Enabling Managed Profile in Android in Chrome OS

Sometimes it's useful to be able to run two copies of an app simultaneously in Android, e.g. for testing purposes, or to have two separate logins with an app which doesn't usually support this functionality. 

This can usually be done via the excellent app Island, which utilizes the Work/Managed profile functionality in Android in order to 'clone' selected apps, which can then be used either independently or both at the same time.

I wanted to have this functionality in Android on Chrome OS, but I found that initially the Island app didn't seem to be able to install properly.

I modified the file /system/etc/permissions/cheets.xml within the Android container, removing the word "unavailable" from two relevant lines, so

<unavailable-feature name="android.software.device_admin" />
<unavailable-feature name="android.software.managed_users" />


 becomes

<feature name="android.software.device_admin" />
<feature name="android.software.managed_users" />


After rebooting Android, I was able to install Island fully, and was able to run it as normal, cloning apps, then keeping two copies of the same app open at the same time.

Since the Android file /system/etc/permissions/cheets.xml is located within the Android container, a writeable Android rootfs is needed in order to modify the file directly. One way of achieving this is via the rooting scripts.

Alternatively, for example if one perhaps wants just to run a quick test for a cloned app, the original rootfs can be kept untouched, and an edited cheets.xml file bind mounted over the original. However, the bind mount would only last until the Chromebook is rebooted, which could lead to unexpected consequences.

e.g:

Copy cheets xml to /usr/local
 cp /opt/google/containers/android/rootfs/root/system/etc/permissions/cheets.xml /usr/local/cheets.xml   
Remove the word "unavailable-" from the device_admin line
sed -i 's/unavailable-feature name="android.software.device_admin"/feature name="android.software.device_admin"/g' /usr/local/cheets.xml
Remove the word "unavailable-" from the managed_users line
sed -i 's/unavailable-feature name="android.software.managed_users"/feature name="android.software.managed_users"/g' /usr/local/cheets.xml
Bind mount the edited cheets.xml back over the original
mount -o bind /usr/local/cheets.xml /opt/google/containers/android/rootfs/root/system/etc/permissions/cheets.xml
Finally, reboot the android container
printf reboot | android-sh
I should note that, although I haven't noticed any issues as yet, enabling unsupported features may have unexpected consequences. It would be prudent to ensure any important files are backed up before experimenting.