Since: API level 11
public class

ContainerConfigurationPolicy

extends Object
java.lang.Object
   ↳ com.samsung.android.knox.container.ContainerConfigurationPolicy

Class Overview

This class provides APIs to configure policies related to container.

Since
API level 11
KNOX 2.0

Summary

Constants
int ERROR_INTERNAL_ERROR This error constant is returned as part of resetContainerPassword(String, int) API call, when reset container password is not accepted due to container state or internal error occurs or is returned as part of setCustomResource(int, Bundle) API call, when internal error occurs.
int ERROR_INVALID_KEY This error constant is returned as part of resetContainerPassword(String, int) or setCustomResource(int, Bundle) API call, when key is not correct.
int ERROR_NONE This error constant is returned as part of setCustomResource(int, Bundle) API call when custom resource is set successfully.
String FIDO_REQUEST_URI This constant is a key to use setFIDOInfo(Bundle) and getFIDOInfo().
String FIDO_RESPONSE_URI This constant is a key to use setFIDOInfo(Bundle) and getFIDOInfo().
String KEY_IMAGE This constant is a key to represent the custom resource is an image (bitmap) setCustomResource(int, Bundle).
String KEY_NAME This constant is a key to represent the custom resource is an String setCustomResource(int, Bundle).
String OPTION_CALLER_INFO This constant should be send as parameter as part of setSettingsOptionEnabled(String, boolean) or isSettingsOptionEnabled(String) API call.
int RES_TYPE_BADGE This constant is the container badge resource type setCustomResource(int, Bundle).
int RES_TYPE_PERSONAL_MODE_NAME This constant is the name string resource type setCustomResource(int, Bundle).
int RES_TYPE_PROFILE_NAME This constant is the name string resource type setCustomResource(int, Bundle).
int RES_TYPE_PROFILE_SWITCH_ICON This constant is the profile switch icon resource type setCustomResource(int, Bundle).
Public Constructors
ContainerConfigurationPolicy()
Public Methods
void addCrossProfileIntentFilter(ComponentName admin, IntentFilter filter, int flags)
API to allow some intents sent in the container be also resolved in parent, or vice versa.
boolean addHomeShortcutToPersonal(String pkgName, String clsName)
API to add a Knox application shortcut to the home screen.
boolean addNetworkSSID(String ssid)
API to add wifi SSID which can be accessed by only container.
boolean addPackageToExternalStorageSBABlackList(String packageName)
API to add package in external storage SBA (Samsung Blessed App) blacklist.
boolean addPackageToExternalStorageWhiteList(String packageName, Signature[] signatures)
API to add package in external storage whitelist.
boolean addPackageToInstallWhiteList(String packageName)
API to add the package name of an application in to a white list.
boolean allowLayoutSwitching(boolean allow)
API to enable or disable container layout switching.
boolean allowRemoteControl(boolean state)
This API can be used by Container administrator to disable Remote Control inside container.
void clearCrossProfileIntentFilters(ComponentName admin)
API to remove the cross-profile intent filters that go from the container to the parent, or from the parent to container.
boolean clearNetworkSSID()
API to remove all of the ssids in allocated container.
boolean clearPackagesFromExternalStorageSBABlackList()
API to remove all the blacklisted external storage SBA packages.
boolean clearPackagesFromExternalStorageWhiteList()
API to remove all the whitelisted external storage packages.
boolean deleteHomeShortcutFromPersonal(String pkgName, String clsName)
API to remove knox application shortcut from personal home screen.
boolean enableBluetooth(boolean value, Bundle data)
API to enable or disable Bluetooth inside container.
boolean enableExternalStorage(boolean value)
API to enable/disable external storage(sdcard) inside container.
boolean enableNFC(boolean value, Bundle data)
API to enable or disable NFC inside container.
boolean enableUsbAccess(boolean value, Bundle data)
API to enable or disable USB access for applications inside container.
void enforceMultifactorAuthentication(boolean enforce)
API to enable or disable multi factor authentication for container.
boolean getEnforceAuthForContainer()
API to check whether MDM wants to enable or disable container keyguard.
Bundle getFIDOInfo()
API to get FIDO server info for container.
long getHibernationTimeout()
API to get the timeout used to set hibernation mode of the container which can be unlocked by the user with the password.
List<String> getNetworkSSID()
API to get wifi SSID list in allocated container.
Signature[] getPackageSignaturesFromExternalStorageWhiteList(String packageName)
API to get signatures of whitelisted external storage package.
List<String> getPackagesFromExternalStorageSBABlackList()
API to get all the blacklisted external storage SBA packages.
List<String> getPackagesFromExternalStorageWhiteList()
API to get all the whitelisted external storage packages.
List<String> getPackagesFromInstallWhiteList()
API to get the list of package names of all the applications set by the calling administrator from the white list which has the permission to install other applications.
boolean isBluetoothEnabled()
API to check if Bluetooth inside container is enabled.
boolean isContactsSharingEnabled()
API to check whether access to Knox Container Phone Book Access Profile is enabled.
boolean isExternalStorageEnabled()
API to find out if external storage(sdcard) inside container is enabled.
boolean isLayoutSwitchingAllowed()
API to check if container layout switching is allowed or not.
boolean isMultifactorAuthenticationEnforced()
API to check whether multi-factor authentication is enforced or not

An administrator can use this API to check whether multi-factor authentication enabled for the container.

