To display only the features present on a particular device, select one or more filters from the SmartDocs bar below.
Input fields accept ENGLISH ONLY.
Queries from MX are not supported on Zebra devices running Android 11 or later. See alternative method.
StageNow - 5.14
The "SmartDocs" bar can customize this page to show only the features present on a particular Zebra device.
OSX, MX and Android version information for a device can be found in the Android Settings panel or by querying the device through ADB, EMDK or the MX CSP. More info.
The Access Manager (AccessMgr) enables an administrator to configure a device to control which user or "installable" application(s) can be used on the device and what actions the application(s) can perform.
A key feature of AccessMgr is the ability to enable and disable "whitelisting" (also referred to as "allowlisting"), a process that allows only those applications explicitly specified in a list to run. Whitelisting is disabled by default and imposes no restrictions. When whitelisting is turned on, various restrictions can be applied using AccessMgr. Applications NOT included in the "whitelist" are prevented from running. AccessMgr allows whitelisted applications to be installed, launched and maintained, and can control which applications are allowed to submit XML for all CSPs, including AccessMgr itself.
Whitelisting applies only to user applications; it has no effect on System applications, which come preinstalled on the device. To control aspects of System applications, see AppMgr. Whitelisting can be used to control whether a device user is allowed to install a user application, but cannot control whether an application can be installed programmatically by using AppMgr. Whitelisting also can be used to control whether a user application can be launched (by any means) once it is installed. AccessMgr also provides the option to control whether the device user can access a full or reduced version of the Android Settings panel.
Signature files can be used by Access Manager to provide added levels of application security, including control over approving apps to run and permission to add apps (or one or more of an app's functions) to a Function Group.
To understand how to get an app signature, please see the SigTools sample app.
Package names can vary from one Android version to another.
This is the On/Off switch for whitelisting, which restricts the apps that a device user can install and/or launch. Whitelisting is Off by default, imposing no restrictions. Whitelisting provides device security by preventing the installation and/or use of unauthorized apps, and by complicating the process of app deployment.
Access Manager controls access to apps; it does NOT install or uninstall apps. Activating whitelist restrictions after an app is installed or removing an app from an existing whitelist blocks access to that app, it does not uninstall it. Such apps remain on the device and become accessible if whitelisting restrictions are removed.
Parm Name: OperationMode
Option | Name | Description | Note | Status | Requires |
---|---|---|---|---|---|
0 | Do not change | This value (or the absence of this parm from the XML) causes no change; any prior settings are retained. |
MX: 9.2+ |
||
1 | Single User without Whitelist | Turns off whitelisting and all associated functionality. |
OSX: 1.0+ MX: 4.1+ |
||
2 | Single User with Whitelist | Turns on whitelisting and associated functionality. |
OSX: 1.0+ MX: 4.1+ |
Used to enter Package Names to add to the "whitelist" of apps allowed to execute.
Package names can vary from one Android version to another.
Parm value input rules:
com.mycompany.mypackage
,com.mycompany2.mypackage2
" Shown if: The Operation Mode is "Single User With Whitelist" AND Add Packages is "Add Specified Package(s)"
Parm Name: AddPackageNames
Requires:
- OSX: 1.0+
- MX: 4.1+
Used to enter Package Names to be deleted from the "whitelist," effectively preventing the app from executing.
Parm value input rules:
com.mycompany.mypackage
,com.mycompany2.mypackage2
" Shown if: The Operation Mode is "Single User With Whitelist" AND Delete Packages is "Delete specified Packages(s)"
Parm Name: DeletePackageNames
Requires:
- OSX: 1.0+
- MX: 4.1+
Used to select whether to add Packages to the "whitelist" and allow them to execute and submit XML for processing by the MX infrastructure.
