VMware Workspace ONE Community
workspacenewb
Contributor
Contributor
Jump to solution

UEM Launcher, not getting runtime permissions dialog on Android

I am using Launcher to run a single app webapp that uses webUSB. But to access the device, I need to say yes to a runtime permissions dialog, ("Chrome Allow Chrome to access USB?") and when I'm using Launcher I never see the dialog.

If I remove Launcher and just run the webapp from Chrome, I see the dialog. And if I go to Chrome://usb-internals, I can see the device.

In Launcher I have allowed notifications and allowed popups. I also added a custom setting to set RunTimePermissionSetting as described in https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2102/VMwareWorkspaceONELauncher/GUID-2F29C0CE-7D....

I also added a custom setting in Chrome: <parm name="WebUsbAllowDevicesForUrls" value="{&quot;WebUsbAllowDevicesForUrls&quot;: [ { &quot;devices&quot;: [ { &quot;vendor_id&quot;: REDACTED, &quot;product_id&quot;: REDACTED}], &quot;urls&quot;: [&quot;REDACTED&quot;] ]}"/> I was working from this Google policy document: https://chromeenterprise.google/policies/#WebUsbAllowDevicesForUrls

Does anyone know how I can access this USB device silently (ideal) or at least expose the dialog to the user while running within the Launcher? I'm out of ideas on this one.

Labels (1)
Tags (1)
Reply
0 Kudos
1 Solution

Accepted Solutions
workspacenewb
Contributor
Contributor
Jump to solution

The solution turned out to be in the Launcher payload configuration. In "Allowlist specific Android Activities", I needed to add "com.android.systemui" for the package name and "com.android.systemui.usb.UsbPermissionActivity" for the class name.

I figured this out by setting up adb in wireless mode and running adb shell logcat while plugging in the USB device. The line AWLockdown: LauncherService Closing non-whitelisted app or blacklisted screen: com.android.systemui activity: com.android.systemui.usb.UsbPermissionActivity told me what I needed to know.

View solution in original post

4 Replies
workspacenewb
Contributor
Contributor
Jump to solution

I have some small progress to report. When I deploy a launcher profile (not the custom settings payload) with everything enabled that I can think to enable, I get a quick flash of the dialog box I'm looking for. But it quickly goes away and is replaced with a message that says "your IT administrator has restricted access to System UI." Does anyone know how I can un-restrict this? EDIT: I have tried adding the Restrictions profile to make sure System UI was enabled for both Toasts and Errors. No change. 😞

Reply
0 Kudos
workspacenewb
Contributor
Contributor
Jump to solution

From looking at other forum posts, it appears that messages of the form "Your IT Administrator has restricted access to <X>" means that you should add <X> as a hidden application in the launcher config. So I added com.android.systemui, but I still have the same problem. Any ideas on next steps?

Reply
0 Kudos
workspacenewb
Contributor
Contributor
Jump to solution

Ah, got it at last!  In the Launcher profile, I needed to check "Allowlist specific Android Activities", put com.android.systemui under packages and com.android.systemui.usb.UsbPermissionActivity under "Class Name".

In case someone else is struggling with the same general problem: I figured this out by setting up the device for wireless debugging, and then running adb shell logcat while plugging in the USB device. Then I stepped through the logs until I happened on these lines:


01-13 12:26:53.827 31159 31159 I AWLockdown: LauncherService Checking for the non-whitelisted package : com.android.systemui
01-13 12:26:53.827 31159 31159 I AWLockdown: LauncherService Checking for the non-whitelisted activity : com.android.systemui.usb.UsbPermissionActivity
01-13 12:26:53.828 664 1133 I SurfaceFlinger: [SF client] NEW(0xb4000079330e5b40) for (18822:com.android.systemui)
01-13 12:26:53.830 31159 31159 E AWLockdown: LauncherService Closing non-whitelisted app or blacklisted screen: com.android.systemui activity: com.android.systemui.usb.UsbPermissionActivity





 

Reply
0 Kudos
workspacenewb
Contributor
Contributor
Jump to solution

The solution turned out to be in the Launcher payload configuration. In "Allowlist specific Android Activities", I needed to add "com.android.systemui" for the package name and "com.android.systemui.usb.UsbPermissionActivity" for the class name.

I figured this out by setting up adb in wireless mode and running adb shell logcat while plugging in the USB device. The line AWLockdown: LauncherService Closing non-whitelisted app or blacklisted screen: com.android.systemui activity: com.android.systemui.usb.UsbPermissionActivity told me what I needed to know.