Back to top
Home / Knox Tizen SDK / Tutorials / Develop MDM app /

Standard features

The Standard APIs provided in the Knox Tizen SDK allow you to design an MDM solution so that a Samsung wearable devices can be managed effectively and efficiently. Solutions developed through the SDK can reduce security threats and risks from lost or stolen devices that contain sensitive corporate data.

MDM solutions can be designed to provide access to various enterprise relevant functions, including but not limited to enabling and disabling device control functions (such as camera, Bluetooth®, WiFi™, and GPS) and security functions (such as password strength, biometric authentication, encryption and decryption, and IT policy enforcement). See Develop a MDM app.

Standard API overview

The following table lists the Samsung Knox Tizen SDK for Wearables - Standard policy groups:

Knox SDK Policy Groups
Samsung Knox Tizen SDK for Wearables -MDM
  • Admin
  • APN
  • Application
  • Device Inventory
  • Enterprise Device
  • Firewall
  • License
  • Location
  • Password
  • Phone Restriction
  • Restriction
  • Security
  • Wi-Fi

Develop an app using Standard APIs

The following are the steps to develop an app using Standard APIs:

On this tab

Before you begin

Steps

  1. Add required privileges to the manifest file of your app. See License permissions.
  2. Register the MDM client and connect to the server daemon. See Register the MDM client app.
  3. Activate the KPE license key and backwards compatible key. For details, see Activate a license.
  4. Call the required Standard APIs. See API Reference.

On this tab

Before you begin:

Steps:

  1. Add required privileges to the manifest file of your app. See License permissions.
  2. Register the MDM client and connect to the server daemon. See Register the MDM client app.
  3. Activate the ELM license key. For details, see Activate a license.
  4. Call the required Standard APIs. See API Reference.

Register the MDM client app

Register

For the MDM client app to set or apply policies on the Gear device, you must first register the app. To register the client app, call mdm_register_client ( const char * pkg_name ) API method.

Then, call the mdm_result_t mdm_get_service ( void ) API method to connect to MDM server daemon, and get the caller information.

// The package name of the app to register as an MDM client
#
define PACKAGE_NAME "org.example.wearabletutorial"
 ...
  // Register MDM client
  if (mdm_register_client(PACKAGE_NAME) == MDM_RESULT_SUCCESS) {
    // Connect to the MDM server daemon, and verify that the
    // app is authorized to get MDM client information
    if (mdm_get_service() == MDM_RESULT_SUCCESS) {
      // App is authorized; register callback
      mdm_register_client_callback(MDM_LICENSE_CB, __license_callback_, NULL, NULL);
    } else {
      // Could not connect to daemon or app is not authorized
      // to get MDM client information
      return false;
    }
  } else {
    // Failed to register the client
    return false;
  }

De-register

Call the mdm_deregister_client ( const char * pkg_name ) API method to de-register the client app. And, call the mdm_release_service ( void ) API method to release the resources.

Wi-Fi APIs

The Wi-Fi APIs allows the MDM provider to provision Wi-Fi settings to exchange data or connect to the internet wirelessly using 2.4 GHz UHF and 5 GHz SHF radio frequencies.

The current supported Wi-Fi security types are:

  • OPEN
  • WEP
  • WPA –PSK
  • WPA2-PSK
  • EAP - PEAP
  • EAP – TLS
  • EAP – TTLS
  • EAP – SIM
  • EAP - AKA

Restrict or allow Wi-Fi usage

You can call mdm_set_allow_wifi (mdm_status_t state) to either allow or restrict the usage of the WiFi capability on the device.

The Wi-Fi APIs allow you to configure Wi-Fi related settings, and to allow/block SSIDs.

If Wi-Fi usage is restricted, the user cannot enable Wi-Fi from the device settings or quick panel menu. If Wi-Fi usage is allowed after being restricted it will be turned off by default so the user has to turn it on manually from device settings or quick panel menu.

mdm_result_t ret = MDM_RESULT_SUCCESS;
ret = mdm_set_allow_wifi(MDM_RESTRICTED);
if (ret == MDM_RESULT_SUCCESS) {
  //Success
} else {
  //Fail
}

Allowlist Wi-Fi policies

You can use the following APIs to set Wi-Fi allowlist policies:

mdm_add_wifi_ssids_to_whitelist (GList *SSIDs) API to add a list of Wi-Fi network SSIDs to the Wi-Fi network allowlist.
mdm_remove_wifi_ssids_from_whitelist (GList *SSIDs) API to remove a list of Wi-Fi network SSIDs from the Wi-Fi network allowlist.
mdm_clear_wifi_ssids_whitelist (void) API to remove all Wi-Fi network SSIDs from the Wi-Fi network allowlist.
mdm_get_wifi_ssids_from_whitelist (void) API to retrieve the allowlist of Wi-Fi network SSIDs for all

