Creating Encrypted File System (EFS) using Encrypt Manager

EMDK For Android 6.3

Overview

This guide will walk you through creating an EMDK For Android application that will use some new Mx features introduced in EMDK for Android API to perform device configurations. Mx represents a suite of Enterprise Features on top of standard, commercially available Android Open Source Project. This tutorial will focus on creating Encrypted File System (EFS) for storing application data on the internal/external storage using Encrypt Manager feature of Mx. Encrypted File System (EFS) enables files to be transparently encrypted to protect confidential data from attackers with physical access to the device. On the other hand Encrypt Manager enables you, as a developer to set encryption policies on device through MX XML.

So now we will create a tutorial to install a new Encryption Key and use this key while creating Encrypted File System (EFS) on the external storage of your Symbol device using Mx Encrypt Manager feature through Profile Wizard.

Prerequisites

  • Make sure you have an external SD Card in the device if you are using external storage option for creating EFS.

Creating The Project

Note: 1. Provide "EncryptManagerTutorial" as the project name for this tutorial.

  1. This feature requires Symbol device with Android KitKat 4.4.

Start by creating a new Android Studio project.

Adding The Encrypt Manager Profile Feature

  1. Click here to see how to add a specific feature to the Profile Manager.

  2. Provide "EncryptProfile" as the Profile Name for this tutorial.

    Note: You can provide any Profile Name but make sure to access it with the similar name in the Android code.

  3. Now, you can see all these MX features on the left hand side of the Profile Editor window. Select the "Encrypt Manager" feature from the list and click "Right Arrow".

    img

  4. Provide some name in the "Name" field (Ex. MyEncryptManager). The "Name" field is used to identify each feature, which is required when editing features programmatically. You can also keep the "Name" field empty.

    So as discussed, we will create an Encrypted File System (EFS) that uses a newly installed Encryption Key. Click Install Key drop-down under Install Key section and select option "Install Key". Provide Install Key Name (Ex. SampleKey). When installing a key, the value is optional. A provided key value should be a HEX string with a length of 64 bytes. If a value is not provided, a random key will be generated for a given key name. Let's keep the "Install Key Value" field empty for this tutorial.

    img

  5. Now, select "Create EFS" drop-down and select field "Create EFS" and you would see something like this:

    img

  6. Provide "EFS Name" (Ex. SampleEFS). Provide "EFS encryption Key Name" with the same name we are using to install (Ex. Sample Key). Select the "EFS Location" to "SD Card" Storage as we would be creating EFS on the external SD Card. Provide the "Mount Path for EFS" where EFS should be mounted (Ex. "/external"). This path belongs to external SD Card storage in this tutorial since we selected the "EFS Location" as "SDCard". Provide size of the EFS in MB (Ex. 5MB).

    Note: EFS size must be at least 1MB and cannot exceed 4096MB.

    The Profile Wizard for Encrypt Manager should now look like:

    img

  7. Click Apply to apply the settings we provided

    img

  8. Click Finish and your Encrypt profile for creating an Encrypted File System (EFS) on the SD Card (External Storage) of Symbol device would be created.

    img

  9. Click "Close".

    Note:
    Now the "EMDKConfig.xml" is created under "\assets" folder. This file will contain a definition of all of your profiles that you create.

  10. You can inspect the EMDKConfig.xml to see it is reflecting the changes made to the parameters via EMDK Profile Manager GUI earlier. However, it is advised that this file not be manually updated and only be controlled via the Profile Manager.

    img

Enabling Android Permissions

  1. Modify the Application's Manifest.xml to use the EMDK library and to set permission for the EMDK.

    img

    You must first enable permissions for 'com.symbol.emdk.permission.EMDK':

    
    <uses-permission android:name="com.symbol.emdk.permission.EMDK"/> 
    

    Then you must enable the library:

    
    <uses-library android:name="com.symbol.emdk"/>
    

    When done, your manifest.xml should look like:

    img

Adding Some Code

  1. Now we will start to add some code.

    First you must add references to the libraries:

    
    import com.symbol.emdk.*;  
    import com.symbol.emdk.EMDKManager.EMDKListener;  
    import android.widget.Toast;    
    

    Then you must extend the activity to implement EMDKListener.

    
    public class MainActivity extends Activity implements EMDKManager.EMDKListener {  
    
    
    .. .. .. .. .. .. ...  
    
