Since: API level 11
public class

BasePasswordPolicy

extends Object
java.lang.Object
   ↳ com.samsung.android.knox.container.BasePasswordPolicy

Class Overview

This class provides wrapper APIs for DevicePolicyManager APIs, recommended to use only for container password policies.

Since
API level 11
MDM 5.0

Summary

Public Constructors
BasePasswordPolicy()
Public Methods
boolean clearResetPasswordToken(ComponentName admin)
API to revoke the current password reset token
int getCurrentFailedPasswordAttempts()
API to get the current failed password attempts of the container
int getKeyguardDisabledFeatures(ComponentName admin)
API to get the features that has been disabled for keyguard.
int getMaximumFailedPasswordsForWipe(ComponentName admin)
API to get the maximum failed passwords for wipe.
long getMaximumTimeToLock(ComponentName admin)
API to get the maximum time to lock
long getPasswordExpiration(ComponentName admin)
API to get the password expiration time of the container
long getPasswordExpirationTimeout(ComponentName admin)
API to get the password expiration timeout of the container
int getPasswordHistoryLength(ComponentName admin)
API to get the password history length of the container
long getPasswordMaximumLength(ComponentName admin)
API to get the password maximum length of the container
int getPasswordMinimumLength(ComponentName admin)
API to get the minimum password length of the container
int getPasswordMinimumLetters(ComponentName admin)
API to get the minimum password alphabetical characters of the container
int getPasswordMinimumLowerCase(ComponentName admin)
API to get the minimum password lower case alphabetical characters of the container
int getPasswordMinimumNonLetter(ComponentName admin)
API to get the minimum password non-alphabetical characters of the container
int getPasswordMinimumNumeric(ComponentName admin)
API to get the minimum password numeric digits of the container
int getPasswordMinimumSymbols(ComponentName admin)
API to get the minimum password symbols of the container
int getPasswordMinimumUpperCase(ComponentName admin)
API to get the minimum password upper case alphabetical characters of the container
int getPasswordQuality(ComponentName admin)
API to get the current password quality of the container
List<PersistableBundle> getTrustAgentConfiguration(ComponentName admin, ComponentName agent)
API to get trust agent configurations
boolean isActivePasswordSufficient()
API to check if active password is sufficient for the container
boolean isResetPasswordTokenActive(ComponentName admin)
API to check if the current password token is active.
boolean resetPassword(String password, int flags)
Deprecated Not supported since KNOX 3.0. Use resetContainerPassword(String, int) for CL/COM Knox containers.
boolean resetPasswordWithToken(ComponentName admin, String password, byte[] token, int flags)
API to reset password with token
void setKeyguardDisabledFeatures(ComponentName admin, int which)
API to set the features need to be disabled for container keyguard.
void setMaximumFailedPasswordsForWipe(ComponentName admin, int num)
API to set the maximum failed passwords for wipe
void setMaximumTimeToLock(ComponentName admin, long timeMs)
API to set the maximum time to lock
void setPasswordExpirationTimeout(ComponentName admin, long timeout)
API to set the password expiration timeout of the container
void setPasswordHistoryLength(ComponentName admin, int length)
API to set the password history length of the container
void setPasswordMinimumLength(ComponentName admin, int length)
API to set the minimum password length of the container
void setPasswordMinimumLetters(ComponentName admin, int length)
API to set the minimum password alphabetical characters of the container
void setPasswordMinimumLowerCase(ComponentName admin, int length)
API to set the minimum password lower case alphabetical characters of the container
void setPasswordMinimumNonLetter(ComponentName admin, int length)
API to set the minimum password non-letters of the container
void setPasswordMinimumNumeric(ComponentName admin, int length)
API to set the minimum password numeric of the container
void setPasswordMinimumSymbols(ComponentName admin, int length)
API to set the minimum password symbols of the container
void setPasswordMinimumUpperCase(ComponentName admin, int length)
API to set the minimum password upper case alphabetical characters of the container
void setPasswordQuality(ComponentName admin, int quality)
API to set the password quality of the container
boolean setResetPasswordToken(ComponentName admin, byte[] token)
API to set a token before reset password
void setTrustAgentConfiguration(ComponentName admin, ComponentName target, PersistableBundle configuration)
API to set a list of configuration features to enable for a trust agent component.
[Expand]
Inherited Methods
From class java.lang.Object

Public Constructors

public BasePasswordPolicy ()

Since: API level 11

Public Methods

public boolean clearResetPasswordToken (ComponentName admin)

Since: API level 27

API to revoke the current password reset token

Parameters
admin Which DeviceAdminReceiver this request is associated with.
Returns
  • true if the operation is successful, false otherwise.
Usage
Called by an application that is administering the user to revoke the current token which was set via #setResetPasswordToken(ComponentName, byte[], int).

