lundi 12 janvier 2015

Android Shell command DPM : Device Policy Manager

Device Policy Manager is available through the command line tool dpm and cand be use in an ADB shell. This tool allows you to set an application as Device Owner or Profile Owner without the need to provision it through NFC. Useful when developing !
The first thing to do is to install the application as a normal one, and then set this application as device/profile owner.
Usage :
usage: dpm [subcommand] [options]
usage: dpm set-device-owner <COMPONENT>
usage: dpm set-profile-owner <COMPONENT> <USER_ID>

dpm set-device-owner: Sets the given component as active admin, and its package as device owner.
dpm set-profile-owner: Sets the given component as active admin and profile owner for an existing user.
The parameter <COMPONENT> is composed of package-name/class-name of the DeviceAdminReceiver class you implemented in your Device/Profile Owner application. It splits the String at the first / taking the part before as the package name and the part after as the
class name. If the / is immediately followed by a . then the final class name will be the concatenation of the package name with the string following the /.
com.foo.mypackage/com.foo.mypackage.MyDeviceAdminReceiver will become package=com.foo.mypackage and class=com.foo.mypackage.MyDeviceAdminReceiver.
You could shorten the component to com.foo.mypackage/.MyDeviceAdminReceiver as well.
Example :
adb shell 
dpm set-device-owner com.foo.deviceowner/.DeviceAdminRcvr
The parameter <USER_ID>is the serial number of the user. 0 is a constant for the owner of the device. For any other user, you could programmatically get the current user id with the following code :
UserManager userManager = (UserManager)getSystemService(Context.USER_SERVICE);
UserHandle me = android.os.Process.myUserHandle();
long serialNumber = userManager.getSerialNumberForUser(me);
Notice that once the Device Owner application is set, it cannot be unset with the dpm command. You’ll need to programmatically use the DevicePolicyManager.clearDeviceOwnerApp() method or factory reset your device.
UPDATE:
“Device owner can only be set on an unprovisioned device, unless it was initiated by “adb”, in which case we allow it if no account is associated with the device” says the source code. So, make sure you don’t have any account (like Gmail) associated to your current user set before using the dpm command.
sources : Dpm.java

23 commentaires:

  1. Hi Florent,

    thank you for this article.
    I tried to set profile app.

    What does it mean, when i get an
    Error: Unknown admin: ComponentInfo{de.test/de.test.BasicDeviceAdminReceiver}
    when trying to set profile owner

    Would be nice, if you could help me,
    Marc

    RépondreSupprimer
    Réponses
    1. I've got the same error and do not know how to solve it.
      Can you help?

      Supprimer
    2. I followed this tutorial a long time ago on a 5.0 device, and it worked. But now I'm also getting this "unknown admin" error on a 5.1 device. The app that I'm trying to make the device owner is an active administrator.

      Supprimer
    3. I changed the name of the Receiver in the manifest from com.domain.AdminReceiver to .AdminReceiver and then installed app and then enter adb shell dpm set-device-owner com.domain/.AdminReceiver and error was solved.

      Supprimer
  2. Correcting the error is easy.

    You must install your application first, and then to enter a command to set the device admin.

    RépondreSupprimer
  3. Thanks for the post.. very valuable

    RépondreSupprimer
  4. I got the "Error: Unknown admin: ComponentInfo{... " and it took 3 days to resolve. Thanks to the "Boobom Apps" user.I finally did what u said and now its working perfect in my xamarin app.

    RépondreSupprimer
  5. Hi I am getting following error
    C:\Users\dell\AppData\Local\Android\sdk\platform-tools>adb shell dpm
    /system/bin/sh: dpm: not found

    It is working fine for lollipop but , for api 19 (Kitkat)i am getting this error " /system/bin/sh: dpm: not found" can you help

    RépondreSupprimer
  6. Dpm is only available since Lollipop

    RépondreSupprimer
  7. hi
    a have a error
    Error: Bad admin: ComponentInfo{com.pakban.mobile.pinningtest/com.pakban.mobile.pinningtest.AdminReceiver}
    thank you

    RépondreSupprimer
  8. i answered my problem in stackoverflow

    http://stackoverflow.com/questions/41065432/error-in-activing-set-device-owner-using-adb/41300990#41300990

    RépondreSupprimer
  9. secret android commands : http://www.app-mug.com/2017/01/important-android-commands.html

    RépondreSupprimer
  10. Pretty article! I found some useful information in your blog, it was awesome to read, thanks for sharing this great content to my vision, keep sharing..

    Mobile App Development Company in Chennai
    Android app Development Company in Chennai
    ios app development Company in Chennai

    RépondreSupprimer
  11. Hi @Florent DUPONT, Impressed with your blog.
    I have quick question for u.

    I have enrolled the device to Android for work profile.
    So internally it created new user id.
    adb shell pm list users command is giving 2 users.
    Users:
    UserInfo{0:QA:13} running
    UserInfo{10:Work profile:30} running

    When I tried to start the app by using adb shell command then it is giving exception.
    adb shell am start --user 10 'com.test/com.test.Main'
    java.lang.SecurityException: Shell does not have permission to access user 10

    My apps are running in debug mode only even though I can't launch the android for work badged apps by using adb shell command.

    Please help me!

    RépondreSupprimer
  12. Concerning the badged apps, I have no idea if it works the same as the "profile" that could be created from a Device Owner App. I'm pretty sure though, you won't be able to start another user's activity with the shell user. Only the root user could do this.

    RépondreSupprimer

  13. You have provided an nice article, Thank you very much for this one. And i hope this will be useful for many people.. and i am waiting for your next post keep on updating these kinds of knowledgeable things...

    Android App Development Company

    RépondreSupprimer
  14. I have this error:
    java.lang.IllegalStateException: Trying to set device owner but device is already provisioned.

    RépondreSupprimer
  15. Being new to the blogging world I feel like there is still so much to learn. Your tips helped to clarify a few things for me as well
    iOS App Development Company

    RépondreSupprimer
  16. This article is very much helpful and i hope this will be an useful information for the needed one. Keep on updating these kinds of

    informative things...
    Fitness SMS
    Fitness Text
    Salon SMS
    Salon Text
    Investor Relation SMS
    Investor Relation Text

    RépondreSupprimer
  17. great and nice blog thanks sharing..I just want to say that all the information you have given here is awesome...Thank you very much for this one.
    web design Company
    web development Company
    web design Company in chennai
    web development Company in chennai
    web design Company in India
    web development Company in India

    RépondreSupprimer
  18. Hello, @Florent Dupont, I tried the command which you had mentioned in this docs. But
    I got security exception "MDM_PROXY_ADMIN_INTERNAL" & due to this failed to make my app device owner.I uses Samsung noteJ5 device for this.I had factory reset my device, removed all google account from device but the same error was showing. I also gave device specific permission "" to resolve the issue but the same error was showing.

    RépondreSupprimer
  19. how can I execute "dpm set-device-owner..." command programmatically. I have already followed all instructions. But not succeed.

    RépondreSupprimer