16

How to avoid this Exception

E/AndroidRuntime(26113): Caused by: java.lang.SecurityException: No active admin owned by uid XXXX for policy #3

when calling this:

public static void lockScreen(Context context) {
    Log.d(TAG, "lockScreen");
    ComponentName mDeviceAdminSample = null;
    DevicePolicyManager dpm = (DevicePolicyManager) context.getSystemService(Context.DEVICE_POLICY_SERVICE);
    Intent intent = new Intent(DevicePolicyManager.ACTION_ADD_DEVICE_ADMIN);
    intent.putExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN, mDeviceAdminSample);
    dpm.lockNow();
}
ViliusK
  • 11,345
  • 4
  • 67
  • 71

6 Answers6

9

I got the same error as OP. Since only combination of other answers helped me, here is my walk through to make the OP code sample work:

  1. Make sure you have created device admin receiver and xml policy file as described in https://developer.android.com/guide/topics/admin/device-admin.html
  2. Add admin receiver with xml policy file reference to Manifest.
  3. Install your app
  4. Enable app as admin in Setting>Security>Device administrators>"Your app admin receiver label value"

  5. or do [4] programmatically

    mDeviceAdminSample = new ComponentName(this,DeviceAdminSampleReceiver.class);
Intent intent = new Intent(DevicePolicyManager.ACTION_ADD_DEVICE_ADMIN);
intent.putExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN, mDeviceAdminSample);
currActivity.startActivityForResult(intent, 0);
VadimK
  • 431
  • 5
  • 10
5

You have to install and enable a device administrator as described in the reference docs: http://developer.android.com/guide/topics/admin/device-admin.html

Nikolay Elenkov
  • 52,576
  • 10
  • 84
  • 84
3

you are missing this below line.

mDeviceAdminSample = new ComponentName(this, DeviceAdminSampleReceiver.class);
FanosOs
  • 94
  • 6
2

Notice how the lines:

        Intent it = new         Intent(DevicePolicyManager.ACTION_ADD_DEVICE_ADMIN);
        it.putExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN, new ComponentName(this, YourAdminReceiver.class));
        startActivityForResult(it, 0);

can be skipped. If you do not want your users to allow the app to lock the screen there is the alternative way:

adb shell dpm set-device-owner com.package/.YourAdminReceiver

Now what does this have to do with the SecurityException the OP was encountering ?

Well, I already had the device owner set to com.package/.YourAdminReceiver via the adb shell way, but for different purposes than screen locking. When I have added the <force-lock> tag to my device-admin.xml:

<uses-policies>
        <limit-password />
        <reset-password />
        <force-lock />
    </uses-policies>

I was naturally expecting my locknow() API call to work, but instead it hasn't. I got the SecurityException just as OP did. Strange, given that my app was already the admin and owner of the device. I have made it work by unsetting from the device owner role, uninstalling it and then reinstalling it. Be advised that once set as a device owner via adb shell, an app can only be unset from that role from code:

//        mDpm.clearDeviceOwnerApp(getPackageName());
//        mDpm.removeActiveAdmin(deviceAdmin);
kellogs
  • 2,837
  • 3
  • 38
  • 51
0

In my case, the device admin was part of an instrumentation tests rather than my app itself. Turned out to be a bug in the way Android handles permissions. The fix was to move the device admin class, manifest and policies into the target app. Certainly not ideal, but I can't see a way around it.

Sam
  • 40,644
  • 36
  • 176
  • 219
0

You would need 3 thing to do :

  1. add <receiver> to AndroidManifest
  2. make new xml file for <device-admin>
  3. make new .kt file for DeviceAdminReceiver

Here is a link from an answer I already did (with example code) : stackoverflow.com

A reference from developer.android.com

QuartZ
  • 154
  • 3
  • 12