[英]IllegalStateException: Cannot set the device owner if the device is already set-up
I'm trying to active the device owner of my system application using hidden API from DevicePolicyManager
method dpm.setDeviceOwner(cmpName)
.我正在尝试使用
DevicePolicyManager
方法dpm.setDeviceOwner(cmpName)
中的隐藏 API 来激活我的系统应用程序的设备所有者。 This method is throwing illegalStateException.这个方法抛出了非法状态异常。 I also tried
Settings.Global.putInt(context.getContentResolver(), Settings.Global.DEVICE_PROVISIONED, 0);
我也试过
Settings.Global.putInt(context.getContentResolver(), Settings.Global.DEVICE_PROVISIONED, 0);
and Settings.Secure.putInt(context.getContentResolver(), Settings.Secure.USER_SETUP_COMPLETE, 0);
和
Settings.Secure.putInt(context.getContentResolver(), Settings.Secure.USER_SETUP_COMPLETE, 0);
. . But android studio is still throwing an error.
但是android studio仍然抛出错误。
Note : I have both permission in manifest <uses-permission android:name="android.permission.WRITE_SECURE_SETTINGS" />
and <uses-permission android:name="android.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS" />
注意:我在清单
<uses-permission android:name="android.permission.WRITE_SECURE_SETTINGS" />
和<uses-permission android:name="android.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS" />
中都有权限
I received that error when calling dpm.setProfileOwner
before dpm.setActiveAdmin
;我在
dpm.setActiveAdmin
之前调用dpm.setProfileOwner
时收到该错误; after all, a profile owner must first be an active admin.毕竟,个人资料所有者必须首先是活跃的管理员。 However, you'll quickly find that, even if you issue the appropriate sequence of commands you'll then receive the error:
java.lang.IllegalStateException: Unable to set non-default profile owner post-setup
.但是,您会很快发现,即使您发出适当的命令序列,您也会收到错误:
java.lang.IllegalStateException: Unable to set non-default profile owner post-setup
。
If you check your logcat, though, I suspect you'll also find a warning similar to one I received: avc: denied { write } for name="com.myorg.mapp-0AMhJFjDAJrJ-KmxrLiEPA==" dev="dm-3" ino=3558 scontext=u:r:system_app:s0 tcontext=u:object_r:apk_data_file:s0 tclass=dir permissive=0
但是,如果您检查 logcat,我怀疑您还会发现类似于我收到的警告:
avc: denied { write } for name="com.myorg.mapp-0AMhJFjDAJrJ-KmxrLiEPA==" dev="dm-3" ino=3558 scontext=u:r:system_app:s0 tcontext=u:object_r:apk_data_file:s0 tclass=dir permissive=0
This message is the key... The problem is that selinux rules prevent the apk from making changes directly to the /data/system directory, which is where the xml files (device_owner_2.xml and device_policies.xml) that define profile ownership are located.此消息是关键...问题是 selinux 规则阻止 apk 直接对 /data/system 目录进行更改,该目录是定义配置文件所有权的 xml 文件(device_owner_2.xml 和 device_policies.xml)所在的位置.
In short, you're out of luck.简而言之,你不走运。 You have a few workaround options:
您有几个解决方法选项:
dpm set-profile-owner
command from within a rooted shell.dpm set-profile-owner
命令。 Since it is run as root this will bypass selinux rules. If you're building a system app (which you must be with those permissions), you're almost certainly rooted or building a ROM, so one of the above options should work.如果您正在构建一个系统应用程序(您必须拥有这些权限),那么您几乎可以肯定是 root 或构建了一个 ROM,因此上述选项之一应该可以工作。
I've encountered a very similar problem using Android Q. I know it's been answered already, but I found another thing that I did that worked, based on DPM implementation in this link .我在使用 Android Q 时遇到了一个非常类似的问题。我知道它已经得到了回答,但我发现我所做的另一件事是有效的,基于此链接中的 DPM 实现。 I implemented a platform priv-app with this method:
我用这种方法实现了一个平台 priv-app:
private void setDeviceOwnerAndAdmin() {
int mUserId = UserHandle.USER_SYSTEM;
try {
//Get the Stub implementation for device policy service
IDevicePolicyManager mDevicePolicyManager = IDevicePolicyManager.Stub.asInterface(
ServiceManager.getService(Context.DEVICE_POLICY_SERVICE));
//Get the admin component from DeviceAdmin class
ComponentName component = new ComponentName(mContext, DeviceAdmin.class);
//Set active system admin
mDevicePolicyManager.setActiveAdmin(component, true /*refreshing*/, mUserId);
//Set the device owner for this component
if (!mDevicePolicyManager.setDeviceOwner(component, "OwnerName", mUserId)) {
throw new RuntimeException(
"Can't set package " + component + " as device owner.");
}
//Set provisioning state
mDevicePolicyManager.setUserProvisioningState(
DevicePolicyManager.STATE_USER_SETUP_FINALIZED, mUserId);
} catch (Exception e) {
Log.e(TAG, "Error at setting Owner and Admin", e);
}
}
Then the exception occured with the message然后异常发生在消息中
Cannot set the device owner if the device is already set-up
如果设备已设置,则无法设置设备所有者
I then added <uses-permission android:name="android.permission.WRITE_SECURE_SETTINGS" />
and <uses-permission android:name="android.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS" />
to the Manifest.然后,我将
<uses-permission android:name="android.permission.WRITE_SECURE_SETTINGS" />
和<uses-permission android:name="android.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS" />
添加到清单中。
Also, added the priv-app package to /frameworks/base/data/etc/privapp-permissions-platform.xml
with the right permissions.此外,将 priv-app 包添加到具有正确权限的
/frameworks/base/data/etc/privapp-permissions-platform.xml
中。
After all that, I still had the same exception message, until I figured out that the frameworks/base/packages/SettingsProvider/res/values/defaults.xml
had the value <bool name="def_user_setup_complete">true</bool>
.毕竟,我仍然收到相同的异常消息,直到我发现
frameworks/base/packages/SettingsProvider/res/values/defaults.xml
的值为<bool name="def_user_setup_complete">true</bool>
。 That was preventing me from adding a device owner, so I changed this value to false
and it worked.这使我无法添加设备所有者,因此我将此值更改为
false
并且它起作用了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.