The calling device administrator must have requested USES_POLICY_RESET_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 BasePasswordPolicy passwordPolicy = edm.getBasePasswordPolicy();
 try {
     ComponentName enterpriseDeviceAdmin = new ComponentName(context, EDMTestsAdmin.class);
     // clear reset password token
     passwordPolicy.clearResetPasswordToken(enterpriseDeviceAdmin);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 BasePasswordPolicy passwordPolicy = kcm.getBasePasswordPolicy();
 try {
     ComponentName enterpriseDeviceAdmin = new ComponentName(context, EDMTestsAdmin.class);
     // clear reset password token
     passwordPolicy.clearResetPasswordToken(enterpriseDeviceAdmin);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission with a protection level of signature.
Since
API level 27
KNOX 3.2.1
Multiuser Environment
User Scope

public int getCurrentFailedPasswordAttempts ()

Since: API level 11

API to get the current failed password attempts of the container

Usage
Retrieves the number of times the user has failed at entering a password for the container since that last successful password entry.

The calling device administrator must have requested USES_POLICY_WATCH_LOGIN to be able to call this method; if it has not, a security exception will be thrown.

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission with a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
User Scope

public int getKeyguardDisabledFeatures (ComponentName admin)

Since: API level 15

API to get the features that has been disabled for keyguard.
Determine whether or not features have been disabled in keyguard either by the current admin, if specified, or all admins.

Parameters
admin The name of the administrator component to check, or null to aggregate all administrators.
Returns
  • Returns the disabled features for keyguard.
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission with a protection level of signature.
Since
API level 15
MDM 5.4
Multiuser Environment
User Scope

public int getMaximumFailedPasswordsForWipe (ComponentName admin)

Since: API level 11

API to get the maximum failed passwords for wipe. Retrieves the current maximum number of login attempts that are allowed before the device wipes itself, for all administrators or for a particular one.

Parameters
admin The name of the administrator component to check, or null to aggregate all administrators.
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission with a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
User Scope

public long getMaximumTimeToLock (ComponentName admin)

Since: API level 11

API to get the maximum time to lock

Parameters
admin The name of the administrator component to check, or null to aggregate all administrators.
Usage
Retrieves the current maximum time to unlock for all administrators or a particular one.
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission with a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
User Scope

public long getPasswordExpiration (ComponentName admin)

Since: API level 11

API to get the password expiration time of the container

Parameters
admin The name of the administrator component to check, or null to aggregate all administrators.
Returns
  • The password expiration time, in ms.
Usage
Get the current password expiration time of the container for the given administrator or an aggregate of all administrators if administrator is null. If the password is expired, this will return the time since the password expired as a negative number. If administrator is null, then a composite of all expiration timeouts is returned - which will be the minimum of all timeouts.
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission with a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
User Scope

public long getPasswordExpirationTimeout (ComponentName admin)

Since: API level 11

API to get the password expiration timeout of the container

Parameters
admin The name of the administrator component to check, or null to aggregate all administrators.
Returns
  • The timeout for the given administrator or the minimum of all timeouts
Usage
Get the password expiration timeout of the container for the given administrator. The expiration timeout is the recurring expiration timeout provided in the call to setPasswordExpirationTimeout(ComponentName, long) for the given administrator or the aggregate of all policy administrators if administrator is null.
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission with a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
User Scope

public int getPasswordHistoryLength (ComponentName admin)

Since: API level 11

API to get the password history length of the container

Parameters
admin The name of the administrator component to check, or null to aggregate all administrators.
Returns
  • The length of the password history
Usage
Retrieves the current password history length of the container for all administrators or a particular one.
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission with a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
User Scope

public long getPasswordMaximumLength (ComponentName admin)

Since: API level 11

API to get the password maximum length of the container

Returns
  • Returns the maximum length that the user can enter.
Usage
Return the maximum password length that the container supports for a particular password quality.
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission with a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
User Scope

public int getPasswordMinimumLength (ComponentName admin)