boolean isNFCEnabled()
API to check if NFC inside container is enabled.
boolean isPackageInInstallWhiteList(String packageName)
API to match the package name of a application against the white listed packages which has the permission to install other applications.
boolean isRemoteControlAllowed()
This API can be used by Container administrator to disable Remote Control inside container.
boolean isResetContainerOnRebootEnabled()
API to check whether reset container on reboot is enabled or disabled.
boolean isSettingsOptionEnabled(String option)
API to check whether a specific Container settings option is enabled.
boolean isUsbAccessEnabled()
API to check if USB access is enabled or disabled for applications inside container.
boolean isUseSecureKeypadEnabled()
API to check whether Secure keypad usage is enforced.
boolean removeNetworkSSID(String ssid)
API to remove wifi SSID which can be accessed on only allocated container.
boolean removePackageFromExternalStorageSBABlackList(String packageName)
API to remove blacklisted external storage SBA package.
boolean removePackageFromExternalStorageWhiteList(String packageName)
API to remove whitelisted external storage package.
boolean removePackageFromInstallWhiteList(String packageName)
API to remove an application from the white list which has permission to install other applications.
boolean resetContainerOnReboot(boolean enable)
API to reset container after reboot.
int resetContainerPassword(String key, int timeout)
API to reset the Enterprise Container password.
boolean resetContainerPassword()
API to reset the Enterprise Container password.
boolean setContactsSharingEnabled(boolean enable)
API to enable or disable access to Knox contacts via Phone Book Access Profile (PBAP).
int setCustomResource(int type, Bundle data)
API to set a custom resource for container.
boolean setEnforceAuthForContainer(boolean enforce)
API to enable or disable container keyguard.
boolean setFIDOInfo(Bundle fidoinfo)
API to set FIDO server info for container.
boolean setHibernationTimeout(long time)
API to enforce the policy to set hibernation mode of the container with a timeout and the user will be able to unlock the container with the password.
boolean setSettingsOptionEnabled(String option, boolean enable)
API to enable or disable a specific Container settings option.
boolean setUseSecureKeypad(boolean enable)
API to enable or disable non-secure keypad usage.
[Expand]
Inherited Methods
From class java.lang.Object

Constants

public static final int ERROR_INTERNAL_ERROR

Since: API level 13

This error constant is returned as part of resetContainerPassword(String, int) API call, when reset container password is not accepted due to container state or internal error occurs or is returned as part of setCustomResource(int, Bundle) API call, when internal error occurs.

Since
API level 13
KNOX 2.2
Constant Value: -2 (0xfffffffe)

public static final int ERROR_INVALID_KEY

Since: API level 13

This error constant is returned as part of resetContainerPassword(String, int) or setCustomResource(int, Bundle) API call, when key is not correct.

Since
API level 13
KNOX 2.2
Constant Value: -1 (0xffffffff)

public static final int ERROR_NONE

Since: API level 24

This error constant is returned as part of setCustomResource(int, Bundle) API call when custom resource is set successfully.

Since
API level 24
KNOX 3.0
Constant Value: 0 (0x00000000)

public static final String FIDO_REQUEST_URI

Since: API level 20

This constant is a key to use setFIDOInfo(Bundle) and getFIDOInfo().

Since
API level 20
KNOX 2.7
Constant Value: "fido_request_uri"

public static final String FIDO_RESPONSE_URI

Since: API level 20

This constant is a key to use setFIDOInfo(Bundle) and getFIDOInfo().

Since
API level 20
KNOX 2.7
Constant Value: "fido_response_uri"

public static final String KEY_IMAGE

Since: API level 24

This constant is a key to represent the custom resource is an image (bitmap) setCustomResource(int, Bundle).

Since
API level 24
KNOX 3.0
Constant Value: "key-image"

public static final String KEY_NAME

Since: API level 29

This constant is a key to represent the custom resource is an String setCustomResource(int, Bundle).

Since
API level 28
KNOX 3.4
Constant Value: "key-name"

public static final String OPTION_CALLER_INFO

Since: API level 14

This constant should be send as parameter as part of setSettingsOptionEnabled(String, boolean) or isSettingsOptionEnabled(String) API call.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 14
KNOX 2.3
Constant Value: "option_callerinfo"

public static final int RES_TYPE_BADGE

Since: API level 24

This constant is the container badge resource type setCustomResource(int, Bundle).

Since
API level 24
KNOX 3.0
Constant Value: 1 (0x00000001)

public static final int RES_TYPE_PERSONAL_MODE_NAME

Since: API level 29

This constant is the name string resource type setCustomResource(int, Bundle).

Since
KNOX 3.4
API level 28
Constant Value: 5 (0x00000005)

public static final int RES_TYPE_PROFILE_NAME

Since: API level 29

This constant is the name string resource type setCustomResource(int, Bundle).

Since
KNOX 3.4
API level 28
Constant Value: 4 (0x00000004)

public static final int RES_TYPE_PROFILE_SWITCH_ICON

Since: API level 24

This constant is the profile switch icon resource type setCustomResource(int, Bundle).

Since
API level 24
KNOX 3.0
Constant Value: 2 (0x00000002)

Public Constructors

public ContainerConfigurationPolicy ()

Since: API level 11

Public Methods

public void addCrossProfileIntentFilter (ComponentName admin, IntentFilter filter, int flags)

Since: API level 20

API to allow some intents sent in the container be also resolved in parent, or vice versa.

Parameters
admin The component name of administrator this request is associated with (must not be null).
filter The IntentFilter the intent has to match to be also resolved in the other profile.
flags FLAG_MANAGED_CAN_ACCESS_PARENT and FLAG_PARENT_CAN_ACCESS_MANAGED are supported.
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of the container, the API throws SecurityException.
Usage

An administrator can use this API to allow some intents sent in the container be also resolved in parent, or vice versa. Only activity intents are supported.

It is a wrapper for DevicePolicyManager::addCrossProfileIntentFilter() API, but an administrator does not need to be a profile owner to call it.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
 ComponentName deviceAdmin = new ComponentName(getApplicationContext(), MDMAdmin.class);
 IntentFilter testIntentFilter = new IntentFilter();
 testIntentFilter.addAction("com.samsung.afwtest.ACTION_TEST_CROSS_PROFILE");
 try {
     ccp.addCrossProfileIntentFilter(deviceAdmin, testIntentFilter,
                     DevicePolicyManager.FLAG_PARENT_CAN_ACCESS_MANAGED |
                     DevicePolicyManager.FLAG_MANAGED_CAN_ACCESS_PARENT);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.
Since
API level 20
KNOX 2.7

public boolean addHomeShortcutToPersonal (String pkgName, String clsName)

Since: API level 20

API to add a Knox application shortcut to the home screen.