Shown if: The Operation Mode is "Single User With Whitelist"
Parm Name: AddPackagesActionAllowXML
Option | Name | Description | Note | Status | Requires |
---|---|---|---|---|---|
0 | Add NO Packages | This value (or the absence of this parm from the XML) causes no change; any previously selected setting is retained. |
OSX: 4.1+ MX: 4.2+ |
||
1 | Add specified Package(s) | Adds the specified Package Names to the "whitelist," allowing those apps to submit XML. |
OSX: 4.1+ MX: 4.2+ |
Used to add Packages to the "whitelist," which prevents the app from submitting XML. To allow an app to submit XML, see the "Add Packages and Allow to Submit XML" parameter.
Note: It is important to understand that if an application uses the AccessMgr to turn on Whitelisting, the app itself becomes subject to Whitelisting. If the app does not add itself to the "white list," that application is prevented from running. Also, if such an app does not explicitly allow itself to submit XML, it is not able to alter that configuration once successfully applied.
Shown if: The Operation Mode is "Single User With Whitelist"
Parm Name: AddPackagesAction
Option | Name | Description | Note | Status | Requires |
---|---|---|---|---|---|
0 | Add No Packages | This value will not cause any Package Names to be added to the "whitelist." |
OSX: 1.0+ MX: 4.1+ |
||
1 | Add Specified Package(s) | This value will cause the specified Package Names to be added the "whitelist." |
OSX: 1.0+ MX: 4.1+ |
Controls features of the Android Settings panel that a device user is permitted to access. This parameter takes precedence over the "Quick Settings" parameter of UI Manager. If Reduced Settings Access is enabled, subsequent attempts enable Quick Settings results in failure.
NOTE: On devices running Android 11 (or later) with OSX 11.5.21 (or later), the Reduced Settings option also enables Accessibility features.
Use of this parameter is the Zebra-recommended method of limiting or preventing user access to the Android System Settings panel. Blocking access by any other means could lead to unwanted system access or behavior.
SDM660.130.13.26.27
(or later)QCT6490.130.13.26.26
(or later)QCT6375.130.13.28.24
(or later)QCT4490.130.13.22.16
(or later)Parm Name: SystemSettings
Option | Name | Description | Note | Status | Requires |
---|---|---|---|---|---|
0 | Do not change | This value (or the absence of this parm from the XML) causes no change; any prior settings are retained. |
MX: 11.3+ |
||
1 | Full | Allows full access to the Android Settings panel. |
OSX: 3.5+ MX: 4.1+ |
||
2 | Reduced Settings without Accessibility | Limits Settings panel access to Display, Volume and About features. See NOTE above. |
OSX: 3.5+ MX: 4.1+ |
||
3 | None | Prevents user access to the Android Settings panel. |
MX: 11.3+ |
||
4 | Reduced Settings with Accessibility | Limits Settings panel access to Display, Volume, About and Accessibility features. See NOTE above. |
OSX: 11.5.21+ MX: 11.7+ |
||
5 | Reduced Settings with Custom Options | Allows selection of a custom list of Android settings to be accessible by the device user. |
OSX: 13.x+ MX: 14.0+ Android API: 33+ |
Used to select whether to allow access to Accessibility settings, including those for vision and hearing enhancements, when device is in Reduced Settings mode.
Note: Selecting 'Do not change' in this and the Network parameter forces selection of the 'Reduced Settings without Accessibility' option in the Settings Panel Access parameter.
Parm Name: Accessibility
Option | Name | Description | Note | Status | Requires |
---|---|---|---|---|---|
0 | Do not change | This value (or the absence of this parm from the XML) causes no change to device settings; any previously selected setting is retained. See Note above. |
MX: 14.0+ |
||
1 | Show Accessibility Option | Allows the device user to see and configure Android Accessibility settings. |
MX: 14.0+ |
||
2 | Hide Accessibility Option | Prevents the device user from seeing and configuring Android Accessibility settings. |
MX: 14.0+ |
Used to select whether to allow access to Network settings, including those for Wi-Fi access, when device is in Reduced Settings mode.
Note: Selecting 'Do not change' in this and the Accessibility parameter forces selection of the 'Reduced Settings without Accessibility' option in the Settings Panel Access parameter.