Since: API level 11

API to get the minimum password length of the container

Parameters
admin The name of the administrator component to check, or null to aggregate all administrators.
Usage
Retrieves the current minimum password length of the container for all administrators or a particular one.
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission with a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
User Scope

public int getPasswordMinimumLetters (ComponentName admin)

Since: API level 11

API to get the minimum password alphabetical characters of the container

Parameters
admin The name of the administrator component to check, or null to aggregate all administrators.
Returns
  • The minimum number of letters required in the password.
Usage
Retrieves the current number of letters required in the password of the container for all administrators or a particular one. This is the same value as set by setPasswordMinimumLetters(ComponentName, int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX.
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission with a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
User Scope

public int getPasswordMinimumLowerCase (ComponentName admin)

Since: API level 11

API to get the minimum password lower case alphabetical characters of the container

Parameters
admin The name of the administrator component to check, or null to aggregate all administrators.
Returns
  • The minimum number of lower case alphabetical characters required in the password.
Usage
Retrieves the current number of lower case alphabetical characters required in the password of the container for all administrators or a particular one. This is the same value as set by setPasswordMinimumLowerCase(ComponentName, int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX.
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission with a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
User Scope

public int getPasswordMinimumNonLetter (ComponentName admin)

Since: API level 11

API to get the minimum password non-alphabetical characters of the container

Parameters
admin The name of the administrator component to check, or null to aggregate all administrators.
Returns
  • The minimum number of non-alphabetical characters required in the password.
Usage
Retrieves the current number of non-alphabetical characters required in the password of the container for all administrators or a particular one. This is the same value as set by setPasswordMinimumNonLetter(ComponentName, int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX.
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission with a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
User Scope

public int getPasswordMinimumNumeric (ComponentName admin)

Since: API level 11

API to get the minimum password numeric digits of the container

Parameters
admin The name of the administrator component to check, or null to aggregate all administrators.
Returns
  • The minimum number of numerical digits required in the password.
Usage
Retrieves the current number of numerical digits required in the password of the container for all administrators or a particular one. This is the same value as set by setPasswordMinimumNumeric(ComponentName, int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX.
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission with a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
User Scope

public int getPasswordMinimumSymbols (ComponentName admin)

Since: API level 11

API to get the minimum password symbols of the container

Parameters
admin The name of the administrator component to check, or null to aggregate all administrators.
Returns
  • The minimum number of symbols required in the password.
Usage
Retrieves the current number of symbols required in the password of the container for all administrators or a particular one. This is the same value as set by setPasswordMinimumSymbols(ComponentName, int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX.
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission with a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
User Scope

public int getPasswordMinimumUpperCase (ComponentName admin)

Since: API level 11

API to get the minimum password upper case alphabetical characters of the container

Parameters
admin The name of the administrator component to check, or null to aggregate all administrators.
Returns
  • The minimum number of upper case alphabetical characters required in the password.
Usage
Retrieves the current number of upper case alphabetical characters of the container required in the password for all administrators or a particular one. This is the same value as set by setPasswordMinimumUpperCase(ComponentName, int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX.
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission with a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
User Scope

public int getPasswordQuality (ComponentName admin)

Since: API level 11

API to get the current password quality of the container

Parameters
admin The name of the administrator component to check, or null to aggregate all administrators.
Usage
Retrieves the current minimum password quality of the container for all administrators or a particular one.
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission with a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
User Scope

public List<PersistableBundle> getTrustAgentConfiguration (ComponentName admin, ComponentName agent)

Since: API level 27

API to get trust agent configurations

Parameters
admin Which DeviceAdminReceiver this request is associated with.
agent Which component to get enabled features for. This value must never be null.
Returns
  • List of PersistableBudle configured for the given trust agent. This value may be null.
Usage
Called by an application that is administering the user to get configuration for the given trust agent based on aggregating all calls to setTrustAgentConfiguration(ComponentName, ComponentName, PersistableBundle) for all device admins.
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission with a protection level of signature.
Since
API level 27
KNOX 3.2.1
Multiuser Environment
User Scope

public boolean isActivePasswordSufficient ()

Since: API level 11

API to check if active password is sufficient for the container

Returns
  • true if the password meets the current requirements, else false.
Usage
Determine whether the current password of the container, the user has set is sufficient to meet the policy requirements (quality, minimum length) that have been requested.

