lundi 12 janvier 2015

Android Shell command DPM : Device Policy Manager

Device Policy Manager is available through the command line tool dpm and cand be use in an ADB shell. This tool allows you to set an application as Device Owner or Profile Owner without the need to provision it through NFC. Useful when developing !
The first thing to do is to install the application as a normal one, and then set this application as device/profile owner.
Usage :
usage: dpm [subcommand] [options]
usage: dpm set-device-owner <COMPONENT>
usage: dpm set-profile-owner <COMPONENT> <USER_ID>

dpm set-device-owner: Sets the given component as active admin, and its package as device owner.
dpm set-profile-owner: Sets the given component as active admin and profile owner for an existing user.
The parameter <COMPONENT> is composed of package-name/class-name of the DeviceAdminReceiver class you implemented in your Device/Profile Owner application. It splits the String at the first / taking the part before as the package name and the part after as the
class name. If the / is immediately followed by a . then the final class name will be the concatenation of the package name with the string following the /.
com.foo.mypackage/com.foo.mypackage.MyDeviceAdminReceiver will become package=com.foo.mypackage and class=com.foo.mypackage.MyDeviceAdminReceiver.
You could shorten the component to com.foo.mypackage/.MyDeviceAdminReceiver as well.
Example :
adb shell 
dpm set-device-owner com.foo.deviceowner/.DeviceAdminRcvr
The parameter <USER_ID>is the serial number of the user. 0 is a constant for the owner of the device. For any other user, you could programmatically get the current user id with the following code :
UserManager userManager = (UserManager)getSystemService(Context.USER_SERVICE);
UserHandle me = android.os.Process.myUserHandle();
long serialNumber = userManager.getSerialNumberForUser(me);
Notice that once the Device Owner application is set, it cannot be unset with the dpm command. You’ll need to programmatically use the DevicePolicyManager.clearDeviceOwnerApp() method or factory reset your device.
UPDATE:
“Device owner can only be set on an unprovisioned device, unless it was initiated by “adb”, in which case we allow it if no account is associated with the device” says the source code. So, make sure you don’t have any account (like Gmail) associated to your current user set before using the dpm command.
sources : Dpm.java

26 commentaires:

  1. Hi Florent,

    thank you for this article.
    I tried to set profile app.

    What does it mean, when i get an
    Error: Unknown admin: ComponentInfo{de.test/de.test.BasicDeviceAdminReceiver}
    when trying to set profile owner

    Would be nice, if you could help me,
    Marc

    RépondreSupprimer
    Réponses
    1. I've got the same error and do not know how to solve it.
      Can you help?

      Supprimer
    2. I followed this tutorial a long time ago on a 5.0 device, and it worked. But now I'm also getting this "unknown admin" error on a 5.1 device. The app that I'm trying to make the device owner is an active administrator.

      Supprimer
    3. I changed the name of the Receiver in the manifest from com.domain.AdminReceiver to .AdminReceiver and then installed app and then enter adb shell dpm set-device-owner com.domain/.AdminReceiver and error was solved.

      Supprimer
  2. Correcting the error is easy.

    You must install your application first, and then to enter a command to set the device admin.

    RépondreSupprimer
  3. Thanks for the post.. very valuable

    RépondreSupprimer
  4. I got the "Error: Unknown admin: ComponentInfo{... " and it took 3 days to resolve. Thanks to the "Boobom Apps" user.I finally did what u said and now its working perfect in my xamarin app.

    RépondreSupprimer
  5. Hi I am getting following error
    C:\Users\dell\AppData\Local\Android\sdk\platform-tools>adb shell dpm
    /system/bin/sh: dpm: not found

    It is working fine for lollipop but , for api 19 (Kitkat)i am getting this error " /system/bin/sh: dpm: not found" can you help

    RépondreSupprimer
  6. Dpm is only available since Lollipop

    RépondreSupprimer
  7. hi
    a have a error
    Error: Bad admin: ComponentInfo{com.pakban.mobile.pinningtest/com.pakban.mobile.pinningtest.AdminReceiver}
    thank you

    RépondreSupprimer
  8. i answered my problem in stackoverflow

    http://stackoverflow.com/questions/41065432/error-in-activing-set-device-owner-using-adb/41300990#41300990

    RépondreSupprimer
  9. secret android commands : http://www.app-mug.com/2017/01/important-android-commands.html

    RépondreSupprimer
  10. Hi @Florent DUPONT, Impressed with your blog.
    I have quick question for u.

    I have enrolled the device to Android for work profile.
    So internally it created new user id.
    adb shell pm list users command is giving 2 users.
    Users:
    UserInfo{0:QA:13} running
    UserInfo{10:Work profile:30} running

    When I tried to start the app by using adb shell command then it is giving exception.
    adb shell am start --user 10 'com.test/com.test.Main'
    java.lang.SecurityException: Shell does not have permission to access user 10

    My apps are running in debug mode only even though I can't launch the android for work badged apps by using adb shell command.

    Please help me!

    RépondreSupprimer
  11. Concerning the badged apps, I have no idea if it works the same as the "profile" that could be created from a Device Owner App. I'm pretty sure though, you won't be able to start another user's activity with the shell user. Only the root user could do this.

    RépondreSupprimer
  12. I have this error:
    java.lang.IllegalStateException: Trying to set device owner but device is already provisioned.

    RépondreSupprimer
  13. Hello, @Florent Dupont, I tried the command which you had mentioned in this docs. But
    I got security exception "MDM_PROXY_ADMIN_INTERNAL" & due to this failed to make my app device owner.I uses Samsung noteJ5 device for this.I had factory reset my device, removed all google account from device but the same error was showing. I also gave device specific permission "" to resolve the issue but the same error was showing.

    RépondreSupprimer
  14. how can I execute "dpm set-device-owner..." command programmatically. I have already followed all instructions. But not succeed.

    RépondreSupprimer
  15. I wish I've came across this 2 weeks ago :) thanks a lot for sharing, worked like magic with google testDPC application.

    RépondreSupprimer
  16. Thank you so much for this!

    I tried the class names of the application entry point, and the startup activity, as the 'Class' portion of the Component, without success.

    After reading your blog, I quickly located the activity that extended DeviceAdminReceiver, and voila! Success!

    Thanks again!

    RépondreSupprimer
  17. sir i am using this command adim is success but set-device-owner command not woring please help me if any one work in DevicePolicyManager and DeviceAdminReceiver in android

    RépondreSupprimer
  18. please help me I want make for Password Unlock Broadcast

    RépondreSupprimer
  19. 0

    I am having exactly this same issue. I am developing an app that can locate missing phones and I have already installed on over 100 phones. The challenge is that I can make my app a device-admin app on lower than Android 10 phones without much problem (and my app can easily retrieve device identifiers for use in detecting when the sim is removed for instance) but for Android 10 and higher, even though the same code has activated my app as a device-admin (I can see it in Settings as active in device-admin), yet my attempts to programmatically make it a device-owner using Runtime.GetRuntime().Exec("dpm set-device-owner --user 0 com.companyname.IMEI247Tracker/.AdminReceiver"); but if I use this (adb shell dpm set-device-owner com.companyname.IMEI247Tracker/.AdminReceiver) in the command prompt, it converts my app to a device-owner and the app can then access device identifiers in higher Android versions. So, how do I resolve this? I am targeting over 100,000 phones to use my app and it wouldn't make sense if I need to use ADB to sort this out. Thanks.

    RépondreSupprimer