Parameters
pkgName The package name of the application.
Returns
  • true on add an application shortcut success, false on add an application shortcut failure.
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of container the API throws SecurityException.
IllegalArgumentException If container does not exist or container creation/removal is in progress.
Usage
Administrator can use this API to remotely add knox application shorcut on home screen. The position on home screen where the shorcut will be placed is chosen by the launcher and if there is no space left on home screen the shortcut will not be created. Duplicated shortcuts are allowed.

Note :
This API is not supported for COM Container.

 // administrator wants to add a browser shortcut on home screen
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 String pkgName = "com.android.browser";
 String clsName = null; //or classname
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     boolean result = ccp.addHomeShortcutToPersonal(String pkgName, String clsName);
 } catch (IllegalArgumentException e) {
     Log.w(TAG, "IllegalArgumentException:" + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.
Since
API level 20
KNOX 2.7

public boolean addNetworkSSID (String ssid)

Since: API level 13

API to add wifi SSID which can be accessed by only container.

Parameters
ssid The SSID to add on container
Returns
  • true if adding wifi ssid was successful, else false.
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of the container, the API throws SecurityException.
Usage
An administrator can use this API to add wifi SSID for container. This wifi SSID can be accessed by only container and blocked to access on out of container. This API can be called only with Container not device side.


NOTE: This api cannot be applied to LWC container and folder type container.



NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
      // When you create container successfully, containerID will be returned via intent.
      // Use this containerID in below API.
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     if (ccp.addNetworkSSID(ssid) == true) {
         Log.d(TAG, "adding ssid succeeded");
     } else {
         Log.d(TAG, "adding ssid failed");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_WIFI" permission which has a protection level of signature.

Since
API level 13
KNOX 2.2

public boolean addPackageToExternalStorageSBABlackList (String packageName)

Since: API level 13

API to add package in external storage SBA (Samsung Blessed App) blacklist.

Parameters
packageName Name of the application package
Returns
  • true if successfully added else false
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of the container, the API throws SecurityException.
Usage
Administrator can use this API to add package in external storage SBA (Samsung Blessed App)blacklist. Blacklisted packages will not be allowed to use external storage.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
     // When you create container successfully,containerID will be returned via intent.
     // Use this containerID in below API.
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
      Signature[]  signatures = {};
     boolean status = ccp.addPackageToExternalStorageSBABlackList("com.android.knox.app"); 
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.
Since
API level 13
KNOX 2.2

public boolean addPackageToExternalStorageWhiteList (String packageName, Signature[] signatures)

Since: API level 13

API to add package in external storage whitelist.

Parameters
packageName Name of the application package
signatures application signatures
Returns
  • true if successfully added else false
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of the container, the API throws SecurityException.
Usage
Administrator can use this API to add package in external storage whitelist. Only whitelisted applications are allowed to access its package path on external storage for read and write operation.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
     // When you create container successfully,containerID will be returned via intent.
     // Use this containerID in below API.
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
      Signature[]  signatures = {};
     boolean status = ccp.addPackageToExternalStorageWhiteList("com.android.knox.app", signatures); 
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.
Since
API level 13
KNOX 2.2

public boolean addPackageToInstallWhiteList (String packageName)

Since: API level 11

API to add the package name of an application in to a white list. By adding the package name in the white list, the container administrator gives the permission to that application to install other applications inside the container. Some applications if white listed by a Container administrator, can access Container service to install other applications inside the container.

Parameters
packageName The package name of the application to be added to the white list. (e.g., com.abc.xyz)
Returns
  • true if application package added successfully to the white list, else false.
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of container the API throws SecurityException.
IllegalArgumentException If container does not exist or container creation/removal is in progress.
Usage
An administrator can use this API to add a application in the white list in order to give access to install other applications inside the container. This API basically adds the package name in the white listed applications list.
addPackageToInstallWhiteList(String).

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
      // When you create container successfully, containerID will be returned via intent.
      // Use this containerID in below API.
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     boolean result = ccp.addPackageToInstallWhiteList("com.test.app");
     if (true == result) {
         Log.d(TAG, "Package added to install white list successfully");
     } else {
         Log.d(TAG, "Failed to add Package to install white list.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_APP_MGMT" permission which has a protection level of signature.

Since
API level 11
KNOX 2.0

public boolean allowLayoutSwitching (boolean allow)

Since: API level 24

API to enable or disable container layout switching.

Parameters
allow true or false to Enable/Disable Layout Switch.
Returns
  • true If API call is succesfull else false
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of container the API throws SecurityException.
IllegalArgumentException If container does not exists or container creation/removal is in progress.
Usage
An administrator can use this API to enable or disable container layout switching.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     boolean result = ccp.allowLayoutSwitching(true);
     if (true == result) {
         Log.d(TAG, "success");
     } else {
         Log.d(TAG, "failure");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signatureOrSystem.

Since
API level 24
KNOX 3.0

public boolean allowRemoteControl (boolean state)

Since: API level 13

This API can be used by Container administrator to disable Remote Control inside container.

Returns
  • true If Remote Control is enabled or disabled successfully
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of container the API throws SecurityException.
IllegalArgumentException If container does not exists or container creation/removal is in progress.
Usage
An administrator can use this API to disable remote control inside container.
isRemoteControlAllowed().

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     boolean result = ccp.allowRemoteControl(false);
     if (true == result) {
         Log.d(TAG, "Remote Control is disabled successfully");
     } else {
         Log.d(TAG, "Remote Control is not disabled");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_REMOTE_CONTROL" permission which has a protection level of signature.

