Since: API level 11
public class

AdvancedRestrictionPolicy

extends Object
java.lang.Object
   ↳ com.samsung.android.knox.restriction.AdvancedRestrictionPolicy

Class Overview

This class provides APIs to restrict advanced features.

Since
API level 11
KNOX 2.0

Summary

Constants
int CCMODE_STATE_DISABLED This state is returned by getCCModeState() API specifying the device has failed to enable CC mode.
int CCMODE_STATE_ENABLED This state is returned by getCCModeState() API specifying CC mode is enabled on device.
int CCMODE_STATE_ENFORCING This state is returned by getCCModeState() API specifying the device is enforced and wait for meeting all prerequisites.
int CCMODE_STATE_NONE This state is returned by getCCModeState() API specifying the device needs factory reset for Ready State (CCMODE_STATE_READY).
int CCMODE_STATE_NOT_SUPPORTED This state is returned by getCCModeState() API specifying the device doesn't support CC mode.
int CCMODE_STATE_READY This state is returned by getCCModeState() API specifying the device is ready to enable CC mode.
Public Methods
boolean allowBLE(boolean allow)
API to allow or disallow Bluetooth scanning and Bluetooth access.
boolean allowFirmwareAutoUpdate(boolean enable)
API to enforce checking for Firmware Update automatically (Auto update) in the Device Settings.
boolean allowRemoteControl(boolean allow)
API to enable or disable Knox Remote Control feature on device.
boolean allowWifiScanning(boolean allow)
API to allow or disallow Wifi scanning.
boolean enableODETrustedBootVerification(boolean enable)
To be deprecated since API level 25
int getCCModeState()
API to check state for CC (Common Criteria) mode.
boolean isBLEAllowed()
API to check whether Bluetooth scanning and Bluetooth are allowed or disallowed.
boolean isFirmwareAutoUpdateAllowed(boolean showMsg)
API to check whether or not option for checking Firmware Update automatically (Auto update) is enforced in Device Settings.
boolean isODETrustedBootVerificationEnabled()
To be deprecated since API level 25
boolean isRemoteControlAllowed()
API to check whether Knox Remote Control feature is enabled.
boolean isWifiScanningAllowed()
API to check whether Wifi scanning is allowed or disallowed.
boolean setCCMode(boolean enable)
API to enable or disable CC (Common Criteria) mode.
[Expand]
Inherited Methods
From class java.lang.Object

Constants

public static final int CCMODE_STATE_DISABLED

Since: API level 15

This state is returned by getCCModeState() API specifying the device has failed to enable CC mode. This Device blocked by Lockscreen and need factory-reset for restore.

Since
API level 15
KNOX 2.4
Constant Value: 1 (0x00000001)

public static final int CCMODE_STATE_ENABLED

Since: API level 15

This state is returned by getCCModeState() API specifying CC mode is enabled on device.

Since
API level 15
KNOX 2.4
Constant Value: 4 (0x00000004)

public static final int CCMODE_STATE_ENFORCING

Since: API level 15

This state is returned by getCCModeState() API specifying the device is enforced and wait for meeting all prerequisites. (setCCMode(boolean)).

Since
API level 15
KNOX 2.4
Constant Value: 3 (0x00000003)

public static final int CCMODE_STATE_NONE

Since: API level 15

This state is returned by getCCModeState() API specifying the device needs factory reset for Ready State (CCMODE_STATE_READY).

Since
API level 15
KNOX 2.4
Constant Value: 0 (0x00000000)

public static final int CCMODE_STATE_NOT_SUPPORTED

Since: API level 15

This state is returned by getCCModeState() API specifying the device doesn't support CC mode.

Since
API level 15
KNOX 2.4
Constant Value: -1 (0xffffffff)

public static final int CCMODE_STATE_READY

Since: API level 15

This state is returned by getCCModeState() API specifying the device is ready to enable CC mode. (setCCMode(boolean))

Since
API level 15
KNOX 2.4
Constant Value: 2 (0x00000002)

Public Methods

public boolean allowBLE (boolean allow)

Since: API level 26

API to allow or disallow Bluetooth scanning and Bluetooth access.

Parameters
allow true to allow, false to disallow.
Returns
  • true if operation is successful, else false.
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to disable Bluetooth scanning and Bluetooth access without user interaction.

NOTE: If disabled, all Bluetooth functionality is disabled. If Bluetooth scanning is disabled, the device declines location accuracy and does not allow apps and services to scan for and connect to nearby devices automatically via Bluetooth.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
     boolean allow = false; // disallow Bluetooth scanning and Bluetooth access
     if (ekm.getAdvancedRestrictionPolicy().allowBLE(allow)) {
         Log.w(TAG, "Bluetooth scanning and Bluetooth access are not allowed");
     } else {
         Log.w(TAG, "Failed to set the policy.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "Exception" + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_ADVANCED_RESTRICTION" permission with a protection level of signature.
Since
API level 26
KNOX 3.2
Multiuser Environment
Global Scope
See Also

public boolean allowFirmwareAutoUpdate (boolean enable)

Since: API level 11

API to enforce checking for Firmware Update automatically (Auto update) in the Device Settings.