    @Override  
    public void onClosed() {  
           // TODO Auto-generated method stub  
    }  
    
    @Override  
    public void onOpened(EMDKManager emdkManager) {  
           // TODO Auto-generated method stub  
    }  
    
    }

    We will now create some global variables to hold the profile name as well as instance objects of EMDKManager and ProfileManager with a status variable while applying the profile. Some of the variables are used to hold the name, type and description in case of any errors. These variables would be used throughout the code.

    Note: Verify the Profile name in the code with the one created in the Profile Manager. They both should be identical.

    
    // Assign the profile name used in EMDKConfig.xml
    private String profileName = "EncryptProfile";
    
    // Declare a variable to store ProfileManager object
    private ProfileManager profileManager = null;
    
    // Declare a variable to store EMDKManager object
    private EMDKManager emdkManager = null;
    
    // Contains the parm-error name (sub-feature that has error)
    private String errorName = "";
    
    // Contains the characteristic-error type (Root feature that has error)
    private String errorType = "";
    
    // contains the error description for parm or characteristic error.
    private String errorDescription = "";
    
    // contains status of the profile operation
    private String status = "";
    

    In the onCreate method, we call getEMDKManager so that the EMDK can be initialized and checked to see if it is ready.

    
    //The EMDKManager object will be created and returned in the callback.  
    EMDKResults results = EMDKManager.getEMDKManager(getApplicationContext(), this);  
    
    //Check the return status of getEMDKManager  
    if (results.statusCode == EMDKResults.STATUS_CODE.SUCCESS) {
    
    
    // EMDKManager object creation success
    
    } else {
    // EMDKManager object creation failed
    
    }

    So far your code should look like:

    img

    img

  2. Now we need to use the onOpened method to get a reference to the EMDKManager. The EMDKListener interface will trigger this event when the EMDK is ready to be used. The EMDKListener interface must be implemented in order to get a reference to the EMDKManager APIs. This event will pass the EMDKManager instance and we assign it to the global variable emdkManager that we created in the previous steps. We then use that instance object to get an instance of ProfileManager and assign it to the global variable profileManager. This is how we will interface with the APIs in the rest of the code:

    Note: Rename the argument of onOpened method from arg0 to emdkManager if required.

    
    // This callback will be issued when the EMDK is ready to use.
    this.emdkManager = emdkManager;
    
    // Get the ProfileManager object to process the profiles
    profileManager = (ProfileManager) emdkManager
            .getInstance(EMDKManager.FEATURE_TYPE.PROFILE);         
    

    Now that we have a reference to ProfleManager, we use it to install and activate the profile we built earlier using the processProfile method. We could have also performed this action at a different time, say when someone pressed a button, but we chose to do it as soon as the EMDK was ready:

    
    if (profileManager != null) {
        String[] modifyData = new String[1];
    
    
    // Call processPrfoile with profile name and SET flag to create the profile. The modifyData can be null.
    EMDKResults results = profileManager.processProfile(profileName,
            ProfileManager.PROFILE_FLAG.SET, modifyData);
    
    if (results.statusCode == EMDKResults.STATUS_CODE.CHECK_XML) {
    
    
    } else {
      // Show dialog of Failure
        AlertDialog.Builder builder = new AlertDialog.Builder(this);
        builder.setTitle("Failure");
        builder.setMessage("Failed to apply profile...")
                .setPositiveButton("OK",
                        new DialogInterface.OnClickListener() {
                            public void onClick                                                 (DialogInterface dialog,
                                    int id) {
    
                            }
                        });
        AlertDialog alert = builder.create();
        alert.show();
    }
    
    }

    This processProfile method returns the result of applying a particular profile that we set using EMDK Profile Wizard in EMDKResults reference. If the profile is successfully processed, it retuns the status as CHECK_XML and then we go on and parse the response to get further details whether the profile was applied successfully or not. Otherwise we display a Failure message in a dialog.