Since
API level 13
KNOX 2.2

public void clearCrossProfileIntentFilters (ComponentName admin)

Since: API level 20

API to remove the cross-profile intent filters that go from the container to the parent, or from the parent to container.

Parameters
admin The component name of administrator this request is associated with (must not be null).
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of the container, the API throws SecurityException.
Usage

An administrator can use this API to remove the cross-profile intent filters that go from the container to the parent, or from the parent to container. Only removes those that have been set by the container's administrator.

It is a wrapper for DevicePolicyManager::clearCrossProfileIntentFilters() API, but an administrator does not need to be a profile owner to call it.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
 ComponentName deviceAdmin = new ComponentName(getApplicationContext(), MDMAdmin.class);
 try {
     ccp.clearCrossProfileIntentFilters(deviceAdmin);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.
Since
API level 20
KNOX 2.7

public boolean clearNetworkSSID ()

Since: API level 13

API to remove all of the ssids in allocated container.

Returns
  • true if removing wifi ssids in container was successful, else false.
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of the container, the API throws SecurityException.
Usage
An administrator can use this API to remove all of the ssids in allocated container. This API can be called only with Container not device side.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 try {
     boolean success = kcm.getContainerConfigurationPolicy().clearNetworkSSID();
     if (success == true) {
         Log.d(TAG, "removing ssids in container succeeded");
     } else {
         Log.d(TAG, "removing ssids in container failed");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_WIFI" permission which has a protection level of signature.

Since
API level 13
KNOX 2.2

public boolean clearPackagesFromExternalStorageSBABlackList ()

Since: API level 13

API to remove all the blacklisted external storage SBA packages.

Returns
  • true if successfully removed else false
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of the container, the API throws SecurityException.
Usage
Administrator can use this API to remove all the blacklisted external storage SBA packages.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
     // When you create container successfully,containerID will be returned via intent.
     // Use this containerID in below API.
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     boolean status = ccp.clearPackagesFromExternalStorageSBABlackList(); 
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.
Since
API level 13
KNOX 2.2

public boolean clearPackagesFromExternalStorageWhiteList ()

Since: API level 13

API to remove all the whitelisted external storage packages.

Returns
  • true if successfully removed else false
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of the container, the API throws SecurityException.
Usage
Administrator can use this API to remove all the whitelisted external storage packages.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
     // When you create container successfully,containerID will be returned via intent.
     // Use this containerID in below API.
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     boolean status = ccp.clearPackagesFromExternalStorageWhiteList(); 
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.
Since
API level 13
KNOX 2.2

public boolean deleteHomeShortcutFromPersonal (String pkgName, String clsName)

Since: API level 20

API to remove knox application shortcut from personal home screen.

Parameters
pkgName The package name of the application.
Returns
  • true on remove an application shortcut success, false on remove an application shortcut failure.
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of container the API throws SecurityException.
IllegalArgumentException If container does not exist or container creation/removal is in progress.
Usage
administrator can use this API to remotely remove knox application shortcut from home screen. All shortcut added by the administrator for the specified package name will be removed. Shortcuts added by the user will not be affected.

NOTES:
This API is not supported for COM Container.

 // administrator wants to remove a browser shortcut from home screen
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 String pkgName = "com.android.browser";
 String clsName = null; //or classname
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     boolean result = ccp.deleteHomeShortcutFromPersonal(String pkgName, String clsName);
 } catch (IllegalArgumentException e) {
     Log.w(TAG, "IllegalArgumentException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.
Since
API level 20
KNOX 2.7

public boolean enableBluetooth (boolean value, Bundle data)

Since: API level 15

API to enable or disable Bluetooth inside container.

Parameters
value true to enable, false to disable
data Bundle for future use
Returns
  • true if enabled, else false
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of the container, the API throws SecurityException.
Usage
Administrator can use this API to enable or disable Bluetooth inside container .

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
     // When you create container successfully,containerID will be returned via intent.
     // Use this containerID in below API.
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     boolean status = ccp.enableBluetooth(true, null); 
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.
Since
API level 15
KNOX 2.4

public boolean enableExternalStorage (boolean value)

Since: API level 13

API to enable/disable external storage(sdcard) inside container.

Returns
  • true if enabled else false
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of the container, the API throws SecurityException.
Usage
Administrator can use this API to enable/disable external storage inside container.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
     // When you create container successfully,containerID will be returned via intent.
     // Use this containerID in below API.
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     boolean status = ccp.enableExternalStorage(true); 
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.
Since
API level 13
KNOX 2.2

public boolean enableNFC (boolean value, Bundle data)

Since: API level 15

API to enable or disable NFC inside container.

Parameters
value true to enable, false to disable
data Bundle for future use
Returns
  • true if enabled, else false
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of the container, the API throws SecurityException.
Usage
Administrator can use this API to enable or disable NFC inside container .

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
     // When you create container successfully,containerID will be returned via intent.
     // Use this containerID in below API.
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     boolean status = ccp.enableNFC(true, null); 
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.
Since
API level 15
KNOX 2.4
See Also

public boolean enableUsbAccess (boolean value, Bundle data)

Since: API level 17

API to enable or disable USB access for applications inside container.

Parameters
value true to enable, false to disable
data Bundle for future use
Returns
  • true if success else false
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of the container, the API throws SecurityException.
Usage
Administrator can use this API to enable or disable USB access for applications inside container.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
     // When you create container successfully,containerID will be returned via intent.
     // Use this containerID in below API.
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     boolean status = ccp.enableUsbAccess(true, null); 
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.
Since
API level 17
KNOX 2.5

public void enforceMultifactorAuthentication (boolean enforce)

Since: API level 11

API to enable or disable multi factor authentication for container.

