Since: API level 19
public class

DLPManagerPolicy

extends Object
java.lang.Object
   ↳ com.samsung.android.knox.dlp.DLPManagerPolicy

Deprecated in API level 27

Class Overview

This class provides APIs for MDM administrators to configure Data Loss Prevention(DLP) on the device. It provides APIs to set configure the information and provide a list of applications (whitelist) that can make use of the DLP functionality

NOTE: : Currently this feature is supported only for KNOX Container.

Since
API level 19
KNOX 2.6

Summary

Public Methods
boolean addPackagesToAllowDLPWhiteList(List<DLPPackageInfo> list)
API to add list of applications to DLP whitelist.
Bundle getDLPConfig()
API to get DLP configuration.
List<DLPPackageInfo> getPackagesFromAllowDLPWhiteList()
API to get list of applications from DLP whitelist.
boolean removeDLPFiles(boolean onlyExpired)
API to remove DLP files.
boolean removePackagesFromAllowDLPWhiteList(List<String> list)
API to remove list of applications from DLP whitelist.
boolean setDLPConfig(Bundle config)
API to set DLP configuration.
[Expand]
Inherited Methods
From class java.lang.Object

Public Methods

public boolean addPackagesToAllowDLPWhiteList (List<DLPPackageInfo> list)

Since: API level 19

API to add list of applications to DLP whitelist.

Parameters
list List of objects of type DLPPackageInfo to be added in DLP whitelist
Returns
  • true if success, false if it failed
Throws
SecurityException If caller does not have required permissions
Usage

An administrator can use this API to add a list of applications in DLP whitelist which can access DLP files.

There are two type of application, both App types can set DLP attribute(s) while creating sensitive contents, and also can access these DLP contents. However, additional Restriction Policy (clipboard, network access, and so on) is enforced on consumer apps to prevent data leakage from these type of apps. You can create the DLP package-info list of apps that needs to be added to DLP whitelist. Each DLP Package-info can consist of package name, app type (creator is 0, consumer is 1), and signature (optional). If "Type" is not set for any given package-info then by default app type considered as creator.


Note: This API can be called only by Profile owner.

For Container:
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 DLPManagerPolicy dlpManagerPolicy = kcm.getDLPManagerPolicy();
 List<DLPPackageInfo> list = new ArrayList<DLPPackageInfo> (); 
 DLPPackageInfo app1 = new DLPPackageInfo(new AppIdentity("com.test.creator", "app1_siganature"), null);
 Bundle bundle = new Bundle();
 bundle.putInt("Type", 1);
 DLPPackageInfo app2 = new DLPPackageInfo(new AppIdentity("com.test.consumer", null), bundle);
 list.add(app1);
 list.add(app2);
 
 try {
     dlpManagerPolicy.addPackagesToAllowDLPWhiteList(list);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException" + e);
 } 
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_DLP_MGMT" permission which has a protection level of signature.

Since
API level 19
KNOX 2.6
Multiuser Environment
User Scope

public Bundle getDLPConfig ()

Since: API level 19

API to get DLP configuration.

Returns
  • Configuration bundle if success, else null
Usage

An administrator can use this API to get configuration for DLP


Note: This API can be called only by Profile owner.

For Container:
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 DLPManagerPolicy dlpManagerPolicy = kcm.getDLPManagerPolicy();
 
 try {
     Bundle config = dlpManagerPolicy.getDLPConfig();
 } catch (SecurityException e) {
     Log.w(TAG, "Exception" + e);
 }

 boolean isActivated = config.getBoolean("Activate", false);
 boolean isLocked = config.getBoolean("Lock", false);
 int expiryAfter = config.getInt("ExpiryAfter", 0);
 
 // List of additional supported extensions
 // Note: Since KNOX 2.7, Extra extension support is available for DLP
 String supportedExtraExtensions = config.getString("Extensions",null);
 
 // List of domain names whitelisted to allow DLP file upload operation.
 // Note: Since Knox 2.8, Domains support is available for DLP
 String supportedDomains = config.getString("Domains",null);
 
 //List of enabled events for dlp audit logging
 //Note: Since Knox 2.8, Audit logging support is available for DLP
 boolean isLogFileCreateEvent = config.getBoolean("CREATE", false);
 boolean isLogFileOpenEvent = config.getBoolean("OPEN", false);
 boolean isLogFileRenameEvent = config.getBoolean("RENAME", false);
 boolean isLogFileExpiredAccessEvent = config.getBoolean("EXPIRED", false);
 boolean isLogFileUnauthorizedAccessEvent = config.getBoolean("UNAUTHORIZED", false);
 

Since
API level 19
KNOX 2.6
Multiuser Environment
User Scope

public List<DLPPackageInfo> getPackagesFromAllowDLPWhiteList ()

Since: API level 19

API to get list of applications from DLP whitelist.