    Note: 1. There is a difference between processing a profile successfully and applying a profile successfully.

    Note: 2. If the status is other than CHECK_XML, we are simply displaying a failure message. You can actually go ahead and check different types of status and display the appropriate message accordingly, which is not in the scope of this sample tutorial.

    In case of CHECK_XML status, We retrieve XML response string from the result using getStatusString method.

    
    // Get XML response as a String
    String statusXMLResponse = results.getStatusString();
    

    Further, we would parse this XML response string using XML Pull Parser in order to get the status and error parameters if any. XML Pull Parser is an interface that defines parsing functionality provided in XMLPULL V1 API (visit this website to learn more about API and its implementations). In the parsing we would be looking for specific status tags (Error Name, Error Type and Error Description) in case of any errors and if found, we would get those values in the respective global variables that we have declared in previous step.

    
    try {
        // Create instance of XML Pull Parser to parse the response
        XmlPullParser parser = Xml.newPullParser();
        // Provide the string response to the String Reader that reads
        // for the parser
        parser.setInput(new StringReader(statusXMLResponse));
        // Call method to parse the response
        parseXML(parser);
        } catch (XmlPullParserException e) {
            e.printStackTrace();
        }
    

    Note: Here we have called the method parseXML to parse XML response string. We will declare the method in the next step.

    Once the response is parsed, we would display the result of applying this profile in a dialog by calling displayResults method, which we would declare in coming steps.

    
    // Method call to display results in a dialog
    displayResults();
    

    Your complete onOpened method should now look like:

    img

    img

  3. You will see few errors as we have not declared the respective methods to parse the response and display result. Lets do it one by one. In this step, we will create a method parseXML that uses XML Pull Parser to parse the XML string response and set the status and error parameters if any.

    In the reponse, we are supposed to capture name and desc for parm-error tag, type and desc for characteristic-error tag in case of any errors.

    
    // Method to parse the XML response using XML Pull Parser
    public void parseXML(XmlPullParser myParser) {
    int event;
    try {
        event = myParser.getEventType();
        while (event != XmlPullParser.END_DOCUMENT) {
            String name = myParser.getName();
            switch (event) {
            case XmlPullParser.START_TAG:
                // Get Status, error name and description in case of
                // parm-error
                if (name.equals("parm-error")) {
                    status = "Failure";
                    errorName = myParser.getAttributeValue(null, "name");
                    errorDescription = myParser.getAttributeValue(null,
                            "desc");
    
    
                // Get Status, error type and description in case of
                // parm-error
            } else if (name.equals("characteristic-error")) {
                status = "Failure";
                errorType = myParser.getAttributeValue(null, "type");
                errorDescription = myParser.getAttributeValue(null,
                        "desc");
            }
            break;
        case XmlPullParser.END_TAG:
    
            break;
        }
        event = myParser.next();
    
      }
    } catch (Exception e) {
    e.printStackTrace();
    }
    
    }

    Your complete parseXML method should now look like:

    img img

  4. You will still see one error as we need to declare displayResults method to display the result of profile operation in a dialog. Before displaying the results, we should form the content of the result to be shown first, specifically in case of errors. This could be done by creating buildFailureMessage method.

    In this method, the error message in case of error is formed using following way:

    • Name and description of error if the response contains parm-error.
    • Type and description of error if the response contains characteristic-error.
    • Name, type and description of error if the response contains both parm-error and characteristic-error.

    The buildFailureMessage method would have following code to match the above mentioned criteria.

