Welcome to Headwind MDM Q&A, where you can ask questions and receive answers from other members of the community.
0 votes
Is it possible to grant Headwind MDM device owner rights without adb and enrollment?

My devices do not allow QR code based enrollment, but I can modify Android firmware files (/system partition).
by (5k points)

1 Answer

0 votes

Here's the related answer on StackOverflow: https://stackoverflow.com/questions/21183328/how-to-make-my-app-a-device-owner

If you can modify firmware files, you can add a startup script which creates the following files (the file owner is system:system, permissions: 600 - read and write access to owner only):

/data/system/device_owner_2.xml

<?xml version='1.0' encoding='utf-8' standalone='yes' ?>

<root>

<device-owner package="com.hmdm.launcher" name="" component="com.hmdm.launcher/com.hmdm.launcher.AdminReceiver" userRestrictionsMigrated="true" canAccessDeviceIds="true" />

<device-owner-context userId="0" />

</root>

(for older Android versions, the file name must be device_owner.xml)

/data/system/device_policies.xml

<?xml version='1.0' encoding='utf-8' standalone='yes' ?>

<policies setup-complete="true" provisioning-state="3">

<admin name="com.hmdm.launcher/com.hmdm.launcher.AdminReceiver">

<policies flags="17" />

<strong-auth-unlock-timeout value="0" />

<user-restrictions no_add_managed_profile="true" />

<default-enabled-user-restrictions>

<restriction value="no_add_managed_profile" />

</default-enabled-user-restrictions>

<cross-profile-calendar-packages />

</admin>

<password-validity value="true" />

<lock-task-features value="16" />

</policies>

Another option is to rebuild Headwind MDM and sign it by Android platform keys (if you have them!). This won't require firmware modification, but provides Headwind MDM with system privileges (silent app installation). Also, you need to set the SYSTEM_PRIVILEGES flag in build.gradle to true.

by (5k points)
...