Returns
  • true if the policy is successfully applied false otherwise.
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of the container, the API throws SecurityException.
Usage
When this policy is enforced more than one form of authentication is required to enter the container. As an example, user is required to authenticate finger print and also required to authenticate one of the device unlock methods chosen among pattern/pin/password. By default this policy is disabled, unless administrator chooses to enable it.

If administrator disables biometric authentication then multi-factor cannot be enforced, unless user already has multi-factor setup prior to biometric being disabled.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

 
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
      // When you create container successfully, containerID will be returned via intent.
      // Use this containerID in below API.
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     boolean returnValue = ccp.enforceMultifactorAuthentication(true);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
        

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.

Since
API level 11
KNOX 2.0

public boolean getEnforceAuthForContainer ()

Since: API level 11

API to check whether MDM wants to enable or disable container keyguard.

An administrator can use this API to check whether the authentication enforced to enter the container.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Returns
  • true - authentication enabled, false - authentication disabled for container.
Since
API level 11
KNOX 2.0

public Bundle getFIDOInfo ()

Since: API level 20

API to get FIDO server info for container.

Returns
  • Bundle that has FIDO server info.
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of container the API throws SecurityException.
IllegalArgumentException If container does not exist or container creation/removal is in progress.
Usage
An administrator can use this API to get FIDO server info.

 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
 try {
     String rspuri;
     String rqsuri;
     Bundle serverBundle = ccp.getFIDOInfo();
     rqsuri = serverBundle.getString(ContainerConfigurationPolicy.FIDO_REQUEST_URI, "default value");
     rspuri = serverBundle.getString(ContainerConfigurationPolicy.FIDO_RESPONSE_URI, "default value");
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signatureOrSystem.

Since
API level 20
KNOX 2.7

public long getHibernationTimeout ()

Since: API level 13

API to get the timeout used to set hibernation mode of the container which can be unlocked by the user with the password.

Hibernation timeout defines the delay for SDP(Sensitive Data Protection) feature to take effect after container transitions to the locked state.

Returns
  • Timeout used for hibernation mode of container in milli seconds.
Throws
SecurityException If caller does not have required permissions. Only admin who created container can enforce policy, if the calling admin is not an owner of container the API throws SecurityException.
IllegalArgumentException If container does not exist or container creation/removal is in progress.
Usage


NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
      // When you create container successfully, containerID will be returned via intent.
      // Use this containerID in below API.
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     long timeout = ccp.getHibernationTimeout();
 } catch (IllegalArgumentException e) {
     Log.w(TAG, "IllegalArgumentException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.

Since
API level 13
KNOX 2.2

public List<String> getNetworkSSID ()

Since: API level 13

API to get wifi SSID list in allocated container.

Returns
  • The list of SSIDs if set, else an empty list if no SSID is added.
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of the container, the API throws SecurityException.
Usage
An administrator can use this API to get wifi SSID list in allocated container. This API can be called only with Container not device side.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 try {
     List<String> containerSSID = kcm.getContainerConfigurationPolicy().getNetworkSSID();
     for (String ssid : containerSSID) {
         Log.d(TAG, "container ssid: " + ssid);
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_WIFI" permission which has a protection level of signature.

Since
API level 13
KNOX 2.2

public Signature[] getPackageSignaturesFromExternalStorageWhiteList (String packageName)

Since: API level 13

API to get signatures of whitelisted external storage package.

Returns
  • Package signatures if success else null
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of the container, the API throws SecurityException.
Usage
Administrator can use this API to get signatures of whitelisted external storage package.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
     // When you create container successfully,containerID will be returned via intent.
     // Use this containerID in below API.
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     Signature[] signature = ccp.getPackageSignaturesFromExternalStorageWhiteList(); 
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.
Since
API level 13
KNOX 2.2

public List<String> getPackagesFromExternalStorageSBABlackList ()

Since: API level 13

API to get all the blacklisted external storage SBA packages.

Returns
  • List SBA Blacklisted packages is success else null
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of the container, the API throws SecurityException.
Usage
Administrator can use this API to get all the blacklisted external storage SBA packages.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
     // When you create container successfully,containerID will be returned via intent.
     // Use this containerID in below API.
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     List packages = ccp.getPackagesFromExternalStorageSBABlackList(); 
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.
Since
API level 13
KNOX 2.2

public List<String> getPackagesFromExternalStorageWhiteList ()

Since: API level 13

API to get all the whitelisted external storage packages.

Returns
  • List whitelisted packages is success else null
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of the container, the API throws SecurityException.
Usage
Administrator can use this API to get all the whitelisted external storage packages.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
     // When you create container successfully,containerID will be returned via intent.
     // Use this containerID in below API.
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     List packages = ccp.getPackagesFromExternalStorageWhiteList(); 
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.
Since
API level 13
KNOX 2.2

public List<String> getPackagesFromInstallWhiteList ()

Since: API level 11

API to get the list of package names of all the applications set by the calling administrator from the white list which has the permission to install other applications. Some applications if white listed by Container administrator, can access Container service to install other applications inside the container. Container administrator gets only the list of those applications set by the same administrator.

Returns
  • List of packages names from the white list set by the calling administrator.
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of the container, the API throws SecurityException.
IllegalArgumentException If container does not exist or container creation/removal is in progress.
Usage
An administrator can use this API to get all the application package names from the white list who have the permission to install other applications inside the container. This API gets only those packages set by the calling administrator.
getPackagesFromInstallWhiteList().

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
      // When you create container successfully, containerID will be returned via intent.
      // Use this containerID in below API.
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     ArrayList<String> result = (ArrayList<String>) ccp.getPackagesFromInstallWhiteList();
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_APP_MGMT" permission which has a protection level of signature.

Since
API level 11
KNOX 2.0

public boolean isBluetoothEnabled ()

Since: API level 15

API to check if Bluetooth inside container is enabled.