    
    // Method to build failure message that contains name, type and
    // description of respective error (parm, characteristic or both)
    public String buildFailureMessage() {
      String failureMessage = "";
      if (!TextUtils.isEmpty(errorName) && !TextUtils.isEmpty(errorType))
         failureMessage = errorName + " :" + "\n" + errorType + " :" + "\n"
                + errorDescription;
      else if (!TextUtils.isEmpty(errorName))
         failureMessage = errorName + " :" + "\n" + errorDescription;
      else
         failureMessage = errorType + " :" + "\n" + errorDescription;
      return failureMessage;
    
    }
    

    buildFailureMessage method should look like:

    img

  5. In this step, we will add displayResults method to display the result of profile operation in a dialog. The dialog would display status as Success or Failure with corresponding message based on the response of profile operation.

    
    // Method to display results (Status, Error Name, Error Type, Error
    // Description) in a
    // dialog
    public void displayResults() {
      // Alert Dialog to display the status of the Profile creation
      // operation of MX features
      AlertDialog.Builder alertDialogBuilder = new AlertDialog.Builder(
            MainActivity.this);
    
      if (TextUtils.isEmpty(errorDescription)) {
        alertDialogBuilder.setTitle("Success");
        alertDialogBuilder.setMessage("Profile Successfully Applied...");
      } else {
        // set title
        alertDialogBuilder.setTitle(status);
        // call buildFailureMessage() method to set failure message in
        // dialog
        alertDialogBuilder.setMessage(buildFailureMessage());
      }
    
      alertDialogBuilder.setCancelable(false).setPositiveButton("OK",
            new DialogInterface.OnClickListener() {
                public void onClick(DialogInterface dialog, int id) {
                }
            });
      // create alert dialog
      AlertDialog alertDialog = alertDialogBuilder.create();
    
      // show it
      alertDialog.show();
    
    }  
    

    The method displayResults should look like:

    img

    You can see that all the errors are gone.

  6. Now let's override the "onDestroy" method so we can release the EMDKManager resources:

    
    @Override  
    protected void onDestroy() {  
        // TODO Auto-generated method stub  
        super.onDestroy();  
        //Clean up the objects created by EMDK manager  
        emdkManager.release();  
    } 
    

    Your onDestroy method should now look like this:

    img

That's it!!! We are done with all the coding and configuration part that will let us create an encrypted file system (EFS) of 5MB with an encryption key on the SD Card (External Storage) of Symbol device using Encrypt Manager feature of Mx. Now let's run the application.

Running the Application

  1. Connect the device (having the latest EMDK runtime) to USB port.

    Note:
    Make sure the device is in USB debug.

  2. Run the application.

    img

    Note: The process of creating the EFS takes time. Access to the EFS will be denied during the creation process.

    You can see an Alert Dialog with a success message.

    Note: In case of any errors, you will see a Failure status with respective error message in that dialog.

  3. We will now check in the SD Card (External Storage) of the device whether it has created the "SampleEFS" or not.

    So go to File Browser -> EFS Path. In our tutorial, EFS path is "/external". You will see a directory called "efsstorage".

    img

  4. Open this directory and you would see the Encrypted File System of size 5MB that we created (SampleEFS) through Profile Wizard.

    img

    This is how you can create Encrypted File System (EFS) along with the installation of Encryption Key on the internal/external SD Card storage using Encrypt Manager feature on Symbol devices through Profile Wizard.

Important Programming Tips

  1. It is required to do the following changes in the application's AndroidManifest.xml:

    Note:

    • Include the permission for EMDK:
    
    <uses-permission android:name="com.symbol.emdk.permission.EMDK"/>
    

    Note:

    • Use the EMDK library:
    
    <uses-library android:name="com.symbol.emdk"/>
    
  2. Installing the EMDK for Android application without deploying the EMDK runtime on the Symbol device will fail because of missing shared library on the device.

  3. Use the DataWedge v1.7.12 or higher version to test the ProfileManager.processProfile() for DataWedge profiles.

What's Next

Now that you have learned how to create Encrypted File System (EFS) on the internal/external storage of SD Card using Encrypt Manager on your Symbol devices through applications, let us try to understand and implement some of the other new Mx features introduced in EMDK for Android V 3.1. So in the next tutorial, we will concentrate on the "Threat Manager" feature of Mx and try to explore this feature by creating a tutorial.