The calling device administrator must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission with a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
User Scope

public boolean isResetPasswordTokenActive (ComponentName admin)

Since: API level 27

API to check if the current password token is active.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
Returns
  • true if the token is active, false otherwise.
Usage
Called by an application that is administering the user to check if the current password token is active
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission with a protection level of signature.
Since
API level 27
KNOX 3.2.1
Multiuser Environment
User Scope

public boolean resetPassword (String password, int flags)

Since: API level 11

Deprecated Not supported since KNOX 3.0. Use resetContainerPassword(String, int) for CL/COM Knox containers.

API to reset password of the container

Parameters
password The new password for the user.
flags May be 0 or RESET_PASSWORD_REQUIRE_ENTRY.
Returns
  • true if the password was applied, or false if it is not acceptable for the current constraints.
Usage
Force a new container unlock password (the password needed to access the container, not for individual accounts) on the user. This takes effect immediately. The given password must be sufficient for the current password quality and length constraints as returned by getPasswordQuality(ComponentName) and getPasswordMinimumLength(ComponentName); if it does not meet these constraints, then it will be rejected and false returned. Note that the password may be a stronger quality (containing alphanumeric characters when the requested quality is only numeric), in which case the currently active quality will be increased to match.

The calling device administrator must have requested USES_POLICY_RESET_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

NOTE 1: From MDM 5.2, this API is not supported for MDFPP (Mobile Device Fundamentals Protection Profile) SDP and will return false.

NOTE 2: This API will clear the credential storage when it receives an empty password as parameter or when the credential storage is in locked state. In order to check the current credential storage state, please use API.

For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 BasePasswordPolicy passwordPolicy = kcm.getBasePasswordPolicy();
 try {
     String newPassword = "test123";
     // set new password
     passwordPolicy.resetPassword(newPassword, 0);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission which has a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
User Scope

public boolean resetPasswordWithToken (ComponentName admin, String password, byte[] token, int flags)

Since: API level 27

API to reset password with token

Parameters
admin Which DeviceAdminReceiver this request is associated with.
password The new password for the user. null or empty clears the password.
token the password reset token previously provisioned by setResetPasswordToken(ComponentName, byte[]).
flags May be 0 or combiation of RESET_PASSWORD_REQUIRE_ENTRY and RESET_PASSWORD_DO_NOT_ASK_CREDENTIALS_ON_BOOT.
Returns
  • true if the password was applied, or false if it is not acceptable for the current constraints.
Usage
Force a new unlock password on the user.
Unlike resetPassword(String, int), this API can change the password even before the user or decrypted. The supplied token must have been previously provisioned via setResetPasswordToken(ComponentName, byte[]), and in active state isResetPasswordTokenActive(ComponentName).
The given password must be sufficient for the current password quality and length constraints as returned by getPasswordQuality(ComponentName) and getPasswordMinimumLength(ComponentName); if it does not meet these constraints, then it will be rejected and false returned. Note that the password may be a stronger quality, for example, a password containing alphanumeric characters when the requested quality is only numeric.

The calling device administrator must have requested USES_POLICY_RESET_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 BasePasswordPolicy passwordPolicy = edm.getBasePasswordPolicy();
 try {
     ComponentName enterpriseDeviceAdmin = new ComponentName(context, EDMTestsAdmin.class);
     byte[] token = createToken();
     String newPassword = "test123";
     // set token before reset password
     passwordPolicy.setResetPasswordToken(enterpriseDeviceAdmin, token);
     // set new password
     passwordPolicy.resetPasswordWithToken(enterpriseDeviceAdmin, newPassword, token, 0);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 BasePasswordPolicy passwordPolicy = kcm.getBasePasswordPolicy();
 try {
     ComponentName enterpriseDeviceAdmin = new ComponentName(context, EDMTestsAdmin.class);
     byte[] token = createToken();
     String newPassword = "test123";
     // set token before reset password
     passwordPolicy.setResetPasswordToken(enterpriseDeviceAdmin, token);
     // set new password
     passwordPolicy.resetPasswordWithToken(enterpriseDeviceAdmin, newPassword, token, 0);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission with a protection level of signature.
Since
API level 27
KNOX 3.2.1
Multiuser Environment
User Scope

public void setKeyguardDisabledFeatures (ComponentName admin, int which)