Blocklist Wi-Fi policies

You can use the following APIs to set Wi-Fi blocklist policies:

mdm_add_wifi_ssids_to_blacklist (GList *SSIDs) API to add a list of Wi-Fi network SSIDs to the Wi-Fi network blocklist
mdm_remove_wifi_ssids_from_blacklist (GList *SSIDs) API to remove a list of Wi-Fi network SSIDs from the Wi-Fi network blocklist
mdm_clear_wifi_ssids_blacklist (void) API to remove all Wi-Fi network SSIDs from the Wi-Fi network blocklist
mdm_get_wifi_ssids_from_blacklist (void) API to retrieve the blocklist of Wi-Fi network SSIDs for all

Bluetooth APIs

This section provides information for using the APIs to configure Bluetooth support.

For example, you can use the APIs:

  • To allow/restrict Bluetooth usage on the managed device.
  • To allow only trusted Bluetooth devices using the device hardware ID.
  • To allow/restrict the managed device to be used only with specific Bluetooth profiles.
  • To allow only trusted Bluetooth UUIDs to be used on the managed device.

Allow or Restrict Bluetooth usage on the managed device

Call mdm_set_allow_bluetooth_mode(mdm_bt_allow_t state) API method to allow or restrict Bluetooth usage. The following are the usage modes that you can enable using this API:

MDM_BT_ALLOWED The user can turn on the Bluetooth capability on the device from the device settings or quick panel menu.
MDM_BT_RESTRICTED The user cannot turn on the Bluetooth capability on the device.
MDM_BT_HANDSFREE_ONLY The user can turn on the Bluetooth capability on the device, but it will only support connection to devices with hands-free features only.

The following code snippet illustrates how to set the Bluetooth mode on the managed device to hands-free only:

mdm_result_t ret = mdm_set_allow_bluetooth_mode(MDM_BT_HANDSFREE_ONLY);
if (ret == MDM_RESULT_SUCCESS) {
  // Success
} else {
  // Some Error Handling
}

Allow only trusted Bluetooth devices using the device hardware ID

To allow Bluetooth connection to only trusted Bluetooth devices, you must:

  • Allow access to devices based on their device hardward ID, using mdm_add_bluetooth_devices_to_whitelist(GList _ devices ) API method.
  • Block all sother Bluetooth devices, using mdm_add_bluetooth_devices_to_blacklist("_") API method.
  • Activate these Bluetooth device restrictions, using mdm_activate_bluetooth_device_restriction(mdm_status_t value ) API method.

The following code snippet illustrates how to allow only trusted Bluetooth devices using the device hardware ID:

GList _ devices = NULL;
devices = g_list_append(devices, "00:11:22:33:AA:BB");
devices = g_list_append(devices, "00:11:22:88:AA:CC");
mdm_result_t ret = mdm_add_bluetooth_devices_to_blacklist("_");
if (ret == MDM_RESULT_SUCCESS) {
  ret = mdm_add_bluetooth_devices_to_whitelist(devices);
  if (ret == MDM_RESULT_SUCCESS) {
    ret = mdm_activate_bluetooth_device_restriction(MDM_TRUE);
    if (ret == MDM_RESULT_SUCCESS) {
      // Success
    } else {
      // Some Error Handling
    }
  } else {
    // Some Error Handling
  }
} else {
  // Some Error Handling
}
g_list_free(devices);

Allow only trusted Bluetooth UUIDs to be used on the managed device

The Bluetooth UUID restriction APIs allow you to add more control on the Bluetooth capabilities that you want to enable on the device. For example, if a Bluetooth profile is associated with multiple UUIDS, you could control Bluetooth connections based on the UUID.

For example, suppose an A2DP profile is only applicable to the following UUIDs:

  • AudioSource — 0000110A-0000-1000-8000-00805F9B34FB
  • AudioSink — 0000110B-0000-1000-8000-00805F9B34FB

It is possible to allow Bluetooth on the managed device to be used as an Audio Source, while blocking all other Bluetooth UUIDs. The following code snippet illustrates the above scenario:

GList _ uuids = NULL;
uuids = g_list_append(uuids, "0000110A-0000-1000-8000-00805F9B34FB");
mdm_result_t ret = mdm_add_bluetooth_uuids_to_blacklist("_");
if (ret == MDM_RESULT_SUCCESS) {
  ret = mdm_add_bluetooth_uuids_to_whitelist(uuids);
  if (ret == MDM_RESULT_SUCCESS) {
    ret = mdm_activate_bluetooth_uuid_restriction(MDM_TRUE);
    if (ret == MDM_RESULT_SUCCESS) {
      // Success
    } else {
      // Some Error Handling
    }
  } else {
    // Some Error Handling
  }
} else {
  // Some Error Handling
}
g_list_free(uuids);

On this page

Is this page helpful?