4

I am trying to set my app as device owner via adb with this command: 

dpm set-device-owner pl.my.packet/pl.my.packet.receivers.AdminReceiver

and then I see that error:

java.lang.SecurityException: Neither user 2000 nor current process has com.samsung.android.knox.permission.KNOX_PROXY_ADMIN_INTERNAL.,com.sec.enterprise.permission.MDM_PROXY_ADMIN_INTERNAL
    at android.os.Parcel.readException(Parcel.java:1693)
    at android.os.Parcel.readException(Parcel.java:1646)
    at android.app.admin.IDevicePolicyManager$Stub$Proxy.setActiveAdmin(IDevicePolicyManager.java:5825)
    at com.android.commands.dpm.Dpm.runSetDeviceOwner(Dpm.java:145)
    at com.android.commands.dpm.Dpm.onRun(Dpm.java:96)
    at com.android.internal.os.BaseCommand.run(BaseCommand.java:51)
    at com.android.commands.dpm.Dpm.main(Dpm.java:41)
    at com.android.internal.os.RuntimeInit.nativeFinishInit(Native Method)
    at com.android.internal.os.RuntimeInit.main(RuntimeInit.java:301)

Phone: Samsung S7 Edge, not rooted, without any Google account linked.

I searched for other usefull threads for me but found nothing, I tried with these permissions:

<uses-permission android:name="android.permission.INTERNET"/>
<uses-permission android:name="com.sec.enterprise.permission.MDM_PROXY_ADMIN_INTERNAL"/>
<uses-permission android:name="com.samsung.android.knox.permission.KNOX_PROXY_ADMIN_INTERNAL"/>
<uses-permission android:name="com.samsung.accessory.permission.ACCESSORY_FRAMEWORK" />
YMY
  • 678
  • 9
  • 17

5 Answers5

1

I had a similar error and found that I had typo-ed the package and receiver name in dpm set-device-owner command. I don't think you need the package name in your receiver's name. Maybe dpm set-device-owner pl.my.packet/.AdminReceiver?

Stephen M -on strike-
  • 1,037
  • 8
  • 28
0

I had the same issue with a Samsung phone and tried it with my emulator, so there was another Exception.

Turns out the AdminReceiver.class has to be in the root directory of your app: com.example.yourRootPackage.MyAdminReceiver.class

Joey
  • 21
  • 10
  • Could you provide a reference for your solution? – Ícaro Aug 24 '21 at 14:20
  • I thought at least i want to run it on a not-samsung phone, because for work i developed already a kiosk mode app, so I came to this: https://stackoverflow.com/a/62921377/7173050 because without a Samsung phone i was getting an "unkown admin"-error. Hope it's what you asked for – Joey Aug 24 '21 at 15:08
0

I had the same problem with my Samsung Tablet (A6 with Android 8) recently and discovered a few things to consider:

  1. (optional) You should probably add android:testOnly="true" inside your AndroidManifest.xml -> <application ...> and android.injected.testOnly=true inside your gradle.properties file to make sure that you can remove the device owner later with the dpm remove-active-admin command
  2. There should be no accounts present in Settings->Accounts (delete all of them if any present)
  3. Check the android:name you gave your receiver in your AndroidManifest.xml and write it down
  4. use the format < package-name >/< android:name of receiver class> in your dpm set-device-owner command
  5. make triple sure that there are no typos
  6. check if there are already device owners present with dumpsys device_policy
  7. check that you have the knox permissions in your AndroidManifest.xml (not 100% sure if neccessary)
  8. your AdminReceiver class can absolutetly be in a different package but you need to change your dpm set-device-owner accordingly (see in examle)

So i will give an example how it worked for me:

My Package name is for example de.my.cool.package

My AndroidManifest.xml contains:

<uses-permission android:name="com.sec.enterprise.permission.MDM_PROXY_ADMIN_INTERNAL"/> <uses-permission android:name="com.samsung.android.knox.permission.KNOX_PROXY_ADMIN_INTERNAL"/> <uses-permission android:name="com.samsung.accessory.permission.ACCESSORY_FRAMEWORK" />

<application ..... android:testOnly="true">

<receiver android:name=".utils.AdminReceiver"

NOTICE: my AdminReceiver is in its own package called utils. My AdminReceiver class (the one that extends DeviceAdminReceiver) is therefore in de.my.cool.package.utils.AdminReceiver

AFTER installing the app i open an adb shell:

To add the device owner:

dpm set-device-owner de.my.cool.package/.utils.AdminReceiver

To remove the device owner:

dpm remove-active-admin de.my.cool.package/.utils.AdminReceiver

each command should not take more than a few seconds and there should be something written like Success: Device owner set to package ComponentInfo{de.my.cool.package/de.my.cool.package.utils.AdminReceiver}

Active admin set to component {de.my.cool.package/de.my.cool.package.utils.AdminReceiver}

One of the important parts is that you add your additional package name from your AdminReceiver AFTER the / from the command and NEVER BEFORE. Otherwise you will get weird errors that are not even the problem.

PS: a factory-reset also helped me immensely trying to solve this

Hope i could help.

FullMetalJack
  • 1
  • 2
0

Delete all accounts from your device. then follow the steps

(1)Install application with android studio (2) use Terminal or command prompt and run this command

dpm set-device-owner pl.my.packet/pl.my.packet.receivers.AdminReceiver

Mohsin
  • 229
  • 2
  • 3
-1

not rooted

You cannot do that as you are clearly told:

Neither user 2000 nor current process has com.samsung.android.knox.permission.KNOX_PROXY_ADMIN_INTERNAL.,com.sec.enterprise.permission.MDM_PROXY_ADMIN_INTERNAL

And you cannot just add random permissions and expect it to work. I assume both are at least signature type or system. And you cannot have either on non rooted or not having system certificate.

Marcin Orlowski
  • 72,056
  • 11
  • 123
  • 141