Standard features
The Standard APIs provided in the Knox Tizen SDK allow you to design an MDM solution so that a Samsung wearable devices can be managed effectively and efficiently. Solutions developed through the SDK can reduce security threats and risks from lost or stolen devices that contain sensitive corporate data.
MDM solutions can be designed to provide access to various enterprise relevant functions, including but not limited to enabling and disabling device control functions (such as camera, Bluetooth®, WiFi™, and GPS) and security functions (such as password strength, biometric authentication, encryption and decryption, and IT policy enforcement). See Develop a MDM app.
Standard API overview
The following table lists the Samsung Knox Tizen SDK for Wearables - Standard policy groups:
Knox SDK | Policy Groups |
---|---|
Samsung Knox Tizen SDK for Wearables -MDM |
|
Develop an app using Standard APIs
The following are the steps to develop an app using Standard APIs:
Register the MDM client app
Register
For the MDM client app to set or apply policies on the Gear device, you must first register the app. To register the client app, call mdm_register_client ( const char * pkg_name )
API method.
Then, call the mdm_result_t mdm_get_service ( void )
API method to connect to MDM server daemon, and get the caller information.
// The package name of the app to register as an MDM client
#
define PACKAGE_NAME "org.example.wearabletutorial"
...
// Register MDM client
if (mdm_register_client(PACKAGE_NAME) == MDM_RESULT_SUCCESS) {
// Connect to the MDM server daemon, and verify that the
// app is authorized to get MDM client information
if (mdm_get_service() == MDM_RESULT_SUCCESS) {
// App is authorized; register callback
mdm_register_client_callback(MDM_LICENSE_CB, __license_callback_, NULL, NULL);
} else {
// Could not connect to daemon or app is not authorized
// to get MDM client information
return false;
}
} else {
// Failed to register the client
return false;
}
De-register
Call the mdm_deregister_client ( const char * pkg_name )
API method to de-register the client app. And, call the mdm_release_service ( void )
API method to release the resources.
Wi-Fi APIs
The Wi-Fi APIs allows the MDM provider to provision Wi-Fi settings to exchange data or connect to the internet wirelessly using 2.4 GHz UHF and 5 GHz SHF radio frequencies.
The current supported Wi-Fi security types are:
- OPEN
- WEP
- WPA –PSK
- WPA2-PSK
- EAP - PEAP
- EAP – TLS
- EAP – TTLS
- EAP – SIM
- EAP - AKA
Restrict or allow Wi-Fi usage
You can call mdm_set_allow_wifi (mdm_status_t state)
to either allow or restrict the usage of the WiFi capability on the device.
The Wi-Fi APIs allow you to configure Wi-Fi related settings, and to allow/block SSIDs.
If Wi-Fi usage is restricted, the user cannot enable Wi-Fi from the device settings or quick panel menu. If Wi-Fi usage is allowed after being restricted it will be turned off by default so the user has to turn it on manually from device settings or quick panel menu.
mdm_result_t ret = MDM_RESULT_SUCCESS;
ret = mdm_set_allow_wifi(MDM_RESTRICTED);
if (ret == MDM_RESULT_SUCCESS) {
//Success
} else {
//Fail
}
Allowlist Wi-Fi policies
You can use the following APIs to set Wi-Fi allowlist policies:
mdm_add_wifi_ssids_to_whitelist (GList *SSIDs) | API to add a list of Wi-Fi network SSIDs to the Wi-Fi network allowlist. |
mdm_remove_wifi_ssids_from_whitelist (GList *SSIDs) | API to remove a list of Wi-Fi network SSIDs from the Wi-Fi network allowlist. |
mdm_clear_wifi_ssids_whitelist (void) | API to remove all Wi-Fi network SSIDs from the Wi-Fi network allowlist. |
mdm_get_wifi_ssids_from_whitelist (void) | API to retrieve the allowlist of Wi-Fi network SSIDs for all |
Blocklist Wi-Fi policies
You can use the following APIs to set Wi-Fi blocklist policies:
mdm_add_wifi_ssids_to_blacklist (GList *SSIDs) | API to add a list of Wi-Fi network SSIDs to the Wi-Fi network blocklist |
mdm_remove_wifi_ssids_from_blacklist (GList *SSIDs) | API to remove a list of Wi-Fi network SSIDs from the Wi-Fi network blocklist |
mdm_clear_wifi_ssids_blacklist (void) | API to remove all Wi-Fi network SSIDs from the Wi-Fi network blocklist |
mdm_get_wifi_ssids_from_blacklist (void) | API to retrieve the blocklist of Wi-Fi network SSIDs for all |
Bluetooth APIs
This section provides information for using the APIs to configure Bluetooth support.