Parm Name: Network
Option | Name | Description | Note | Status | Requires |
---|---|---|---|---|---|
0 | Do not change | This value (or the absence of this parm from the XML) causes no change to device settings; any previously selected setting is retained. See Note above. |
MX: 14.0+ |
||
1 | Show Network Settings | Allows the device user to view and potentially change network settings. |
MX: 14.0+ |
||
2 | Hide Network Settings | Prevents the device user from viewing and potentially changing network settings. |
MX: 14.0+ |
Controls whether Whitelisting verifies the signatures of apps, and if so, which app signatures are verified. Signature verification is turned off by default.
When Whitelisting is turned on but Signature verification is turned off, the determination of whether an application is on the "whitelist" is made solely by comparing the Android Package Name. This is insecure since it cannot prevent a potentially rogue application from setting it's Package Name to be one that is known to be on the "whitelist," and hence circumvent Whitelisting by impersonating a trusted application.
To increase security, Signature verification can be turned on. When Signature verification is turned on, the determination of whether an application is on the "whitelist" will be based on both its Package Name and its Signature. For that to work, the Signature must be provided for every application that is added to the "whitelist" so it can be compared against the actual Signature of that application.
Signature verification is more secure since only a specific "authentic" version, as identified by its Signature, of a given application, whose Package Name is on the "whitelist," will be allowed to be installed and launched. Turning on Signature verification also complicates the process of deploying applications since a unique Signature will need to be configured for each application as part of adding that application to the "whitelist."
Shown if: The Operation Mode is "Single User With Whitelist"
Parm Name: AppVerifySignMode
Option | Name | Description | Note | Status | Requires |
---|---|---|---|---|---|
0 | Do not change | This value (or the absence of this parm from the XML) causes no change; any previously selected setting is retained. |
OSX: 3.5+ MX: 4.3+ |
||
1 | Do not verify app signature | This value will cause Signature verification to be turned off, thus causing Package Names alone to be used in to determine if an application is on the "whitelist." |
OSX: 3.5+ MX: 4.3+ |
||
2 | Verify user app signature | This value will cause Signature verification to be turned on, thus causing Signature verification to be used in addition to Package Names to determine if a user, or "installable," application is on the "whitelist." |
OSX: 3.5+ MX: 4.3+ |
||
3 | Verify all apps signature | This value will cause Signature verification to be turned on, thus causing Signature verification to be used in addition to Package Names to determine if any application, "built-in" or "installable," is on the "whitelist." |
OSX: 3.5+ MX: 4.3+ |
Used to enter Signature file(s) to be added to the "whitelist" and allowed to run on the device. Learn how to get a signature file.
Parm value input rules:
Shown if: The Application verification signing mode is "Do not verify app signature" or "Verify user app signature" AND Add Packages is "Add Specified Package(s)"
Parm Name: AddPackageSign
Requires:
- OSX: 3.4+
- MX: 4.3+
Used to enter package signatures to be deleted.
Parm value input rules:
Shown if: Delete Packages is "Delete specified Signature(s)" AND the Application Verification Signing Mode is "Do not verify app signature," "Verify user app signature," or "Verify all apps signature"
Parm Name: DeletePackageSign
Requires:
- OSX: 3.4+
- MX: 4.3+
Used to delete Packages from the Whitelist.
Shown if: The Operation Mode is "Single User With Whitelist"
Parm Name: DeletePackagesAction
Option | Name | Description | Note | Status | Requires |
---|---|---|---|---|---|
0 | Delete NO Packages | This value (or the absence of this parm from the XML) causes no change to device settings; all packages remain on the device. |
OSX: 1.0+ MX: 4.1+ |
||
1 | Delete specified Packages(s) | Causes the selected Package Name(s) to be deleted from the "white list," blocking user or "installable" applications with those Package Names from being installed by the device user or launched. |
OSX: 1.0+ MX: 4.1+ |
||
2 | Delete ALL Packages | Causes all Package Names to be deleted from the "white list," blocking all user or "installable" applications from being installed by the device user or launched. |
OSX: 1.0+ MX: 4.1+ |
||
3 | Delete specified Signature(s) | When Signature verification is turned on, deletes one or more Signatures from the "white list," thus blocking user or "installable" applications with those Signatures from being installed by the device user or launched. |
OSX: 1.0+ MX: 4.1+ |
Used to control which "installable" (non-System) applications can call controllable services running on the device. This allows an administrator to manage access to the services present in a device and the ability of apps to bind to and leverage callable services. This can be used, for example, to prevent access to services relating to sensitive functionality, or to prevent use of such services when they are not explicitly required for a particular usage scenario or app.
