A policy resource represents a group of settings that govern the behavior of a managed device and the apps installed on it.

Activities

This type is used in activities, which are methods you may call on this type or where this type is involved in. The list links the activity name, along with information about where it is used (one of request and response).

• policies get enterprises (response)
• policies patch enterprises (request|response)

Fields

account_types_with_management_disabled: Option<Vec<String>>

Account types that can’t be managed by the user.

add_user_disabled: Option<bool>

Whether adding new users and profiles is disabled.

adjust_volume_disabled: Option<bool>

Whether adjusting the master volume is disabled. Also mutes the device.

advanced_security_overrides: Option<AdvancedSecurityOverrides>

Advanced security settings. In most cases, setting these is not needed.

always_on_vpn_package: Option<AlwaysOnVpnPackage>

Configuration for an always-on VPN connection. Use with vpn_config_disabled to prevent modification of this setting.

android_device_policy_tracks: Option<Vec<String>>

This setting is not supported. Any value is ignored.

app_auto_update_policy: Option<String>

Recommended alternative: autoUpdateMode which is set per app, provides greater flexibility around update frequency.When autoUpdateMode is set to AUTO_UPDATE_POSTPONED or AUTO_UPDATE_HIGH_PRIORITY, this field has no effect.The app auto update policy, which controls when automatic app updates can be applied.

applications: Option<Vec<ApplicationPolicy>>

Policy applied to apps. This can have at most 3,000 elements.

auto_date_and_time_zone: Option<String>

Whether auto date, time, and time zone are enabled on a company-owned device. If this is set, then autoTimeRequired is ignored.

auto_time_required: Option<bool>

Whether auto time is required, which prevents the user from manually setting the date and time. If autoDateAndTimeZone is set, this field is ignored.

block_applications_enabled: Option<bool>

Whether applications other than the ones configured in applications are blocked from being installed. When set, applications that were installed under a previous policy but no longer appear in the policy are automatically uninstalled.

bluetooth_config_disabled: Option<bool>

Whether configuring bluetooth is disabled.

bluetooth_contact_sharing_disabled: Option<bool>

Whether bluetooth contact sharing is disabled.

bluetooth_disabled: Option<bool>

Whether bluetooth is disabled. Prefer this setting over bluetooth_config_disabled because bluetooth_config_disabled can be bypassed by the user.

camera_access: Option<String>

Controls the use of the camera and whether the user has access to the camera access toggle.

camera_disabled: Option<bool>

If camera_access is set to any value other than CAMERA_ACCESS_UNSPECIFIED, this has no effect. Otherwise this field controls whether cameras are disabled: If true, all cameras are disabled, otherwise they are available. For fully managed devices this field applies for all apps on the device. For work profiles, this field applies only to apps in the work profile, and the camera access of apps outside the work profile is unaffected.

cell_broadcasts_config_disabled: Option<bool>

Whether configuring cell broadcast is disabled.

choose_private_key_rules: Option<Vec<ChoosePrivateKeyRule>>

Rules for determining apps’ access to private keys. See ChoosePrivateKeyRule for details. This must be empty if any application has CERT_SELECTION delegation scope.

compliance_rules: Option<Vec<ComplianceRule>>

Rules declaring which mitigating actions to take when a device is not compliant with its policy. When the conditions for multiple rules are satisfied, all of the mitigating actions for the rules are taken. There is a maximum limit of 100 rules. Use policy enforcement rules instead.

create_windows_disabled: Option<bool>

Whether creating windows besides app windows is disabled.

credential_provider_policy_default: Option<String>

Controls which apps are allowed to act as credential providers on Android 14 and above. These apps store credentials, see this (https://developer.android.com/training/sign-in/passkeys) and this (https://developer.android.com/reference/androidx/credentials/CredentialManager) for details. See also credentialProviderPolicy.

credentials_config_disabled: Option<bool>

Whether configuring user credentials is disabled.

cross_profile_policies: Option<CrossProfilePolicies>

Cross-profile policies applied on the device.

data_roaming_disabled: Option<bool>

Whether roaming data services are disabled.

debugging_features_allowed: Option<bool>

Whether the user is allowed to enable debugging features.

default_permission_policy: Option<String>

The default permission policy for runtime permission requests.

device_connectivity_management: Option<DeviceConnectivityManagement>

Covers controls for device connectivity such as Wi-Fi, USB data access, keyboard/mouse connections, and more.

device_owner_lock_screen_info: Option<UserFacingMessage>

The device owner information to be shown on the lock screen.

device_radio_state: Option<DeviceRadioState>

Covers controls for radio state such as Wi-Fi, bluetooth, and more.

display_settings: Option<DisplaySettings>

Optional. Controls for the display settings.

encryption_policy: Option<String>

Whether encryption is enabled

ensure_verify_apps_enabled: Option<bool>

Whether app verification is force-enabled.

factory_reset_disabled: Option<bool>

Whether factory resetting from settings is disabled.

frp_admin_emails: Option<Vec<String>>

Email addresses of device administrators for factory reset protection. When the device is factory reset, it will require one of these admins to log in with the Google account email and password to unlock the device. If no admins are specified, the device won’t provide factory reset protection.

