Tweak javadoc of setResetPasswordToken

Bug: 34600579 Test: make -j32 docs Change-Id: Ib4593c20fb78f52d5e75cafdfea32d747cc340c9
author: Rubin Xu <rubinxu@google.com> 2017-04-05 18:37:07 +0100
committer: Rubin Xu <rubinxu@google.com> 2017-04-05 19:17:48 +0100
commit: f7b036db0b030b6d1f0cf25e557aa30a617f96a6 (patch)
tree: 4a70b56b65717bed7d31bf5ca5ea40d3eff7f903
parent: de95d544cde13a7c8d0624c92f445b43cb8cef24 (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index 2f0a630bcd04..4116dda7cb66 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -2768,9 +2768,11 @@ public class DevicePolicyManager {
      * or clears the lockscreen password.
      * <p>
      * <em>This token is highly sensitive and should be treated at the same level as user
-     * credentials. In particular, NEVER store this token on device in plaintext, especially in
-     * Device-Encrypted storage if the token will be used to reset password on FBE devices before
-     * user unlocks.
+     * credentials. In particular, NEVER store this token on device in plaintext. Do not store
+     * the plaintext token in device-encrypted storage if it will be needed to reset password on
+     * file-based encryption devices before user unlocks. Consider carefully how any password token
+     * will be stored on your server and who will need access to them. Tokens may be the subject of
+     * legal access requests.
      * </em>
      *
      * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
author	Rubin Xu <rubinxu@google.com>	2017-04-05 18:37:07 +0100
committer	Rubin Xu <rubinxu@google.com>	2017-04-05 19:17:48 +0100
commit	f7b036db0b030b6d1f0cf25e557aa30a617f96a6 (patch)
tree	4a70b56b65717bed7d31bf5ca5ea40d3eff7f903
parent	de95d544cde13a7c8d0624c92f445b43cb8cef24 (diff)