For example, you can use the APIs:
- To allow/restrict Bluetooth usage on the managed device.
- To allow only trusted Bluetooth devices using the device hardware ID.
- To allow/restrict the managed device to be used only with specific Bluetooth profiles.
- To allow only trusted Bluetooth UUIDs to be used on the managed device.
Allow or Restrict Bluetooth usage on the managed device
Call mdm_set_allow_bluetooth_mode(mdm_bt_allow_t state)
API method to allow or restrict Bluetooth usage. The following are the usage modes that you can enable using this API:
MDM_BT_ALLOWED | The user can turn on the Bluetooth capability on the device from the device settings or quick panel menu. |
MDM_BT_RESTRICTED | The user cannot turn on the Bluetooth capability on the device. |
MDM_BT_HANDSFREE_ONLY | The user can turn on the Bluetooth capability on the device, but it will only support connection to devices with hands-free features only. |
The following code snippet illustrates how to set the Bluetooth mode on the managed device to hands-free only:
mdm_result_t ret = mdm_set_allow_bluetooth_mode(MDM_BT_HANDSFREE_ONLY);
if (ret == MDM_RESULT_SUCCESS) {
// Success
} else {
// Some Error Handling
}
Allow only trusted Bluetooth devices using the device hardware ID
To allow Bluetooth connection to only trusted Bluetooth devices, you must:
- Allow access to devices based on their device hardward ID, using
mdm_add_bluetooth_devices_to_whitelist(GList _ devices )
API method. - Block all sother Bluetooth devices, using
mdm_add_bluetooth_devices_to_blacklist("_")
API method. - Activate these Bluetooth device restrictions, using
mdm_activate_bluetooth_device_restriction(mdm_status_t value )
API method.
The following code snippet illustrates how to allow only trusted Bluetooth devices using the device hardware ID:
GList _ devices = NULL;
devices = g_list_append(devices, "00:11:22:33:AA:BB");
devices = g_list_append(devices, "00:11:22:88:AA:CC");
mdm_result_t ret = mdm_add_bluetooth_devices_to_blacklist("_");
if (ret == MDM_RESULT_SUCCESS) {
ret = mdm_add_bluetooth_devices_to_whitelist(devices);
if (ret == MDM_RESULT_SUCCESS) {
ret = mdm_activate_bluetooth_device_restriction(MDM_TRUE);
if (ret == MDM_RESULT_SUCCESS) {
// Success
} else {
// Some Error Handling
}
} else {
// Some Error Handling
}
} else {
// Some Error Handling
}
g_list_free(devices);
Allow only trusted Bluetooth UUIDs to be used on the managed device
The Bluetooth UUID restriction APIs allow you to add more control on the Bluetooth capabilities that you want to enable on the device. For example, if a Bluetooth profile is associated with multiple UUIDS, you could control Bluetooth connections based on the UUID.
For example, suppose an A2DP profile is only applicable to the following UUIDs:
- AudioSource — 0000110A-0000-1000-8000-00805F9B34FB
- AudioSink — 0000110B-0000-1000-8000-00805F9B34FB
It is possible to allow Bluetooth on the managed device to be used as an Audio Source, while blocking all other Bluetooth UUIDs. The following code snippet illustrates the above scenario:
GList _ uuids = NULL;
uuids = g_list_append(uuids, "0000110A-0000-1000-8000-00805F9B34FB");
mdm_result_t ret = mdm_add_bluetooth_uuids_to_blacklist("_");
if (ret == MDM_RESULT_SUCCESS) {
ret = mdm_add_bluetooth_uuids_to_whitelist(uuids);
if (ret == MDM_RESULT_SUCCESS) {
ret = mdm_activate_bluetooth_uuid_restriction(MDM_TRUE);
if (ret == MDM_RESULT_SUCCESS) {
// Success
} else {
// Some Error Handling
}
} else {
// Some Error Handling
}
} else {
// Some Error Handling
}
g_list_free(uuids);
On this page
Is this page helpful?