fun_disabled: Option<bool>

Whether the user is allowed to have fun. Controls whether the Easter egg game in Settings is disabled.

install_apps_disabled: Option<bool>

Whether user installation of apps is disabled.

install_unknown_sources_allowed: Option<bool>

This field has no effect.

keyguard_disabled: Option<bool>

If true, this disables the Lock Screen (https://source.android.com/docs/core/display/multi_display/lock-screen) for primary and/or secondary displays.

keyguard_disabled_features: Option<Vec<String>>

Disabled keyguard customizations, such as widgets.

kiosk_custom_launcher_enabled: Option<bool>

Whether the kiosk custom launcher is enabled. This replaces the home screen with a launcher that locks down the device to the apps installed via the applications setting. Apps appear on a single page in alphabetical order. Use kioskCustomization to further configure the kiosk device behavior.

kiosk_customization: Option<KioskCustomization>

Settings controlling the behavior of a device in kiosk mode. To enable kiosk mode, set kioskCustomLauncherEnabled to true or specify an app in the policy with installType KIOSK.

location_mode: Option<String>

The degree of location detection enabled.

long_support_message: Option<UserFacingMessage>

A message displayed to the user in the device administators settings screen.

maximum_time_to_lock: Option<i64>

Maximum time in milliseconds for user activity until the device locks. A value of 0 means there is no restriction.

microphone_access: Option<String>

Controls the use of the microphone and whether the user has access to the microphone access toggle. This applies only on fully managed devices.

minimum_api_level: Option<i32>

The minimum allowed Android API level.

mobile_networks_config_disabled: Option<bool>

Whether configuring mobile networks is disabled.

modify_accounts_disabled: Option<bool>

Whether adding or removing accounts is disabled.

mount_physical_media_disabled: Option<bool>

Whether the user mounting physical external media is disabled.

name: Option<String>

The name of the policy in the form enterprises/{enterpriseId}/policies/{policyId}.

network_escape_hatch_enabled: Option<bool>

Whether the network escape hatch is enabled. If a network connection can’t be made at boot time, the escape hatch prompts the user to temporarily connect to a network in order to refresh the device policy. After applying policy, the temporary network will be forgotten and the device will continue booting. This prevents being unable to connect to a network if there is no suitable network in the last policy and the device boots into an app in lock task mode, or the user is otherwise unable to reach device settings.Note: Setting wifiConfigDisabled to true will override this setting under specific circumstances. Please see wifiConfigDisabled for further details. Setting configureWifi to DISALLOW_CONFIGURING_WIFI will override this setting under specific circumstances. Please see DISALLOW_CONFIGURING_WIFI for further details.

network_reset_disabled: Option<bool>

Whether resetting network settings is disabled.

onc_certificate_providers: Option<Vec<OncCertificateProvider>>

This feature is not generally available.

open_network_configuration: Option<HashMap<String, Value>>

Network configuration for the device. See configure networks for more information.

outgoing_beam_disabled: Option<bool>

Whether using NFC to beam data from apps is disabled.

outgoing_calls_disabled: Option<bool>

Whether outgoing calls are disabled.

password_policies: Option<Vec<PasswordRequirements>>

Password requirement policies. Different policies can be set for work profile or fully managed devices by setting the password_scope field in the policy.

password_requirements: Option<PasswordRequirements>

Password requirements. The field password_requirements.require_password_unlock must not be set. DEPRECATED - Use passwordPolicies.Note:Complexity-based values of PasswordQuality, that is, COMPLEXITY_LOW, COMPLEXITY_MEDIUM, and COMPLEXITY_HIGH, cannot be used here. unified_lock_settings cannot be used here.

permission_grants: Option<Vec<PermissionGrant>>

Explicit permission or group grants or denials for all apps. These values override the default_permission_policy.

permitted_accessibility_services: Option<PackageNameList>

Specifies permitted accessibility services. If the field is not set, any accessibility service can be used. If the field is set, only the accessibility services in this list and the system’s built-in accessibility service can be used. In particular, if the field is set to empty, only the system’s built-in accessibility servicess can be used. This can be set on fully managed devices and on work profiles. When applied to a work profile, this affects both the personal profile and the work profile.

permitted_input_methods: Option<PackageNameList>

If present, only the input methods provided by packages in this list are permitted. If this field is present, but the list is empty, then only system input methods are permitted.

persistent_preferred_activities: Option<Vec<PersistentPreferredActivity>>

Default intent handler activities.

personal_usage_policies: Option<PersonalUsagePolicies>

Policies managing personal usage on a company-owned device.

play_store_mode: Option<String>

This mode controls which apps are available to the user in the Play Store and the behavior on the device when apps are removed from the policy.

policy_enforcement_rules: Option<Vec<PolicyEnforcementRule>>

Rules that define the behavior when a particular policy can not be applied on device

preferential_network_service: Option<String>

Controls whether preferential network service is enabled on the work profile. For example, an organization may have an agreement with a carrier that all of the work data from its employees’ devices will be sent via a network service dedicated for enterprise use. An example of a supported preferential network service is the enterprise slice on 5G networks. This has no effect on fully managed devices.