Status: This feature also can be implemented using Delegation Scopes through StageNow and/or OEMConfig.
Parm Name: ServiceAccessAction
Used to enter the signature file on the device that contains the app certificate. Learn how to get a signature file.
Parm value input rules:
Shown if: The Service Access Action is "Allow Caller" or "Disallow Caller" or "Verify Caller"
Parm Name: CallerSignature
Requires:
- MX: 8.3+
Used to enter the name of the caller token to be verified.
Parm value input rules:
Shown if: The Service Access Action is "Verify Caller Token"
Parm Name: ServiceAccessToken
Requires:
- MX: 10.1+
Used to enter the service on which to perform a Service Access Action.
Parm value input rules:
com.mycompany.mypackage
,com.mycompany2.mypackage2
" Shown if: The Service Access Action is NOT "Do Nothing"
Parm Name: ServiceIdentifier
Requires:
- MX: 8.3+
Used to enter the application package name on which to perform a Service Access Action.
Package names can vary from one Android version to another.
Parm value input rules:
com.mycompany.mypackage
,com.mycompany2.mypackage2
" Shown if: The Service Access Action is "Allow Caller" or "Disallow Caller" or "Verify Caller"
Parm Name: CallerPackageName
Requires:
- MX: 8.3+
Used to enter Package Name(s) to add to the "whitelist," granting them the ability to submit XML. Entering an empty (length of zero) value (or the absence of this parm from the XML) adds no package names to the list.
Package names can vary from one Android version to another.
Parm value input rules:
com.mycompany.mypackage
,com.mycompany2.mypackage2
"Shown if: The Operation Mode is "Single User With Whitelist" AND Add Packages and Allow to Submit XML is "Allow specified application(s)"
Parm Name: AddPackageNamesAllowXML
Requires:
- OSX: 4.1+
- MX: 4.2+
Used to enter Signatures add to the "whitelist."
Parm value input rules:
com.mycompany.mypackage
,com.mycompany2.mypackage2
"Shown if: The Operation Mode is "Single User With Whitelist" AND Add Packages and Allow to Submit XML is "Allow specified application(s)" AND Application Verification Signing Mode is "Do not verify app signature," "Verify user app signature," or "Verify all apps signature"
Parm Name: AddPackageSignAllowXML
Requires:
- OSX: 3.4+
- MX: 4.3+
Select whether to allow the application to submit XML and thereby submit device configuration changes through the MX Management Framework.
NOTES:
- Can be used only when the Whitelist feature is enabled.
- Requires the EMDK for Android service package
com.symbol.emdkservice
on device.
Shown if: The Operation Mode is "Single User With Whitelist"
Parm Name: AllowSubmitXMLAction
Option | Name | Description | Note | Status | Requires |
---|---|---|---|---|---|
0 | Allow NO applications | This value (or the absence of this parm from the XML) causes no change; any previously selected setting is retained. |
OSX: 4.1+ MX: 4.2+ |
||
1 | Allow specified application(s) | This value will cause the applications identified by the specified list of Package Names to be allowed to submit XML. This value also allows a list of Package Names to be specified that will NOT be allowed to submit XML, thus providing an option to enter "these but not those." |
OSX: 4.1+ MX: 4.2+ |
||
2 | Allow ALL applications that are permitted to be executed | Causes all of the applications that are on the "whitelist" (i.e. that are allowed to be launched) to be allowed to submit XML. This value also allows a list of Package Names to be specified that will NOT be allowed to submit XML, thus providing an option to enter "all except these." |
OSX: 4.1+ MX: 4.2+ |
Used to enter Package Names to allow to submit XML. Entering an empty (length of zero) value (or the absence of this parm from the XML) prevents all package(s) from submitting XML.