Since: API level 15

API to set the features need to be disabled for container keyguard.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
which KEYGUARD_DISABLE_FEATURES_NONE (default), KEYGUARD_DISABLE_TRUST_AGENTS
Usage
Called by an application that is administering the device to disable keyguard customizations, such as trust agents. After setting this, keyguard features will be disabled according to the provided feature list. The calling device admin must have requested USES_POLICY_DISABLE_KEYGUARD_FEATURES to be able to call this method; if it has not, a security exception will be thrown.
For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API..
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 BasePasswordPolicy passwordPolicy = kcm.getBasePasswordPolicy();
 try {
     ComponentName enterpriseDeviceAdmin = new ComponentName(context, EDMTestsAdmin.class);
     int which = DevicePolicyManager.KEYGUARD_DISABLE_TRUST_AGENTS;
     passwordPolicy.setKeyguardDisabledFeatures(enterpriseDeviceAdmin, which);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission which has a protection level of signature.
Since
API level 15
MDM 5.4
Multiuser Environment
User Scope

public void setMaximumFailedPasswordsForWipe (ComponentName admin, int num)

Since: API level 11

API to set the maximum failed passwords for wipe

Parameters
admin Which DeviceAdminReceiver this request is associated with.
num The number of failed password attempts at which point the device will wipe its data.
Usage
Setting this to a value greater than zero enables a built-in policy that will perform a device wipe after too many incorrect device-unlock passwords have been entered. This built-in policy combines watching for failed passwords and wiping the device, and requires that you request both USES_POLICY_WATCH_LOGIN and USES_POLICY_WIPE_DATA.

To implement any other policy (e.g. wiping data for a particular application only, erasing or revoking credentials, or reporting the failure to a server), you should implement onPasswordFailed(Context, android.content.Intent) instead. Do not use this API, because if the maximum count is reached, the device will be wiped immediately, and your callback will not be invoked. Since Knox 2.7.1 the device will not be wiped if com.samsung.android.knox.restriction.RestrictionPolicy#allowFactoryReset(Boolean) is set to false.

For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 BasePasswordPolicy passwordPolicy = kcm.getBasePasswordPolicy();
 try {
     ComponentName enterpriseDeviceAdmin = new ComponentName(context, EDMTestsAdmin.class);
     int num = 5;
     // set failed password attempts before wipe
     passwordPolicy.setMaximumFailedPasswordsForWipe(enterpriseDeviceAdmin, num);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission which has a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
User Scope

public void setMaximumTimeToLock (ComponentName admin, long timeMs)

Since: API level 11

API to set the maximum time to lock

Parameters
admin Which DeviceAdminReceiver this request is associated with.
timeMs The new desired maximum time to lock in milliseconds. A value of 0 means there is no restriction.
Usage
Called by an application that is administering the container to set the maximum time for user activity until the device will lock. This limits the length that the user can set. It takes effect immediately.

The calling device administrator must have requested USES_POLICY_FORCE_LOCK to be able to call this method; if it has not, a security exception will be thrown.

For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API..
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 BasePasswordPolicy passwordPolicy = kcm.getBasePasswordPolicy();
 try {
     ComponentName enterpriseDeviceAdmin = new ComponentName(context, EDMTestsAdmin.class);
     int timeMs = 500;
     // set maximum time to lock
     passwordPolicy.setMaximumTimeToLock(enterpriseDeviceAdmin, timeMs);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission which has a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
User Scope

public void setPasswordExpirationTimeout (ComponentName admin, long timeout)

Since: API level 11

API to set the password expiration timeout of the container

Parameters
admin Which DeviceAdminReceiver this request is associated with.
timeout The limit (in ms) that a password can remain in effect. A value of 0 means there is no restriction (unlimited).
Usage
Called by a device administrator to set the password expiration timeout of the container. Calling this method will restart the countdown for password expiration for the given administrator, as will changing the container password (for all administrators).

The provided timeout is the time delta in ms and will be added to the current time. For example, to have the password expire 5 days from now, timeout would be 5 * 86400 * 1000 = 432000000 ms for timeout.

To disable password expiration, a value of 0 may be used for timeout.

The calling device administrator must have requested USES_POLICY_EXPIRE_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 BasePasswordPolicy passwordPolicy = kcm.getBasePasswordPolicy();
 try {
     ComponentName enterpriseDeviceAdmin = new ComponentName(context, EDMTestsAdmin.class);
     long timeout = 432000000;
     // set Password expiration timeout
     passwordPolicy.setPasswordExpirationTimeout(enterpriseDeviceAdmin, timeout);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission which has a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
User Scope

public void setPasswordHistoryLength (ComponentName admin, int length)

Since: API level 11

API to set the password history length of the container

Parameters
admin Which DeviceAdminReceiver this request is associated with.
length The new desired length of password history. A value of 0 means there is no restriction.
Usage
Called by an application that is administering the container to set the length of the password history. After setting this, the user will not be able to enter a new password that is the same as any password in the history. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD after setting this value. This constraint is only imposed if the administrator has also requested either PASSWORD_QUALITY_NUMERIC, PASSWORD_QUALITY_ALPHABETIC, or PASSWORD_QUALITY_ALPHANUMERIC with setPasswordQuality(ComponentName, int).

