4

I have a Chrome OS device, and I want to programmatically lock the screen when a timer has expired (when a child has used up their available screen time). The Chromebook supports Android apps, but I can't find much information about how to do this specific to Chrome OS. I have found information about using the DevicePolicyManager LockNow Android function, which I really thought would do it - but it doesn't. It locks my Android phone just fine, but when I deploy it to my Chromebook (an Acer R 13), the line hits, continues without issue, but does nothing. I get the proper security prompt the first time to set the app as a device admin, but the LockNow code appears to do absolutely nothing despite working perfectly on my Samsung Note 9.

Does anyone know of some documentation or able to point me in the right direction? Thanks

Nikhil
  • 1,023
  • 17
  • 35
LCIronhorse
  • 41
  • 1
  • @LClornhorse: I am trying to implement a similar thing, are you able to find any solution? – Nikhil Apr 26 '21 at 06:19
  • If you decide against coding this yourself you might want to use Family Link: https://support.google.com/families/answer/7680868 – Marged Sep 05 '21 at 06:04

3 Answers3

0

If you are using Chrome OS Enterprise, you can set a device policy for locking the screen via the ScreenLockDelay policy. From the documentation :

Specifies the length of time without user input after which the screen is locked when running on AC power or battery.

When the length of time is set to a value greater than zero, it represents the length of time that the user must remain idle before Google Chrome OS locks the screen.

After further reading your question, it seems that you actually want to lock the screen after an arbitrary amount of time from when the user has logged in. Based on that information, I would look at the Chrome OS Extensions API. If your user is primarily using the web browser, you can redirect to a web page after a set amount of time via an extension. If the user is also using Android apps, then you may want to ask the Chrome team to add in a enterprise policy to allow locking the device after a set amount of time by logging a bug.

Alexander N.
  • 1,458
  • 14
  • 25
  • : Can you please guide me to lock Chromebook programmatically from Android app OR explain how to execute Shell script with Sudo command from Android app in Chromebook because i have a shell script that will lock chromebook but that is working with ChromeOS crosh terminal. – Nikhil Sep 03 '21 at 15:19
0

I have doubts that a third-party Android app can act in a supervisory mode since Android is running as a guest container/VM in ChromeOS.

From: https://chromium.googlesource.com/chromiumos/docs/+/HEAD/containers_and_vms.md#Don_t-Android-apps-ARC_run-in-a-container-and-not-a-VM

Glossary

  • ARC (App Runtime for Chrome): The old/deprecated method of running Android apps in a Chrome NaCl (Native Client) sandbox. Had random compatibility issues.
  • ARC++ (Android Runtime for Chrome [plus plus]): The current method for booting Android in a container under Chrome OS.
  • ARCVM (Android Runtime for Chrome in a VM): The latest method for booting Android under Chrome OS. Unlike ARC++, ARCVM runs Android inside crosvm.

Don't Android apps (ARC++) run in a container and not a VM?

While Android apps currently run in a container, eligible devices are migrating to running inside a VM.

For ARC++ container, we try to isolate them quite a bit (using namespaces, seccomp, alt syscall, SELinux, etc...), but at the end of the day, they have direct access to many syscalls and kernel interfaces, so a bug in there is reachable via code compiled with Android's NDK.

If Android apps are in a container, why can't users run code too?

We don't usually accept a low security bar in one place as a valid reason to lower the security bar everywhere. Instead, we want to constantly raise the security bar for all code.

For example, devices that support Android 11+ are being migrated from ARC++ in a container to ARCVM.

Are Android apps (ARC++) going away?

There are no plans to merge the two projects. We share/re-use a lot of the Chrome bridge code though, so it‘s not like we’re doing everything from scratch.

Don't VMs slow everything down?

It is certainly true that VMs add overhead when compared to running in only a container or directly in the system. However, in our tests, the overhead is negligble to the user experience, and well worth the strong gains in system security.

For more details, see the Security section in this doc.

As you can see, Android apps are isolated from ChromeOS, so any action like screen lock would have to be managed via existing ChromeOS APIs like Enterprise Management on Chrome OS or Google's Family Link

But what about a script that locks the screen inside of crosh?

I'm not sure if the script is running in ChromeOS developer mode or just running the default crosh environment to work. Either way the user is being explicit about such actions. To my knowledge Android has no explicit external facing APIs since it is within a container/VM.

Couldn't I write something using Android NDK to access the kernel to achieve my objective?

Possibly, provided you pass through all of the security layers as ARC++ is based on container technology, however as mentioned above, future versions will be within a VM.

Morrison Chang
  • 11,691
  • 3
  • 41
  • 77
0

You can make a child account and manage it with the Family Link app.

Within the app, select Daily Limit. You can now edit the child's screen time limit.

a nonymous
  • 1
  • 1