Package names can vary from one Android version to another.
Parm value input rules:
com.mycompany.mypackage
,com.mycompany2.mypackage2
"Shown if: Allow the Application To Submit XML is "Allow specified application(s)"
Parm Name: AllowSubmitXMLPackageNames
Requires:
- OSX: 4.1+
- MX: 4.2+
Used to enter Package Name(s) of apps to prevent from submitting XML. Entering an empty (length of zero) value (or the absence of this parm from the XML) allows all packages to submit XML.
Parm value input rules:
com.mycompany.mypackage
,com.mycompany2.mypackage2
"Shown if: Allow the Application To Submit XML is "Allow specified application(s)" or "Allow ALL applications that are permitted to be executed"
Parm Name: DisallowSubmitXMLPackageNames
Requires:
- OSX: 4.1+
- MX: 4.2+
Controls whether to allow the Android system to automatically deny permissions previously granted by an admin or user for an app that has not been recently used.
Parm Name: AutomaticPermissionControl
Option | Name | Description | Note | Status | Requires |
---|---|---|---|---|---|
0 | Do not change | This value (or the absence of this parm from the XML) causes no change to device settings; any previously selected settings are retained. |
MX: 13.1+ Android API: 30+ |
||
1 | Turn On | Allows the Android system to automatically deny usage permissions to unused apps. |
MX: 13.1+ Android API: 30+ |
||
2 | Turn Off | Prevents the Android system from automatically denying usage permissions to unused apps. |
MX: 13.1+ Android API: 30+ |
Used to enter the package name of the app being acted upon by the selected Automatic Permission Control Action.
Parm value input rules:
Shown if: The Automatic Permission Control is "Turn On" OR "Turn Off"
Parm Name: AutoPermissionControlPackageName
Requires:
- MX: 13.1+
- Android API: 30+
Used to enter the signature file for the app being acted upon by the selected Automatic Permission Control Action. Learn how to get a signature file.
Parm value input rules:
Shown if: The Automatic Permission Control is "Turn On" OR "Turn Off"
Parm Name: AutoPermissionControlSignature
Requires:
- MX: 13.1+
- Android API: 30+
Used to control which CSPs on a device are "Protected" from access by apps, and which apps are approved to access Protected CSPs. This can be used, for example, to prevent access to CSPs that provide sensitive functionality, or to allow only certain apps to access such CSPs. By default, all CSPs are Unprotected and accessible by all apps.
NOTE: This parameter is part of a Function Group called CSP Access Management, which can be used to prevent sensitive functions from being accessed by unauthorized apps.
Parm Name: CspAccessAction
Option | Name | Description | Note | Status | Requires |
---|---|---|---|---|---|
0 | Do Nothing | This value (or the absence of this parm from the XML) causes no change; any prior settings are retained. |
MX: 9.2+ Android API: 26+ |
||
1 | Protect | Designates a CSP as inaccessible by all apps except those specifically Approved (see Option 4). |
MX: 9.2+ Android API: 26+ |
||
2 | Unprotect | Removes "Protected" designation from a CSP, making it available to all apps. |
MX: 9.2+ Android API: 26+ |
||
3 | VerifyProtected | Confirms that a CSP is designated as "Protected" and inaccessible to unapproved apps. |
MX: 9.2+ Android API: 26+ |
||
4 | ApproveApplication | Designates an app as "permitted to access" a Protected CSP. |
MX: 9.2+ Android API: 26+ |
||
5 | UnapproveApplication | Removes approval from an app previously "permitted to access" a Protected CSP. |
MX: 9.2+ Android API: 26+ |
||
6 | VerifyApproved | Confirms that an app is designated as "permitted to access" a Protected CSP. |
MX: 9.2+ Android API: 26+ |
Controls whether the application package calling the Protect Action is automatically approved to access the CSP on which the Protect Action is being applied.
