Android Question Manifest File Permissions

[ykucuk]

I'm currently facing an issue with my application regarding Samsung Knox permissions and would appreciate any guidance or advice you can provide.
I'm encountering a java.lang.SecurityException that states the admin does not have the com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT permission. This issue arises even though I have declared the necessary permissions in the manifest.

'This code will be applied to the manifest file during compilation.
'You do not need to modify it in most cases.
'See this link for for more information: http://www.basic4ppc.com/forum/showthread.php?p=78136
AddManifestText(
<uses-sdk android:minSdkVersion="21" android:targetSdkVersion="30"/>
<supports-screens android:largeScreens="true" 
    android:normalScreens="true" 
    android:smallScreens="true" 
    android:anyDensity="true"/>)
SetApplicationAttribute(android:icon, "@drawable/icon")
SetApplicationAttribute(android:label, "$LABEL$")
 AddManifestText(<uses-permission android:name="com.samsung.android.knox.permission.KNOX_HW_CONTROL" />
 <uses-permission android:name="com.samsung.android.knox.permission.KNOX_TIMA_KEYSTORE" />
 <uses-permission android:name="com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" />
 <uses-permission android:name="com.samsung.android.knox.intent.action.ENABLE_KIOSK_MODE_RESULT" />
 <uses-permission android:name="com.samsung.android.knox.permission.KNOX_TIMA_KEYSTORE" />
 )
'End of default text.
AddApplicationText(<receiver android:name="anywheresoftware.b4a.objects.AdminReceiver2"
  android:permission="android.permission.BIND_DEVICE_ADMIN"
  android:exported="true"
  >
  <meta-data android:name="android.app.device_admin"
  android:resource="@xml/device_admin" />
  <intent-filter>
  <action android:name="android.app.action.DEVICE_ADMIN_ENABLED" />
  </intent-filter>
</receiver>)
AddApplicationText(<receiver android:name="com.samsung.android.knox.IntentConverterReceiver" >
            <intent-filter>
                <action android:name="edm.intent.application.action.prevent.start" />
                <action android:name="edm.intent.application.action.prevent.stop" />
                <action android:name="edm.intent.action.ldap.createacct.result" />
                <action android:name="edm.intent.action.device.inside" />
                <action android:name="edm.intent.action.device.outside" />
                <action android:name="edm.intent.action.device.location.unavailable" />
                <action android:name="com.samsung.edm.intent.action.CERTIFICATE_REMOVED" />
                <action android:name="edm.intent.certificate.action.certificate.failure" />
                <action android:name="com.samsung.edm.intent.action.APPLICATION_FOCUS_CHANGE" />
                <action android:name="edm.intent.action.EMAIL_ACCOUNT_ADD_RESULT" />
                <action android:name="edm.intent.action.EMAIL_ACCOUNT_DELETE_RESULT" />
                <action android:name="com.sec.enterprise.intent.action.BLOCKED_DOMAIN" />
                <action android:name="com.sec.enterprise.intent.action.UPDATE_FOTA_VERSION_RESULT" />
                <action android:name="com.samsung.edm.intent.action.EXCHANGE_CBA_INSTALL_STATUS" />
                <action android:name="android.intent.action.sec.CBA_INSTALL_STATUS" />
                <action android:name="edm.intent.action.EXCHANGE_ACCOUNT_ADD_RESULT" />
                <action android:name="edm.intent.action.EXCHANGE_ACCOUNT_DELETE_RESULT" />
                <action android:name="com.samsung.edm.intent.action.ENFORCE_SMIME_ALIAS_RESULT" />
                <action android:name="edm.intent.action.knox_license.status" />
                <action android:name="edm.intent.action.license.status" />
                <action android:name="com.samsung.edm.intent.event.NTP_SERVER_UNREACHABLE" />
                <action android:name="edm.intent.action.enable.kiosk.mode.result" />
                <action android:name="edm.intent.action.disable.kiosk.mode.result" />
                <action android:name="edm.intent.action.unexpected.kiosk.behavior" />
                <action android:name="com.samsung.edm.intent.action.SIM_CARD_CHANGED" />
                <action android:name="android.intent.action.sec.SIM_CARD_CHANGED" />
                <action android:name="com.samsung.action.knox.certenroll.CEP_CERT_ENROLL_STATUS" />
                <action android:name="com.samsung.action.knox.certenroll.CEP_SERVICE_DISCONNECTED" />
                <action android:name="com.sec.enterprise.knox.intent.action.KNOX_ATTESTATION_RESULT" />
                <action android:name="com.sec.action.NO_USER_ACTIVITY" />
                <action android:name="com.sec.action.USER_ACTIVITY" />
                <action android:name="com.samsung.android.mdm.VPN_BIND_RESULT" />
            </intent-filter>
        </receiver>)
CreateResource(xml, device_admin.xml,
<device-admin xmlns:android="http://schemas.android.com/apk/res/android">
  <uses-policies>
  <limit-password />
  <reset-password />
  <force-lock />
  </uses-policies>
</device-admin>
)

I have ensured that all permissions are correctly declared and that the receiver is properly set up. Despite this, the exception is thrown. Is there something I'm missing, or is there a specific configuration required for Samsung Knox permissions to be recognized?

Any help or pointers would be greatly appreciated as I navigate this issue. Thank you in advance for your time and assistance!

Best regards,

 

[Erel]

Tip: better to add permissions with:

AddPermission(com.samsung.android.knox.permission.KNOX_HW_CONTROL)

Based on the permission name I would guess that it is a runtime permission if not a system permission. Try to request it at runtime.