Jason Ver Linden
May 18, 2017
6:26 pm

Admin does not have android.permission.sec.MDM_RESTRICTION or com.samsung.android.knox.permission.KNOX_RESTRICTION

Hi there, I am new to Knox and Android in general. I have been given an mdm project to take over and one of the requirements is to programatically install apks that are retrieved from a web service that is provided by our web application. We have this all working and we can install the apks programatically thanks to some help from the following link https://seap.samsung.com/forum-topic/your-administrator-doesnt-allow-installation-apps-obtained-unknown-sources. However, this only works if we have a container created or had a container created at some point (it can then be removed). Otherwise we get the following error: Failed to set Applications from Unknown Sources in RestrictionPolicy: Admin does not have android.permission.sec.MDM_RESTRICTION or com.samsung.android.knox.permission.KNOX_RESTRICTION when trying to set setAllowNonMarketApps (true).

These permissions are listed in our manifest.

We are using Knox 2.7.1, Standard SDK 5.7.1, Premium SDK 2.7.1 Customization SDK 2.7.1, Android v7.0 on a Galaxy Tab S2.

Any ideas on why we need to have a container created in order for the call to setAllowNonMarketAppls(true) to work?

Thanks,

Jason

 

Victor O.Samsung SEAP Moderator
May 19, 2017
6:49 pm

Greetings Jason,

The setAllowNonMarketAppls policy is part of the Knox Standard SDK and therefore has no dependency on the Knox Workspace container. I think this issue is related to the license activation. Do you activate the ELM license in code, prior to making a call to setAllowNonMarketAppls() method?

Please refer to this sample app for a working example: https://seap.samsung.com/sample-app/standard-license-activation

Regards,

-Victor

Jason Ver Linden
Jun 05, 2017
8:11 pm

Hi Victor, sorry for the long delay. It does look like we activate the licenses before we make any calls. In our MDM's DeviceAdminReceiver.onEnabled() impl, we do:

final String klmPremiumKey = LicenseDAO.getKastKlmPremiumLicenseKey();
KnoxEnterpriseLicenseManager.getInstance(MyPreferenceActivity.getAppContext()).activateLicense(klmPremiumKey, packageName);

final String klmCustomizationKey = LicenseDAO.getKastKlmCustomizationKey();
KnoxEnterpriseLicenseManager.getInstance(MyPreferenceActivity.getAppContext()).activateLicense(klmCustomizationKey, packageName);

final String elmPremiumKey = LicenseDAO.getKastElmPremiumLicenseKey();
KnoxEnterpriseLicenseManager.getInstance(MyPreferenceActivity.getAppContext()).activateLicense(elmPremiumKey, packageName);

I do see a toast message that the Knox license validated successfully.

Jason Ver Linden
Selected Answer
Jun 12, 2017
4:54 pm

We appeared to solve this. This was in fact due to the licenses not being validated. The above code does not work in that only the first license gets validated. We ended up having to validate the additional license in our LicenseReceiver after sending the first license off to be validated. This seems to work and subsequent licenses get validated after the first license call.