The calling device administrator must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 BasePasswordPolicy passwordPolicy = kcm.getBasePasswordPolicy();
 try {
     ComponentName enterpriseDeviceAdmin = new ComponentName(context, EDMTestsAdmin.class);
     int length = 5;
     // set Password history length
     passwordPolicy.setPasswordHistoryLength(enterpriseDeviceAdmin, length);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission which has a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
User Scope

public void setPasswordMinimumLength (ComponentName admin, int length)

Since: API level 11

API to set the minimum password length of the container

Parameters
admin Which DeviceAdminReceiver this request is associated with.
length The new desired minimum password length. A value of 0 means there is no restriction.
Usage
Called by an application that is administering the container to set the minimum allowed password length. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD after setting this value. This constraint is only imposed if the administrator has also requested either PASSWORD_QUALITY_NUMERIC, PASSWORD_QUALITY_ALPHABETIC PASSWORD_QUALITY_ALPHANUMERIC, or PASSWORD_QUALITY_COMPLEX with setPasswordQuality(ComponentName, int).

The calling device administrator must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 BasePasswordPolicy passwordPolicy = kcm.getBasePasswordPolicy();
 try {
     ComponentName enterpriseDeviceAdmin = new ComponentName(context, EDMTestsAdmin.class);
     int length = 5;
     // set Password minimum length
     passwordPolicy.setPasswordMinimumLength(enterpriseDeviceAdmin, length);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission which has a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
User Scope

public void setPasswordMinimumLetters (ComponentName admin, int length)

Since: API level 11

API to set the minimum password alphabetical characters of the container

Parameters
admin Which DeviceAdminReceiver this request is associated with.
length The new desired minimum number of alphabetical characters required in the password. A value of 0 means there is no restriction.
Usage
Called by an application that is administering the container to set the minimum number of alphabetical characters required in the password. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD after setting this value. This constraint is only imposed if the administrator has also requested PASSWORD_QUALITY_COMPLEX with setPasswordQuality(ComponentName, int). The default value is 1.

The calling device administrator must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 BasePasswordPolicy passwordPolicy = kcm.getBasePasswordPolicy();
 try {
     ComponentName enterpriseDeviceAdmin = new ComponentName(context, EDMTestsAdmin.class);
     int length = 5;
     // set Password minimum letters
     passwordPolicy.setPasswordMinimumLetters(enterpriseDeviceAdmin, length);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission which has a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
User Scope

public void setPasswordMinimumLowerCase (ComponentName admin, int length)

Since: API level 11

API to set the minimum password lower case alphabetical characters of the container

Parameters
admin Which DeviceAdminReceiver this request is associated with.
length The new desired minimum number of lower case alphabetical characters required in the password. A value of 0 means there is no restriction.
Usage
Called by an application that is administering the container to set the minimum number of lower case alphabetical characters required in the password. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD after setting this value. This constraint is only imposed if the administrator has also requested PASSWORD_QUALITY_COMPLEX with setPasswordQuality(ComponentName, int). The default value is 0.

The calling device administrator must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 BasePasswordPolicy passwordPolicy = kcm.getBasePasswordPolicy();
 try {
     ComponentName enterpriseDeviceAdmin = new ComponentName(context, EDMTestsAdmin.class);
     int length = 5;
     // set Password minimum lower case
     passwordPolicy.setPasswordMinimumLowerCase(enterpriseDeviceAdmin, length);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission which has a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
User Scope

public void setPasswordMinimumNonLetter (ComponentName admin, int length)

Since: API level 11

API to set the minimum password non-letters of the container

Parameters
admin Which DeviceAdminReceiver this request is associated with.
length The new desired minimum number of letters required in the password. A value of 0 means there is no restriction.
Usage
Called by an application that is administering the container to set the minimum number of non-letter characters (numerical digits or symbols) required in the password. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD after setting this value. This constraint is only imposed if the administrator has also requested PASSWORD_QUALITY_COMPLEX with setPasswordQuality(ComponentName, int). The default value is 0.