Returns
  • true if enabled else false
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of the container, the API throws SecurityException.
Usage
Administrator can use this API to check if Bluetooth inside container is enabled.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
     // When you create container successfully,containerID will be returned via intent.
     // Use this containerID in below API.
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     boolean status = ccp.isBluetoothEnabled(); 
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.
Since
API level 15
KNOX 2.4

public boolean isContactsSharingEnabled ()

Since: API level 20

API to check whether access to Knox Container Phone Book Access Profile is enabled.

Returns
  • true If Knox PBAP is enabled or false otherwise
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of container the API throws SecurityException.
IllegalArgumentException If container does not exist or container creation/removal is in progress.
Usage
An administrator can use this API to check whether Knox Container contacts sharing via PBAP is allowed or disallowed. The default value is true (enabled).

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
 try {
     if (ccp.isContactsSharingEnabled()) {
         // Knox contacts PBAP is enabled.
     } else {
         // Knox contacts PBAP is disabled.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_REMOTE_CONTROL" permission which has a protection level of signature.

Since
API level 20
KNOX 2.7

public boolean isExternalStorageEnabled ()

Since: API level 13

API to find out if external storage(sdcard) inside container is enabled.

Returns
  • true if enabled else false
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of the container, the API throws SecurityException.
Usage
Administrator can use this API to find out if external storage inside container is enable.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
     // When you create container successfully,containerID will be returned via intent.
     // Use this containerID in below API.
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     boolean status = ccp.isExternalStorageEnabled(); 
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.
Since
API level 13
KNOX 2.2

public boolean isLayoutSwitchingAllowed ()

Since: API level 24

API to check if container layout switching is allowed or not.

Returns
  • true If Layout Switching is allowed else false
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of container the API throws SecurityException.
IllegalArgumentException If container does not exists or container creation/removal is in progress.
Usage
An administrator can use this API to check if container layout switching is allowed or not.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     boolean result = ccp.isLayoutSwitchingAllowed();
     if (true == result) {
         Log.d(TAG, "Layout Swicthing allowed");
     } else {
         Log.d(TAG, "Layout Swicthing not allowed");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Since
API level 24
KNOX 3.0

public boolean isMultifactorAuthenticationEnforced ()

Since: API level 11

API to check whether multi-factor authentication is enforced or not

An administrator can use this API to check whether multi-factor authentication enabled for the container.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Returns
  • true if the policy is successfully applied false otherwise.
Since
API level 11
KNOX 2.0

public boolean isNFCEnabled ()

Since: API level 15

API to check if NFC inside container is enabled.

Returns
  • true if enabled else false
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of the container, the API throws SecurityException.
Usage
Administrator can use this API to check if NFC inside container is enabled.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
     // When you create container successfully,containerID will be returned via intent.
     // Use this containerID in below API.
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     boolean status = ccp.isNFCEnabled(); 
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.
Since
API level 15
KNOX 2.4

public boolean isPackageInInstallWhiteList (String packageName)

Since: API level 11

API to match the package name of a application against the white listed packages which has the permission to install other applications. Some applications if white listed by an MDM administrator, can access Container service to install other applications inside the container. This API can be used by a administrator/Non-administrator to verify if an application is part of the white list, or in other words to check whether an application has the permission to install other applications inside the container.

Parameters
packageName The package name of the application to match in the white list. (e.g., com.abc.xyz)
Returns
  • true if application has the permission to install other applications, else false.
Usage
This API can be used to match a application with the white list packages to check if it has permission to install other applications.
isPackageInInstallWhiteList(String).

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
      // When you create container successfully, containerID will be returned via intent.
      // Use this containerID in below API.
      KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
      ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
      boolean result = ccp.isPackageInInstallWhiteList("com.test.app");
      if( true == result){
          Log.d(TAG,"Package present in the white list. So it has the permission to install 
                     other applications inside container");
      }else{
          Log.d(TAG,"Package is not present in the white list. So it does not have the permission
                     to install other applications inside container");
      }
 } catch(SecurityException e) {
            Log.w(TAG,"SecurityException: "+e);
 }
 
Since
API level 11
KNOX 2.0

public boolean isRemoteControlAllowed ()

Since: API level 13

This API can be used by Container administrator to disable Remote Control inside container.

Returns
  • true If Remote Control is enabled or false otherwise
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of container the API throws SecurityException.
IllegalArgumentException If container does not exists or container creation/removal is in progress.
Usage
An administrator can use this API to disable remote control inside container.
allowRemoteControl(boolean).

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     boolean result = ccp.isRemoteControlAllowed();
     if (true == result) {
         Log.d(TAG, "Remote Control is enabled");
     } else {
         Log.d(TAG, "Remote Control is disabled");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_REMOTE_CONTROL" permission which has a protection level of signature.

Since
API level 13
KNOX 2.2

public boolean isResetContainerOnRebootEnabled ()

Since: API level 12

API to check whether reset container on reboot is enabled or disabled.

Returns
  • true if enabled else false
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of the container, the API throws SecurityException.
Usage
Administrator can use this API to find if reset container on reboot is enabled/disabled .

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
     // When you create container successfully,containerID will be returned via intent.
     // Use this containerID in below API.
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     boolean status = ccp.isResetContainerOnRebootEnabled(); 
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.
Since
API level 12
KNOX 2.1

public boolean isSettingsOptionEnabled (String option)

Since: API level 14

API to check whether a specific Container settings option is enabled.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API. 
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     boolean result = ccp.isSettingsOptionEnabled(ContainerConfigurationPolicy.OPTION_CALLER_INFO);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 

Parameters
option The name of a settings defined in the ContainerConfigurationPolicy.
Returns
  • true if setting is enabled else false
Since
API level 14
KNOX 2.3

public boolean isUsbAccessEnabled ()

Since: API level 17

API to check if USB access is enabled or disabled for applications inside container.