Shown if: The CSP Access Action is "Protect"
Parm Name: CspAutoApprove
Option | Name | Description | Note | Status | Requires |
---|---|---|---|---|---|
0 | (unchecked) | Requires the app calling the Protect Action to be approved separately to access the specified CSP on the device. |
MX: 9.2+ Android API: 26+ |
||
1 | (checked) | Automatically approves the app calling the Protect Action to access the specified CSP on the device (default). |
MX: 9.2+ Android API: 26+ |
Controls whether the name and signature of the application package calling the Unprotect Action is automatically removed from the "approved" list of the CSP on which the Unprotect Action is being applied.
Shown if: The CSP Access Action is "Unprotect"
Parm Name: CspAutoUnapprove
Option | Name | Description | Note | Status | Requires |
---|---|---|---|---|---|
0 | (unchecked) | Requires the app calling the Unprotect Action to be manually removed from the "approved" list. |
MX: 9.2+ Android API: 26+ |
||
1 | (checked) | Automatically removes the app calling the Unprotect Action from the "approved" list (default). |
MX: 9.2+ Android API: 26+ |
Used to enter the CSP Name for the selected CSP Access Action.
Shown if: The CSP Access Action is NOT "Do Nothing"
Parm Name: CspName
Used to enter the custom CSP name for a CSP Access Action when the CSP name is not shown on the CSP Names list.
Parm value input rules:
Shown if: The CSP Access Action is NOT "Do Nothing"
Parm Name: CspNameCustom
Requires:
- MX: 9.2+
Used to enter the application package name on which to perform certain CSP Access Actions.
Package names can vary from one Android version to another.
Parm value input rules:
com.mycompany.mypackage
,com.mycompany2.mypackage2
" Shown if: The CSP Access Action is "Approve Application" or "Unapprove Application" or "Verify Approved"
Parm Name: AppPackageName
Requires:
- MX: 9.2+
Used to enter the signature file for app certification. Learn how to get a signature file.
Parm value input rules:
Shown if: The CSP Access Action is "Approve Application" or "Unapprove Application" or "Verify Approved"
Parm Name: AppSignature
Requires:
- MX: 9.2+
Used to select a Permission Action to perform on an app from the list of available permissions in the Permission Access Permission Name parameter. Once granted, permission is retained by the app unless explicitly revoked by a subsequent Permission Action, app is uninstalled by any means or an Enterprise Reset or Factory Reset is performed. If an app loses permission through uninstallation, permission can be re-granted only after the app is reinstalled. This feature requires MX 10.0.5.1 or later on the device. Which MX version is installed?
Note: This feature requires MX 10.0.5.1 or later on the device.
Parm Name: PermissionAccessAction
Option | Name | Description | Note | Status | Requires |
---|---|---|---|---|---|
0 | Do Nothing | This value (or the absence of this parm from the XML) causes no change; any prior settings are retained. |
MX: 10.0+ Android API: 26+ |
||
1 | Allow | Grants permission to an app. |
MX: 10.0+ Android API: 26+ |
||
2 | Deny | Denies permission to an app. |
MX: 10.0+ Android API: 26+ |
||
3 | Allow User to choose | Prompts device user to grant or deny permission to an app for access to a device resource (such as a camera or scanner). This is the Android-default setting. |
MX: 10.0+ Android API: 26+ |
||
4 | Verify | Verifies whether permission is granted to an app. |
MX: 10.0+ Android API: 26+ |
Used to enter the Package Name of an application on which to perform the selected Permission Access Action.
Parm value input rules:
Shown if: The Permission Access Action is NOT "Do Nothing"
Parm Name: PermissionAccessPackageName
Requires:
- MX: 10.0+
- Android API: 26+
Used to enter the signature file for the app being acted upon by the selected Permission Access Action.