The calling device administrator must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 BasePasswordPolicy passwordPolicy = kcm.getBasePasswordPolicy();
 try {
     ComponentName enterpriseDeviceAdmin = new ComponentName(context, EDMTestsAdmin.class);
     int length = 5;
     // set Password minimum letter
     passwordPolicy.setPasswordMinimumNonLetter(enterpriseDeviceAdmin, length);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission which has a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
User Scope

public void setPasswordMinimumNumeric (ComponentName admin, int length)

Since: API level 11

API to set the minimum password numeric of the container

Parameters
admin Which DeviceAdminReceiver this request is associated with.
length The new desired minimum number of numerical digits required in the password. A value of 0 means there is no restriction.
Usage
Called by an application that is administering the container to set the minimum number of numerical digits required in the password. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD after setting this value. This constraint is only imposed if the administrator has also requested PASSWORD_QUALITY_COMPLEX with setPasswordQuality(ComponentName, int). The default value is 1.

The calling device administrator must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 BasePasswordPolicy passwordPolicy = kcm.getBasePasswordPolicy();
 try {
     ComponentName enterpriseDeviceAdmin = new ComponentName(context, EDMTestsAdmin.class);
     int length = 5;
     // set Password minimum numeric
     passwordPolicy.setPasswordMinimumNumeric(enterpriseDeviceAdmin, length);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission which has a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
User Scope

public void setPasswordMinimumSymbols (ComponentName admin, int length)

Since: API level 11

API to set the minimum password symbols of the container

Parameters
admin Which DeviceAdminReceiver this request is associated with.
length The new desired minimum number of symbols required in the password. A value of 0 means there is no restriction.
Usage
Called by an application that is administering the container to set the minimum number of symbols required in the password. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD after setting this value. This constraint is only imposed if the administrator has also requested PASSWORD_QUALITY_COMPLEX with setPasswordQuality(ComponentName, int). The default value is 1.

The calling device administrator must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 BasePasswordPolicy passwordPolicy = kcm.getBasePasswordPolicy();
 try {
     ComponentName enterpriseDeviceAdmin = new ComponentName(context, EDMTestsAdmin.class);
     int length = 5;
     // set Password minimum symbols
     passwordPolicy.setPasswordMinimumSymbols(enterpriseDeviceAdmin, length);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission which has a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
User Scope

public void setPasswordMinimumUpperCase (ComponentName admin, int length)

Since: API level 11

API to set the minimum password upper case alphabetical characters of the container

Parameters
admin Which DeviceAdminReceiver this request is associated with.
length The new desired minimum number of upper case alphabetical characters required in the password. A value of 0 means there is no restriction.
Usage
Called by an application that is administering the container to set the minimum number of upper case alphabetical characters required in the password. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD after setting this value. This constraint is only imposed if the administrator has also requested PASSWORD_QUALITY_COMPLEX with setPasswordQuality(ComponentName, int). The default value is 0.

The calling device administrator must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 BasePasswordPolicy passwordPolicy = kcm.getBasePasswordPolicy();
 try {
     ComponentName enterpriseDeviceAdmin = new ComponentName(context, EDMTestsAdmin.class);
     int length = 5;
     // set Password minimum upper case
     passwordPolicy.setPasswordMinimumUpperCase(enterpriseDeviceAdmin, length);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission which has a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
User Scope

public void setPasswordQuality (ComponentName admin, int quality)

Since: API level 11

API to set the password quality of the container

Usage
Called by an application that is administering the container to set the password restrictions it is imposing. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD after setting this value. Quality constants are ordered so that higher values are more restrictive; thus the highest requested quality constant (between the policy set here, the user's preference, and any other considerations) is the one that is in effect.

The calling device administrator must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 BasePasswordPolicy passwordPolicy = kcm.getBasePasswordPolicy();
 try {
     ComponentName enterpriseDeviceAdmin = new ComponentName(context, EDMTestsAdmin.class);
     int quality = 5;
     // set Password Quality
     passwordPolicy.setPasswordQuality(enterpriseDeviceAdmin, quality);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission with a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
User Scope

public boolean setResetPasswordToken (ComponentName admin, byte[] token)

Since: API level 27

API to set a token before reset password

Parameters
admin Which DeviceAdminReceiver this request is associated with.
token a secure token a least 32-byte long, which must be generated by a cryptographically strong random number generator.
Returns
  • true if the operation is successful, false otherwise.
Usage
Called by an application that is administering the user to provision a token which can later be used to reset the lockscreen password via resetPasswordWithToken(ComponentName, String, byte[], int).
If the user currently has a lockscreen password, the provisioned token will not be immediately usable; it only becomes active after the user performs a confirm credential operation, which can be triggered by KeyguardManager.createConfirmDeviceCredentialIntent(CharSequence, CharSequence). If the user has no lockscreen password, the token is activated immediately. In all cases, the active state of the current token can be checked by isResetPasswordTokenActive(ComponentName). For security reasons, un-activated tokens are only stored in memory and will be lost once the device reboots. In this case a new token needs to be provisioned again.
Once provisioned and activated, the token will remain effective even if the user changes or clears the lockscreen password.