Returns
  • true if enabled else false
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of the container, the API throws SecurityException.
Usage
Administrator can use this API to check if USB access is enabled or disabled for applications inside container.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
     // When you create container successfully,containerID will be returned via intent.
     // Use this containerID in below API.
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     boolean status = ccp.isUsbAccessEnabled(); 
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.
Since
API level 17
KNOX 2.5

public boolean isUseSecureKeypadEnabled ()

Since: API level 11

API to check whether Secure keypad usage is enforced.

Administrator can check whether any keypad usage is allowed or not, and take appropriate action based on enterprise policy.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Returns
  • true - secure keypad usage enforced, false - any keypad usage allowed.
Since
API level 11
KNOX 2.0

public boolean removeNetworkSSID (String ssid)

Since: API level 13

API to remove wifi SSID which can be accessed on only allocated container.

Parameters
ssid The SSID to remove on container
Returns
  • true if removing wifi ssid was successful, else false.
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of the container, the API throws SecurityException.
Usage
An administrator can use this API to remove wifi SSID for container. This API can be called only with Container not device side.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
      // When you create container successfully, containerID will be returned via intent.
      // Use this containerID in below API.
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     if (ccp.removeNetworkSSID(ssid) == true) {
         Log.d(TAG, "removing ssid succeeded");
     } else {
         Log.d(TAG, "removing ssid failed");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_WIFI" permission which has a protection level of signature.

Since
API level 13
KNOX 2.2

public boolean removePackageFromExternalStorageSBABlackList (String packageName)

Since: API level 13

API to remove blacklisted external storage SBA package.

Parameters
packageName application package name
Returns
  • true if successfully removed else false
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of the container, the API throws SecurityException.
Usage
Administrator can use this API to remove blacklisted external storage SBA package.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
     // When you create container successfully,containerID will be returned via intent.
     // Use this containerID in below API.
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     boolean status = ccp.removePackageFromExternalStorageSBABlackList("com.android.knox.app"); 
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.
Since
API level 13
KNOX 2.2

public boolean removePackageFromExternalStorageWhiteList (String packageName)

Since: API level 13

API to remove whitelisted external storage package.

Parameters
packageName application package name
Returns
  • true if successfully removed else false
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of the container, the API throws SecurityException.
Usage
Administrator can use this API to remove whitelisted external storage package.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
     // When you create container successfully,containerID will be returned via intent.
     // Use this containerID in below API.
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     boolean status = ccp.removePackageFromExternalStorageWhiteList("com.android.knox.app"); 
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.
Since
API level 13
KNOX 2.2

public boolean removePackageFromInstallWhiteList (String packageName)

Since: API level 11

API to remove an application from the white list which has permission to install other applications. Some applications if white listed by Container administrator, can access Container service to install other application inside the container. API is used to remove an application from the white list, or in other words this API can be used to remove the install permission of an application.

Parameters
packageName The package name of the application to be removed from the white list. (e.g., com.abc.xyz)
Returns
  • true if application package removed successfully from the white list, else false.
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of the container, the API throws SecurityException.
IllegalArgumentException If container does not exist or container creation/removal is in progress.
Usage
An administrator can use this API to remove an application from the white list of applications which has the permission to install other applications inside the container.
removePackageFromInstallWhiteList(String).

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
      // When you create container successfully, containerID will be returned via intent.
      // Use this containerID in below API.
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     boolean result = ccp.removePackageFromInstallWhiteList("com.test.app");
     if (true == result) {
         Log.d(TAG, "Package removed from the install white list successfully");
     } else {
         Log.d(TAG, "Failed to remove Package from install white list.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_APP_MGMT" permission which has a protection level of signature.

Since
API level 11
KNOX 2.0

public boolean resetContainerOnReboot (boolean enable)

Since: API level 12

API to reset container after reboot.

Parameters
enable true to enable, false to disable
Returns
  • true if success else false
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of the container, the API throws SecurityException.
Usage
Administrator can use this API to enable or disable resetting container after reboot. This API is only applicable for Container only mode container.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
      // When you create container successfully, containerID will be returned via intent.
      // Use this containerID in below API.
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     boolean status = ccp.resetContainerOnReboot(true); 
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.
Since
API level 12
KNOX 2.1

public int resetContainerPassword (String key, int timeout)

Since: API level 13

API to reset the Enterprise Container password.

Parameters
key The key used to enable sensitive data protection at the time of container creation null otherwise.
timeout The reset container password timeout value in minutes. By default timeout will happen in 15 minutes.
Returns
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of the container, the API throws SecurityException.
Usage
Administrator should call this API when user does not remember container password. When called by administrator, this API will force the user to enter a new password and will not ask for old password.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
      // When you create container successfully, containerID will be returned via intent.
      // Use this containerID in below API.
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     if (ccp.resetContainerPassword(key, timeout) < 0) {
         switch(mRequestid) {
             case ContainerConfigurationPolicy.ERROR_INVALID_KEY: 
             ....... (More cases)
     } else {
         Log.d(TAG, "Resetting password.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.
Since
API level 13
KNOX 2.2

public boolean resetContainerPassword ()

Since: API level 11

API to reset the Enterprise Container password.

Returns
  • true - on success
    false - on failure
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of the container, the API throws SecurityException.
Usage
Administrator should call this API when user does not remember container password. When called by administrator, this API will force the user to enter a new password and will not ask for old password.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
      // When you create container successfully, containerID will be returned via intent.
      // Use this containerID in below API.
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     if (ccp.resetContainerPassword()) {
         Log.d(TAG, "Resetting password.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.
Since
API level 11
KNOX 2.0

public boolean setContactsSharingEnabled (boolean enable)

Since: API level 20

API to enable or disable access to Knox contacts via Phone Book Access Profile (PBAP).

Parameters
enable true to enable, false to disable Knox PBAP
Returns
  • true if successful else false.
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of container the API throws SecurityException.
IllegalArgumentException If container does not exist or container creation/removal is in progress.
Usage
An administrator can use this API to enable or disable function that require access to the PBAP via Bluetooth.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
 try {
     if (ccp.setContactsSharingEnabled(false)) {
         // Knox contacts PBAP is disabled.
     } else {
         // failed to apply the policy.
     }
     if (ccp.setContactsSharingEnabled(true)) {
         // Knox contacts PBAP is enabled.
     } else {
         // failed to apply the policy.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signatureOrSystem.