Parm value input rules:
Shown if: The Permission Access Action is NOT "Do Nothing"
Parm Name: PermissionAccessSignature
Requires:
- MX: 10.0+
Used to select the subsystem on the device to which to apply the permission being assigned to an app by the Permission Access Action parameter.
Learn more about Android Permissions.
Note: Some options rely on Android 11 (or later). This parameter can be used to grant or deny permission to installed apps. On devices running Android 10+, also can "pre-grant" or "pre-deny" permission for apps yet to be installed.
Parm Name: PermissionAccessPermissionName
Option | Name | Description | Note | Status | Requires |
---|---|---|---|---|---|
1 | Access Notifications | Controls permission to access Notifications on the device. |
MX: 10.0+ Android API: 27+ |
||
2 | Package Usage Stats | Controls permission to access app usage statistics for the device. |
MX: 10.0+ Android API: 27+ |
||
3 | System Alert Window | Controls "overlay" permission, which allows one app to draw its window(s) over another. |
MX: 10.0+ Android API: 27+ |
||
4 | Get AppOps Stats | Controls permission to access app operations statistics, used to determine the resources being used by apps on the device. |
MX: 10.0+ Android API: 27+ |
||
5 | Battery Stats | Controls permission to access battery statistics for the device. |
MX: 10.0+ Android API: 27+ |
||
6 | Manage External Storage | Controls management of USB and/or SD card storage media attached to the device. |
MX: 10.4+ Android API: 30+ |
||
7 | Bind Notification Listener | Controls permission to access the Android service that receives system calls relating to notifications. |
MX: 11.5+ Android API: 30+ |
||
8 | Read Logs (specially trusted Zebra apps only) | Controls permission to access system logs on the device. Applies only to Zebra apps signed by the Zebra Privileged Key or Zebra Platform Key. |
MX: 11.9+ Android API: 30+ |
||
9 | All Dangerous Permissions | Controls access to Dangerous Permissions declared by an app in its manifest. Allows for pre-granting, pre-denying or deferral to the user (the default) such permissions, which are deemed by Google to "provide an app with access to private user data or control over the device that could negatively impact the user." Learn more at the link above. |
MX: 13.1+ Android API: 30+ |
Used to select an Action to perform on new or existing Function Groups. A Function Group is a set of functions that an administrator can designate as "sensitive" and worthy of protection from unauthorized use by apps. For example, a "Communications" Function Group might designate certain functions from CellularMgr, GprsMgr and Wi-Fi CSPs as sensitive and limit access to authorized apps only.
By default, all features are Unprotected and all apps are Authorized to access all functions. Once a Function Group is created and set as Protected, all apps are prevented from accessing functions within that group except apps specifically Approved for access.
Parm Name: GroupAccessAction
Option | Name | Description | Note | Status | Requires |
---|---|---|---|---|---|
0 | Do Nothing | This value (or the absence of this parm from the XML) causes no change; any prior settings are retained. |
MX: 10.0+ Android API: 26+ |
||
1 | Create | Creates a Custom Function Group. |
MX: 10.0+ Android API: 26+ |
||
2 | Delete | Deletes a Custom Function Group. |
MX: 10.0+ Android API: 26+ |
||
3 | Protect | Declares a Function Group as Protected. |
MX: 10.0+ Android API: 26+ |
||
4 | Unprotect | Declares a Function Group as Unprotected. |
MX: 10.0+ Android API: 26+ |
||
5 | VerifyProtected | Verifies whether a Function Group is Protected. |
MX: 10.0+ Android API: 26+ |
||
6 | ApproveApplication | Approves an application to use a Function Group. |
MX: 10.0+ Android API: 26+ |
||
7 | UnapproveApplication | Removes approval from an application for using a Function Group. |
MX: 10.0+ Android API: 26+ |
||
8 | VerifyApproved | Verifies that an application is Approved to use a Function Group. |
MX: 10.0+ Android API: 26+ |
Used to enter the Package Name of an application on which to perform the selected Group Access Action.
