Unknown macro: {next_previous_link3}
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

Most enterprises use devices that are customized for their requirement. For example having a custom android device that functions as a POS. In such situations most organizations prefer to have custom firmwares maintained by themselves or get device vendors to build custom device to suite their  requirement. For example apps or devices having the capability to sign their POS app with the vendor firmware signing key and install it on devices as a system app.

 WSO2 EMM provides a separate service application that can be signed by a firmware signing key and installed on the devices as a system application alongside the EMM Agent application. This enables you to have better control over the devices registered with WSO2 EMM. Since this is a system app it provides system level capabilities, such as device firmware upgrade, reboot and enforcing security policies and much more.

For more information on managing the system service Android application see following sections:

Securing Communication

When the system service app is installed on a device that is registered with WSO2 EMM, the EMM Agent application communicates with the system service to get the operation executed when a system level operation triggers from the WSO2 EMM server. The communication between the system service and the agent app is secured by two layers of protection as shown below:

  1. Via the signature - A permission that the system grants only if the requesting application is signed with the same certificate as the application that is declared in the permission.

    For more information on securing the communication, see <permissions> on the Android Developer documents.

  2. Check the package name of the agent who makes the call to verify that it’s a request from the EMM Agent application.

Integrating WSO2 EMM and the system service application

Follow the steps given below to configure the system service Android application with WSO2 EMM:

  1.  Build the system service application.
    1. Download the source code.
    2. The system service app can not be built via the usual android developer SDK, as it requires access to developer restricted APIs. Therefore, you need to replace the existing android.jar file that is under the <SDK_LOCATION>/platforms/android-<COMPILE_SDK_VERSION> directory with the explicitly built android.jar file having the access to the restricted APIs. Follows any of the methods given below:
    3. Open the system service app source code via the Android Studio and clean build it as a usual android application.

  2. Sign the system service.
    Sign the application via the device firmware signing key. If you don’t have access to the firmware signing key, you have to get the system application signed via your device vendor. 

    For more information of singing the system service, see Signing Your Applications.

  3. Install the system service application by following any of the methods given below:

    •  The system service application will be available out of the box with your firmware distribution, if you have your own firmware.

      1. Copy the signed system service APK file inside /system/priv-apps directory of the device. 

      2. When the device boots or restarts for the first time, it will automatically install the app as a system application.

    • Install the system service application externally via an Android Debug Bridge command.

      For more information on how this takes place on WSO2 EMM, see Configuring the WSO2 EMM service application

  4. Enable the system service invocations through the WSO2  EMM Agent application

    1. Navigate to the Constants.java class, which is in the org.wso2.emm.agent.utils package and configure the SYSTEM_APP_ENABLED field as follows:

       public static final boolean SYSTEM_APP_ENABLED = true;
    2. Rebuild the EMM agent application.

Operations supported via the system service application

The following operations are supported via the system service application:

  • No labels
Unknown macro: {next_previous_links2}