printing_policy: Option<String>

Optional. Controls whether printing is allowed. This is supported on devices running Android 9 and above. .

private_key_selection_enabled: Option<bool>

Allows showing UI on a device for a user to choose a private key alias if there are no matching rules in ChoosePrivateKeyRules. For devices below Android P, setting this may leave enterprise keys vulnerable. This value will have no effect if any application has CERT_SELECTION delegation scope.

recommended_global_proxy: Option<ProxyInfo>

The network-independent global HTTP proxy. Typically proxies should be configured per-network in open_network_configuration. However for unusual configurations like general internal filtering a global HTTP proxy may be useful. If the proxy is not accessible, network access may break. The global proxy is only a recommendation and some apps may ignore it.

remove_user_disabled: Option<bool>

Whether removing other users is disabled.

safe_boot_disabled: Option<bool>

Whether rebooting the device into safe boot is disabled.

screen_capture_disabled: Option<bool>

Whether screen capture is disabled.

set_user_icon_disabled: Option<bool>

Whether changing the user icon is disabled.

set_wallpaper_disabled: Option<bool>

Whether changing the wallpaper is disabled.

setup_actions: Option<Vec<SetupAction>>

Action to take during the setup process. At most one action may be specified.

share_location_disabled: Option<bool>

Whether location sharing is disabled. share_location_disabled is supported for both fully managed devices and personally owned work profiles.

short_support_message: Option<UserFacingMessage>

A message displayed to the user in the settings screen wherever functionality has been disabled by the admin. If the message is longer than 200 characters it may be truncated.

skip_first_use_hints_enabled: Option<bool>

Flag to skip hints on the first use. Enterprise admin can enable the system recommendation for apps to skip their user tutorial and other introductory hints on first start-up.

sms_disabled: Option<bool>

Whether sending and receiving SMS messages is disabled.

status_bar_disabled: Option<bool>

Whether the status bar is disabled. This disables notifications, quick settings, and other screen overlays that allow escape from full-screen mode. DEPRECATED. To disable the status bar on a kiosk device, use InstallType KIOSK or kioskCustomLauncherEnabled.

status_reporting_settings: Option<StatusReportingSettings>

Status reporting settings

stay_on_plugged_modes: Option<Vec<String>>

The battery plugged in modes for which the device stays on. When using this setting, it is recommended to clear maximum_time_to_lock so that the device doesn’t lock itself while it stays on.

system_update: Option<SystemUpdate>

The system update policy, which controls how OS updates are applied. If the update type is WINDOWED, the update window will automatically apply to Play app updates as well.Note: Google Play system updates (https://source.android.com/docs/core/ota/modular-system) (also called Mainline updates) are automatically downloaded and require a device reboot to be installed. Refer to the mainline section in Manage system updates (https://developer.android.com/work/dpc/system-updates#mainline) for further details.

tethering_config_disabled: Option<bool>

Whether configuring tethering and portable hotspots is disabled. If tetheringSettings is set to anything other than TETHERING_SETTINGS_UNSPECIFIED, this setting is ignored.

uninstall_apps_disabled: Option<bool>

Whether user uninstallation of applications is disabled. This prevents apps from being uninstalled, even those removed using applications

unmute_microphone_disabled: Option<bool>

If microphone_access is set to any value other than MICROPHONE_ACCESS_UNSPECIFIED, this has no effect. Otherwise this field controls whether microphones are disabled: If true, all microphones are disabled, otherwise they are available. This is available only on fully managed devices.

usage_log: Option<UsageLog>

Configuration of device activity logging.

usb_file_transfer_disabled: Option<bool>

Whether transferring files over USB is disabled. This is supported only on company-owned devices.

usb_mass_storage_enabled: Option<bool>

Whether USB storage is enabled. Deprecated.

version: Option<i64>

The version of the policy. This is a read-only field. The version is incremented each time the policy is updated.

vpn_config_disabled: Option<bool>

Whether configuring VPN is disabled.

wifi_config_disabled: Option<bool>

Whether configuring Wi-Fi networks is disabled. Supported on fully managed devices and work profiles on company-owned devices. For fully managed devices, setting this to true removes all configured networks and retains only the networks configured using openNetworkConfiguration. For work profiles on company-owned devices, existing configured networks are not affected and the user is not allowed to add, remove, or modify Wi-Fi networks. If configureWifi is set to anything other than CONFIGURE_WIFI_UNSPECIFIED, this setting is ignored. Note: If a network connection can’t be made at boot time and configuring Wi-Fi is disabled then network escape hatch will be shown in order to refresh the device policy (see networkEscapeHatchEnabled).

wifi_configs_lockdown_enabled: Option<bool>

DEPRECATED - Use wifi_config_disabled.

Trait Implementations

impl Clone for Policy

fn clone(&self) -> Policy

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Policy

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for Policy

fn default() -> Policy

Returns the “default value” for a type.

impl<'de> Deserialize<'de> for Policy

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl Serialize for Policy

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.

impl RequestValue for Policy

impl ResponseResult for Policy