The calling device administrator must have requested USES_POLICY_RESET_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

NOTE : This token is highly sensitive and should be treated at the same level as user credentials. In particular, NEVER store this token on device in plaintext. Do not store the plaintext token in device-encrypted storage if it will be needed to reset password on file-based encryption devices before user unlocks. Consider carefully how any password token will be stored on your server and who will need access to them. Tokens may be the subject of legal access requests.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 BasePasswordPolicy passwordPolicy = edm.getBasePasswordPolicy();
 try {
     ComponentName enterpriseDeviceAdmin = new ComponentName(context, EDMTestsAdmin.class);
     byte[] token = createToken();
     // set token before reset password
     passwordPolicy.setResetPasswordToken(enterpriseDeviceAdmin, token);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 BasePasswordPolicy passwordPolicy = kcm.getBasePasswordPolicy();
 try {
     ComponentName enterpriseDeviceAdmin = new ComponentName(context, EDMTestsAdmin.class);
     byte[] token = createToken();
     // set token before reset password
     passwordPolicy.setResetPasswordToken(enterpriseDeviceAdmin, token);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission with a protection level of signature.
Since
API level 27
KNOX 3.2.1
Multiuser Environment
User Scope

public void setTrustAgentConfiguration (ComponentName admin, ComponentName target, PersistableBundle configuration)

Since: API level 27

API to set a list of configuration features to enable for a trust agent component.

Parameters
admin Which DeviceAdminReceiver this request is associated with.
target Component name of the agent to be configured. This value must never be null.
configuration Trust-agent-specific feature configuration bundle. Please consult documentation of the specific trust agent to determine the interpretation of this bundle.
Usage
Called by an application that is administering the user to Set a list of configuration features to enable for a trust agent component. This is meant to be used in conjunction with KEYGUARD_DISABLE_TRUST_AGENTS, which disables all trust agents but those enabled by this function call. If flag KEYGUARD_DISABLE_TRUST_AGENTS is not set, then this call has no effect.
For any specific trust agent, whether it is disabled or not depends on the aggregated state of each admin's KEYGUARD_DISABLE_TRUST_AGENTS setting and its trust agent configuration as set by this function call. In particular: if any admin sets KEYGUARD_DISABLE_TRUST_AGENTS and does not additionally set any trust agent configuration, the trust agent is disabled completely. Otherwise, the trust agent will receive the list of configurations from all admins who set KEYGUARD_DISABLE_TRUST_AGENTS and aggregate the configurations to determine its behavior. The exact meaning of aggregation is trust-agent-specific.

The calling device administrator must have requested USES_POLICY_DISABLE_KEYGUARD_FEATURES to be able to call this method; if it has not, a security exception will be thrown.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 BasePasswordPolicy passwordPolicy = edm.getBasePasswordPolicy();
 try {
     ComponentName enterpriseDeviceAdmin = new ComponentName(context, EDMTestsAdmin.class);
     ComponentName targetPkg = new ComponentName(pkg, class);
     PersistableBundle configuration = new PersistableBundle(); // need to set details
     // clear reset password token
     passwordPolicy.setTrustAgentConfiguration(enterpriseDeviceAdmin, targetPkg, configuration);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 BasePasswordPolicy passwordPolicy = kcm.getBasePasswordPolicy();
 try {
     ComponentName enterpriseDeviceAdmin = new ComponentName(context, EDMTestsAdmin.class);
     ComponentName targetPkg = new ComponentName(pkg, class);
     PersistableBundle configuration = new PersistableBundle(); // need to set details
     // clear reset password token
     passwordPolicy.setTrustAgentConfiguration(enterpriseDeviceAdmin, targetPkg, configuration);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SECURITY" permission with a protection level of signature.
Since
API level 27
KNOX 3.2.1
Multiuser Environment
User Scope