Returns
Usage

An administrator can use this API to get a list of applications from DLP whitelist which can access DLP files.


Note: This API can be called only by Profile owner.

For Container:
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 DLPManagerPolicy dlpManagerPolicy = kcm.getDLPManagerPolicy();
 
 try {
     List<DLPPackageInfo> list = dlpManagerPolicy.getPackagesFromAllowDLPWhiteList();
 } catch (SecurityException e) {
     Log.w(TAG, "Exception" + e);
 }
 

Since
API level 19
KNOX 2.6
Multiuser Environment
User Scope

public boolean removeDLPFiles (boolean onlyExpired)

Since: API level 19

API to remove DLP files.

Parameters
onlyExpired If true then only expired DLP files will be removed; if false all DLP Files will be removed
Returns
  • true if success, false if it failed
Throws
SecurityException If caller does not have required permissions
Usage

An administrator can use this API to remove DLP files on device.


Note: This API can be called only by Profile owner.

For Container:
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 DLPManagerPolicy dlpManagerPolicy = kcm.getDLPManagerPolicy();
 
 try {
     boolean ret = dlpManagerPolicy.removeDLPFiles(false);
 } catch (SecurityException e) {
     Log.w(TAG, "Exception" + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_DLP_MGMT" permission which has a protection level of signature.

Since
API level 19
KNOX 2.6
Multiuser Environment
User Scope

public boolean removePackagesFromAllowDLPWhiteList (List<String> list)

Since: API level 19

API to remove list of applications from DLP whitelist.

Parameters
list List of String to be removed from DLP whitelist
Returns
  • true if success, false if it failed
Throws
SecurityException If caller does not have required permissions
Usage

An administrator can use this API to remove a list of appliations from DLP whitelist.


Note: This API can be called only by Profile owner.

For Container:
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 DLPManagerPolicy dlpManagerPolicy = kcm.getDLPManagerPolicy();
 
 List<String> list = new ArrayList<String> ();
 list.add("com.test.consumer");
 
 try {
     dlpManagerPolicy.removePackagesFromAllowDLPWhiteList(list);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException" + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_DLP_MGMT" permission which has a protection level of signature.

Since
API level 19
KNOX 2.6
Multiuser Environment
User Scope

public boolean setDLPConfig (Bundle config)

Since: API level 19

API to set DLP configuration.

Parameters
config Bundle of configuration data to set
Returns
  • return true if success, false if it failed
Throws
SecurityException If caller does not have required permissions
Usage

An administrator can use this API to set configuration for DLP.


Note: This API can be called only by Profile owner.

For Container:
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 DLPManagerPolicy dlpManagerPolicy = kcm.getDLPManagerPolicy();
 
 // set configuration
 Bundle config = new Bundle();
 config.putBoolean("Activate", true);
 config.putBoolean("Lock", false);
 config.putInt("ExpiryAfter", 3 * 24 * 60 * 60);
 
 // Extra extension list to be supported for DLP. In case null is passed only default extensions will be supported
 // Default supproted extensions:[xls,xlsx,doc,docx,ppt,pptx,pdf,jpg,jpeg,zip,mp4,txt,asd,xlam,htm,html,mht,eml,msg,hwp,gul,rtf,mysingle,png,gif]
 // To add: pass comma(,) seperated extensions
 // To delete: remove the extension from list or pass null to delete all previously set extra extensions
 // Note: Since KNOX 2.7, Extra extension support is available for DLP.
 config.putString("Extensions", "xxx,yyy,zzz");
 
 //Domain names separated by comma, which are trusted by admin through which 
 //sensitive file upload operations are allowed. To delete: remove the domain 
 //names from list or pass null to delete all previously set domain names. 
 //Note: Since Knox 2.8, Domain name whitelist support for DLP file upload operation is available for DLP.
 config.putString("Domains", "google.com,filedrive.com");
 
 //5 separate boolean values related to event types must be passed in the config variable
 //to enable or disable DLP audit logging for respective events
 //To enable logging: pass true value to respective event flag
 //To disable logging: pass false value to respective event flag
 //Note: Since Knox 2.8, Audit logging feature is available for DLP.
 config.putBoolean("CREATE", true);
 config.putBoolean("OPEN", true);
 config.putBoolean("RENAME", false);
 config.putBoolean("EXPIRED", false);
 config.putBoolean("UNAUTHORIZED", true);
 try {
     dlpManagerPolicy.setDLPConfig(config);
 } catch (SecurityException e) {
     Log.w(TAG, "Exception" + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_DLP_MGMT" permission which has a protection level of signature.

Since
API level 19
KNOX 2.6
Multiuser Environment
User Scope
See Also