Since
API level 20
KNOX 2.7

public int setCustomResource (int type, Bundle data)

Since: API level 24

API to set a custom resource for container.

Parameters
type the custom resource type
RES_TYPE_BADGE
RES_TYPE_PROFILE_SWITCH_ICON
RES_TYPE_PROFILE_NAME
RES_TYPE_PERSONAL_MODE_NAME
data the custom resource key-value pair data
KEY_IMAGE
KEY_NAME
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of container the API throws SecurityException.
IllegalArgumentException If container does not exists or container creation/removal is in progress.
Usage
An administrator can use this API to set custom resource.

NOTE: This policy will take effect after device next reboot.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
     Bitmap bitmap = // generate a Bitmap object from resource
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     Bundle data = new Bundle();
     data.putParcelable(KEY_IMAGE, bitmap);
     boolean result = ccp.setCustomResource(ContainerConfigurationPolicy.RES_TYPE_PROFILE_ICON, data);	 
     Bundle data2 = new Bundle();
     data2.putParcelable(KEY_NAME, "out of workspace");
     boolean result2 = ccp.setCustomResource(ContainerConfigurationPolicy.RES_TYPE_PERSONAL_MODE_NAME, data2);		 
     if (true == result) {
         // set succeeded.
     } else {
         // set failed.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signatureOrSystem.

Since
API level 24
KNOX 3.0

public boolean setEnforceAuthForContainer (boolean enforce)

Since: API level 11

API to enable or disable container keyguard.

Returns
  • true if the policy is successfully applied false otherwise.
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of the container, the API throws SecurityException.
Usage
An administrator can use this API to enable/disable authentication to enter the container. By default keyguard will be enabled unless administrator chooses to disable it.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
      // When you create container successfully, containerID will be returned via intent.
      // Use this containerID in below API.
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     boolean returnValue = ccp.setEnforceAuthForContainer(false);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
        

NOTE: From KNOX 2.2, in case of MDFPP (Mobile Device Fundamentals Protection Profile) SDP enabled container, this API will return false.

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.

Since
API level 11
KNOX 2.0

public boolean setFIDOInfo (Bundle fidoinfo)

Since: API level 20

API to set FIDO server info for container.

Parameters
fidoinfo Bundle that has FIDO server info. Passing null will reset FIDO info.
Returns
  • true if successful else false.
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of container the API throws SecurityException.
IllegalArgumentException If container does not exist or container creation/removal is in progress.
Usage
An administrator can use this API to set FIDO server info.

 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
 try {
     Bundle serverBundle = new Bundle();
     serverBundle.putString(ContainerConfigurationPolicy.FIDO_REQUEST_URI, "http://your fido request uri");
     serverBundle.putString(ContainerConfigurationPolicy.FIDO_RESPONSE_URI, "http://your fido response uri");
     boolean result = ccp.setFIDOInfo(serverBundle);
     if (result) {
         // set succeeded.
     } else {
         // set failed.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signatureOrSystem.

Since
API level 20
KNOX 2.7

public boolean setHibernationTimeout (long time)

Since: API level 13

API to enforce the policy to set hibernation mode of the container with a timeout and the user will be able to unlock the container with the password. By default hibernation timeout value is 5 seconds.

Hibernation timeout defines the delay for SDP(Sensitive Data Protection) feature to take effect after container transitions to the locked state.

Returns
  • true if policy is applied successfully or false otherwise.
Throws
SecurityException If caller does not have required permissions. Only admin who created container can enforce policy, if the calling admin is not an owner of container the API throws SecurityException.
IllegalArgumentException If container does not exist or container creation/removal is in progress.
Usage

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.
 
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
      // When you create container successfully, containerID will be returned via intent.
      // Use this containerID in below API.
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     ccp.setHibernationTimeout(timeout);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 } catch (IllegalArgumentException e) {
     Log.w(TAG, "IllegalArgumentException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.

Since
API level 13
KNOX 2.2

public boolean setSettingsOptionEnabled (String option, boolean enable)

Since: API level 14

API to enable or disable a specific Container settings option.

Parameters
option Settings option to enable or disable
enable true to enable, false to disable
Returns
  • true if successful else false.
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of container the API throws SecurityException.
IllegalArgumentException If container does not exist or container creation/removal is in progress.
Usage
An administrator can use this API to block user ability to change a specific Container setting.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API. 
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
     boolean result = ccp.setSettingsOptionEnabled(ContainerConfigurationPolicy.OPTION_CALLER_INFO , true);
     if (true == result) {
         Log.d(TAG, "Option CALLER_INFO enabled");
     } else {
         Log.d(TAG, "Failed to enable option CALLER_INFO.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signatureOrSystem.

Since
API level 14
KNOX 2.3

public boolean setUseSecureKeypad (boolean enable)

Since: API level 11

API to enable or disable non-secure keypad usage.

Parameters
enable true to enable, false to disable
Returns
  • true if operation is successful, else false.
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of the container, the API throws SecurityException.
Usage
An administrator can use this API to enforce user to only use secure keypad in the Container.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
      // When you create container successfully, containerID will be returned via intent.
      // Use this containerID in below API.
      KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
      ContainerConfigurationPolicy ccp = kcm.getContainerConfigurationPolicy();
      try {
          if (ccp.setUseSecureKeypad(enable)) {// true
              Log.w(TAG, "secure keypad usage enabled.");
          } else {
              Log.w(TAG, "Failed to enable the secure keypad usage.");
          }
      } catch (SecurityException e) {
          Log.w(TAG, "SecurityException: " + e);
      }
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 11
KNOX 2.0