MDM Kit Development
Introduction
MDM Kit provides capabilities for MDM applications, including enterprise device management and event listening, application management, feature restriction management, security management, device settings, device control, device information acquisition, hardware peripheral management, system management, and network management. For details about the APIs, see API Reference.
A device administrator application is an application with the EnterpriseAdminExtensionAbility.
How to Develop
To develop a device administrator application, perform the following steps:
-
Create an EnterpriseAdminExtensionAbility instance.
-
Declare the permissions required.
-
Develop and debug MDM functionalities.
Creating an EnterpriseAdminExtensionAbility Instance
For details, see EnterpriseAdminExtensionAbility Development.
Declaring Required Permissions
Before declaring the required permissions, ensure that the basic principles for using permissions are met. Then, declare the permissions required by the application under requestPermissions in the module.json5 file of the module of the project. Example:
"requestPermissions": [
// ···
{
"name": "ohos.permission.ENTERPRISE_MANAGE_RESTRICTIONS"
},
// ···
],
NOTE
The required permissions vary with the API to call. For details, see Enterprise Device Management and other related APIs.
Developing MDM Functionalities
-
Import modules. MDM Kit provides a wide variety of APIs for application management, communication management, security management, feature restriction management, system management, device settings and query, device control, and more. Import related modules based on service requirements. In this example, adminManager and restrictions are imported.
import { adminManager, restrictions } from '@kit.MDMKit'; -
Call APIs to implement related functionalities. For example, disable Wi-Fi for devices.
import { adminManager, restrictions } from '@kit.MDMKit'; // ... import { Want } from '@kit.AbilityKit'; // ... private wantTemp: Want = { bundleName: 'com.example.mdmsample', abilityName: 'EnterpriseAdminAbility', }; // ... try { restrictions.setDisallowedPolicy(this.wantTemp, 'wifi', isDisallow); console.info(isDisallow ? 'disable wifi success.' : 'enable wifi success.'); // ... } catch (err) { console.error('setDisallowedPolicy fail.'); // ... }
Debugging
The MDM APIs can be called only after the EnterpriseAdminExtensionAbility is enabled. During the debugging process, you can use the following hdc commands to enable and disable an EnterpriseAdminExtensionAbility:
# Enable a super administrator application.
hdc shell edm enable-admin -n Bundle_name -a EnterpriseAdminExtensionAbility_class_name
# Enable a BYOD device administrator application.
hdc shell edm enable-admin -n Bundle_name -a EnterpriseAdminExtensionAbility_class_name -t byod
# Starting from API version 23, this command can enable an application as a regular device administrator application. This command applies to PCs/2-in-1 devices, and an error message will be displayed if it is used on other device types.
hdc shell edm enable-admin -n Bundle_name -a EnterpriseAdminExtensionAbility_class_name -t da
# Disable an EnterpriseAdminExtensionAbility.
hdc shell edm disable-admin -n Bundle_name
NOTE
Only one super device administrator application can be enabled on a device.
BYOD, or Bring Your Own Device, allows enterprise employees to use their own mobile devices, such as laptops, tablets, and smartphones, on premises to obtain internal information and operate authorized enterprise applications.