Parm value input rules:
Shown if: The Group Access Action is "ApproveApplication" or "UnapproveApplication" or "VerifyApproved"
Parm Name: GroupPackageName
Requires:
- MX: 10.0+
- Android API: 26+
Used to enter the signature of an application on which to perform the selected Group Access Action.
Parm value input rules:
Shown if: The Group Access Action is "ApproveApplication" or "UnapproveApplication" or "VerifyApproved"
Parm Name: GroupSignature
Requires:
- MX: 10.0+
- Android API: 26+
Used to enter the name of the Custom Function Group on which to perform the chosen Group Access Action.
Parm value input rules:
Shown if: The Group Select is "Custom" AND Group Access Action is NOT "Do Nothing" or "Create" or "Delete"
Parm Name: GroupSelectCustomName
Requires:
- MX: 10.0+
- Android API: 26+
Controls whether the application package calling a Protected Function Group is automatically unapproved to access the Function Group.
Shown if: The Group Access Action is "Unprotect"
Parm Name: GroupAutoUnapprove
Option | Name | Description | Note | Status | Requires |
---|---|---|---|---|---|
0 | (unchecked) | Requires the app calling the Protect Action to be approved separately to access the specified Function Group on the device. |
MX: 10.0+ Android API: 26+ |
||
1 | (checked) | Automatically unapproves an app for access to a Function Group. |
MX: 10.0+ Android API: 26+ |
Used to enter the Name of the Custom Function Group being defined.
Parm value input rules:
Shown if: The Group Access Action is "Create" or "Delete"
Parm Name: GroupCustomName
Requires:
- MX: 10.0+
- Android API: 26+
Used to enter the CSP names and (optionally) the CSP parameter(s) and parameter values to add to a Custom Function Group. Entering the CSP name alone adds all CSP functions to the Function Group.
Parm value input rules:
CSPname
, CSPname:parmName
, CSPname:CSPparm={parmValue}
Example:
BluetoothMgr
,UiMgr:NotificationPullDown
,SdCardMgr:SdCardUsage={0}
Shown if: The Group Access Action is "Create"
Parm Name: GroupCustomDetails
Requires:
- MX: 10.0+
- Android API: 26+
Controls whether the application package calling a Protected Function Group is automatically approved to access the group.
Shown if: The Group Access Action is "Protect"
Parm Name: GroupAutoApprove
Option | Name | Description | Note | Status | Requires |
---|---|---|---|---|---|
0 | (unchecked) | Requires the app calling a Protected Function Group to be approved separately to access the specified group on the device. |
MX: 10.0+ Android API: 26+ |
||
1 | (checked) | Automatically approves the app for calling a Protected Function Group. |
MX: 10.0+ Android API: 26+ |
<wap-provisioningdoc>
<characteristic version="4.3" type="AccessMgr">
<parm name="OperationMode" value="2" />
<parm name="SystemSettings" value="1" />
<parm name="DeletePackagesAction" value="0" />
<parm name="AddPackagesAction" value="1" />
<parm name="AddPackageNames" value="com.mypackage" />
</characteristic>
</wap-provisioningdoc>
<wap-provisioningdoc>
<characteristic version="4.3" type="AccessMgr">
<parm name="OperationMode" value="2" />
<parm name="SystemSettings" value="1" />
<parm name="DeletePackagesAction" value="0" />
<parm name="AddPackagesAction" value="0" />
<parm name="AllowSubmitXMLAction" value="1" />
<parm name="AllowSubmitXMLPackageNames" value="com.mypackage" />
<parm name="DisallowSubmitXMLPackageNames" value="com.mypackage2" />
</characteristic>
</wap-provisioningdoc>
Queries are not supported on Zebra devices running Android 11 or later.
<wap-provisioningdoc>
<characteristic type="AccessMgr" >
<parm-query name="PackageNames"/>
<parm-query name="OperationMode"/>
<parm-query name="AppVerifySignMode"/>
</characteristic>
</wap-provisioningdoc>