MDM(Mobile Device Manager) 通俗来讲就是管理设备使用
国内 MDM 服务商有 360 等
国外 MDM 服务商有 hexnode 等
当你在设备上配置了 DeviceOwner 后,状态栏下拉中会多出如下
关于 DeviceOwner 介绍可参考下面
Android DeviceOwner 应用的能力
Android Device Administration 应用的能力
开整
接下来我们自己写一个 MDM apk,打开 AS 新建一个工程,就叫 DeviceOwnerDemo,包名 cn.test.deviceownerdemo
1、写一个类继承 DeviceAdminReceiver,空实现就行
public class TestDeviceAdminReceiver extends DeviceAdminReceiver {
@Override
public void onReceive(@NonNull Context context, @NonNull Intent intent) {
super.onReceive(context, intent);
String action = intent.getAction();
Log.e("TestDeviceAdminReceiver","action="+action);
//action=android.app.action.DEVICE_ADMIN_ENABLED
}
}
2、在 AndroidManifest.xml 中配置 DeviceAdminReceiver,固定写法直接 copy
<receiver
android:name=".TestDeviceAdminReceiver"
android:permission="android.permission.BIND_DEVICE_ADMIN">
<intent-filter>
<action android:name="android.app.action.DEVICE_ADMIN_ENABLED" />
<action android:name="android.app.action.PROFILE_PROVISIONING_COMPLETE" />
</intent-filter>
<meta-data
android:name="android.app.device_admin"
android:resource="@xml/device_admin" />
</receiver>
3、新增 device_admin.xml 配置 DeviceAdminReceiver 支持功能
<?xml version="1.0" encoding="utf-8"?>
<device-admin xmlns:android="http://schemas.android.com/apk/res/android">
<uses-policies>
<watch-login />
<reset-password />
<force-lock />
<wipe-data />
<encrypted-storage />
<disable-camera />
<limit-password />
<expire-password />
<disable-keyguard-features />
</uses-policies>
</device-admin>
这样一个最简单的 MDM 应用就完成了,接下来就需要激活权限
DeviceAdmin 权限
通过 app 申请,先手动授权
DevicePolicyManager mDPM = (DevicePolicyManager)getSystemService(Context.DEVICE_POLICY_SERVICE);
ComponentName testDeviceAdmin = new ComponentName(this, TestDeviceAdminReceiver.class);
boolean adminActive = mDPM.isAdminActive(testDeviceAdmin);
if (!adminActive){
Intent intent = new Intent(DevicePolicyManager.ACTION_ADD_DEVICE_ADMIN);
intent.putExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN, testDeviceAdmin);
intent.putExtra(DevicePolicyManager.EXTRA_ADD_EXPLANATION, "");
startActivityForResult(intent, REQUEST_ACTIVATE);
}
DeviceOwner 权限,通过 adb 设置
adb shell dpm set-device-owner cn.test.deviceownerdemo/.TestDeviceAdminReceiver
4、接下来就可通过刚刚 mDPM 操作设备配置,比如禁用系统状态栏
DevicePolicyManager mDPM = (DevicePolicyManager)getSystemService(Context.DEVICE_POLICY_SERVICE);
ComponentName testDeviceAdmin = new ComponentName(this, TestDeviceAdminReceiver.class);
if(mDPM.isAdminActive(testDeviceAdmin)){
mDPM.setStatusBarDisabled(testDeviceAdmin, false);
}
使用上搞清楚了,接下来我们就来修改源码了,一般 MDM apk 都是客户提供的,都需要预装到系统中且默认授权
实际上重要的就两个 xml 文件 device_owner_2.xml device_policies.xml
当你手动授权成功后,在设备 /data/system/ 目录下就有这两文件,所以我们可以将两个 xml 预制到系统中
data 分区下预制文件,开机会无法启动,所以我们曲线救国,先将文件放到 system 下,系统起来后在 init.rc 执行 copy
注意 xml 文件中的 package 和 name 对应你实际的 MDM 包名
system/extras/su/device_owner_2.xml
<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<root>
<device-owner package="cn.test.deviceownerdemo" name="" component="cn.test.deviceownerdemo/cn.test.deviceownerdemo.TestDeviceAdminReceiver" userRestrictionsMigrated="true" canAccessDeviceIds="true" />
<device-owner-context userId="0" />
</root>
system/extras/su/device_policies.xml
<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<policies setup-complete="true" provisioning-state="3">
<admin name="cn.test.deviceownerdemo/cn.test.deviceownerdemo.TestDeviceAdminReceiver">
<policies flags="991" />
<strong-auth-unlock-timeout value="0" />
<test-only-admin value="true" />
<user-restrictions no_add_managed_profile="true" />
<default-enabled-user-restrictions>
<restriction value="no_add_managed_profile" />
</default-enabled-user-restrictions>
<cross-profile-calendar-packages />
</admin>
<lock-task-features value="16" />
</policies>
device/mediateksample/k67v1_64_bsp/device.mk
PRODUCT_COPY_FILES += \
system/extras/su/device_policies.xml:system/device_policies.xml \
system/extras/su/device_owner_2.xml:system/device_owner_2.xml
system/core/rootdir/init.rc
copy /system/device_policies.xml /data/system/device_policies.xml
chmod 0600 /data/system/device_policies.xml
chown system system /data/system/device_policies.xml
copy /system/device_owner_2.xml /data/system/device_owner_2.xml
chmod 0600 /data/system/device_owner_2.xml
chown system system /data/system/device_owner_2.xml
这样烧写后,MDM apk 就默认拥有 DeviceOwner 权限了,DeviceAdmin 权限可以通过
hide 方法 DevicePolicyManager.setActiveAdmin(@NonNull ComponentName policyReceiver, boolean refreshing, int userHandle)
随便找个系统应用,Settings 里加一下就行
参考文章
设置客户app为设备管理者 android9.0 效果如同adb shell dpm set-device-owner
一键设置 DeviceAdmin/ProfileOwner/DeviceOwner 应用