Integrating the System Service Android Application

For more information on managing the system service Android application see the following subsections:

Securing Communication

When the system service app is installed on a device that is registered with WSO2 EMM, the EMM Android Agent communicates with it to trigger system level operations from the WSO2 EMM server. The communication between the system service application and the Android agent is secured by two layers of protection as shown below:

1. Via the signature - The system will grant permission only if the requesting application is signed with the same certificate as the application that is declared in the permission.

   For more information on securing the communication, see <permissions> on the Android Developer documents.

2. Check the package name of the intent who makes the call to verify that it’s a request from the EMM Anroid agent.

Integrating WSO2 EMM and the system service application

Follow the steps given below to integrate the system service Android application with WSO2 EMM:

1.  Build the system service application.
   1. Download the source code.
   2. The system service app can not be built via the usual android developer SDK, as it requires access to developer restricted APIs. Therefore, you need to replace the existing android.jar file that is under the <SDK_LOCATION>/platforms/android-<COMPILE_SDK_VERSION> directory with the explicitly built android.jar file that has access to the restricted APIs. Use the method given below:
      • Download the Android Open Source Project (AOSP) and build the source code to get the jar file for the required SDK level.
   3. Open the system service application source code via Android Studio and clean build it as a usual android application.

2. Sign the system service.
   Sign the application via the device firmware signing key. If you don’t have access to the firmware signing key, you have to get the system application signed via your device vendor. 

   For more information of singing the system service, see Signing Your Applications.

3. Install the system service application by following any of the methods given below:

   •  The system service application will be available out of the box with your firmware distribution, if you have your own firmware.

     1. Copy the signed system service APK file to the /system/priv-apps directory of the device. 

     2. When the device boots or restarts for the first time, it will automatically install the application as a system application.

   • Install the system service application externally via an Android Debug Bridge command.

     For more information on how this takes place on WSO2 EMM, see Configuring the WSO2 EMM service application

4. Enable the system service invocations through the WSO2  EMM Agent application

1. Navigate to the Constants.java class, which is in the org.wso2.emm.agent.utils package and configure the SYSTEM_APP_ENABLED field as follows:

    public static final boolean SYSTEM_APP_ENABLED = true;

2. Rebuild the EMM agent application.

Operations supported via the system service application

The following operations are supported via the system service application:

• Device Reboot

  For more information on the device reboot REST API command, see Rebooting Android Devices.

• Firmware upgrade

  For more information on the firmware upgrade REST API command, see Upgrading Firmware of Android Devices via the REST API.

• Enforcing user restrictions

  For more information on the enforcing user restriction via the REST API, see Adding a User Restriction Policy on Android Devices.

• Silent app installation, removal and update
  
  Application installation, removal and update will be performed without user confirmation when system service is present on an Android device.  

  For more information on silent app installation/removal via the REST API, see Silent install/removal of Applications on Android devices.