Returns
  • true if operation is successful, else false.
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to enforce checking for Firmware Update automatically option in the device Settings.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
     boolean allow = false; // disallow firmware auto update
     if (ekm.getAdvancedRestrictionPolicy().allowFirmwareAutoUpdate(allow)) {
         Log.w(TAG, "firmware auto update not allowed");
     } else {
         Log.w(TAG, "Failed to set the policy.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "Exception" + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_ADVANCED_RESTRICTION" permission with a protection level of signature.
Since
API level 11
KNOX 2.0
Multiuser Environment
Global Scope

public boolean allowRemoteControl (boolean allow)

Since: API level 24

API to enable or disable Knox Remote Control feature on device.

Parameters
allow true or false to Enable/Disable Remote Control
Returns
  • true If Remote Control is enabled or disabled successfully
Throws
SecurityException If caller does not have required permissions.
Usage
An administrator can use this API to enable or disable remote control feature on device


Note: This API can be called only by Device owner or Profile owner.

 
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
     if (ekm.getAdvancedRestrictionPolicy().allowRemoteControl(false)) {
         Log.w(TAG, "Remote Control is disabled successfully.");
     } else {
         Log.w(TAG, "Remote Control is not disabled.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
   
For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 AdvancedRestrictionPolicy advancedRestrictionPolicy = kcm.getAdvancedRestrictionPolicy();
 try {
     if (advancedRestrictionPolicy.allowRemoteControl(false)) {
         Log.w(TAG, "Remote Control is disabled successfully.");
     } else {
         Log.w(TAG, "Remote Control is not disabled.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "Exception" + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_ADVANCED_RESTRICTION" permission which has a protection level of signature.

Since
API level 24
KNOX 3.0
Multiuser Environment
User Scope

public boolean allowWifiScanning (boolean allow)

Since: API level 26

API to allow or disallow Wifi scanning.

Parameters
allow true to allow, false to disallow.
Returns
  • true if operation is successful, else false.
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to disable Wifi scanning without user interaction.

NOTE: If Wi-Fi scanning is disabled, the device declines location accuracy and does not allow apps and services to scan for and connect to nearby devices automatically via Wi-Fi.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
     boolean allow = false; // disallow Wifi scanning
     if (ekm.getAdvancedRestrictionPolicy().allowWifiScanning(allow)) {
         Log.w(TAG, "Wifi scanning is not allowed");
     } else {
         Log.w(TAG, "Failed to set the policy.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "Exception" + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_ADVANCED_RESTRICTION" permission with a protection level of signature.
Since
API level 26
KNOX 3.2
Multiuser Environment
Global Scope

public boolean enableODETrustedBootVerification (boolean enable)

Since: API level 11

To be deprecated since API level 25

API to enable or disable ODE Trusted Boot verification.

Parameters
enable true to enable, false to disable.
Returns
  • true if operation is successful, else false.
Usage
When enabled, device decrypts the data partition only when the binary and kernel is official.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
     boolean enable = false;
     if (ekm.getAdvancedRestrictionPolicy().enableODETrustedBootVerification(enable)) {
         Log.w(TAG, " Enable ODE Trusted Boot verification not allowed");
     } else {
         Log.w(TAG, "Failed to set the policy.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "Exception" + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_ADVANCED_RESTRICTION" permission with a protection level of signature.
Since
API level 11
KNOX 2.0
Multiuser Environment
Global Scope

public int getCCModeState ()

Since: API level 15

API to check state for CC (Common Criteria) mode.

Since
API level 15
KNOX 2.4
Multiuser Environment
Global Scope

public boolean isBLEAllowed ()

Since: API level 26

API to check whether Bluetooth scanning and Bluetooth are allowed or disallowed.

Returns
  • true if Bluetooth scanning and Bluetooth are allowed, false if disallowed.
Since
API level 26
KNOX 3.2
Multiuser Environment
Global Scope

public boolean isFirmwareAutoUpdateAllowed (boolean showMsg)

Since: API level 11

API to check whether or not option for checking Firmware Update automatically (Auto update) is enforced in Device Settings.

Returns
  • true if firmware is allowed to auto update, false if disallowed.
Usage
An administrator can use this API to check whether checking for Firmware Update automatically is enforced or not.
Since
API level 11
KNOX 2.0
Multiuser Environment
Global Scope

public boolean isODETrustedBootVerificationEnabled ()

Since: API level 11

To be deprecated since API level 25

API to check whether ODE Trusted Boot verification is enabled or not.

Returns
  • true if ODE Trusted Boot verification is enabled, false if disabled.
Since
API level 11
KNOX 2.0
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_ADVANCED_RESTRICTION" permission with a protection level of signature.
Multiuser Environment
Global Scope

public boolean isRemoteControlAllowed ()

Since: API level 24

API to check whether Knox Remote Control feature is enabled.

Returns
  • true If Remote Control is enabled or false otherwise
Usage
An administrator can use this API to check if remote control feature is enabled.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
     if (ekm.getAdvancedRestrictionPolicy().isRemoteControlAllowed()) {
         Log.d(TAG, "Remote Control is enabled");
     } else {
         Log.d(TAG, "Remote Control is disabled");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 AdvancedRestrictionPolicy advancedRestrictionPolicy = kcm.getAdvancedRestrictionPolicy();
 try {
     if (advancedRestrictionPolicy.isRemoteControlAllowed()) {
         Log.w(TAG, "Remote Control is enabled.");
     } else {
         Log.w(TAG, "Remote Control is disabled.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "Exception" + e);
 }
 

Since
API level 24
KNOX 3.0
Multiuser Environment
User Scope

public boolean isWifiScanningAllowed ()

Since: API level 26

API to check whether Wifi scanning is allowed or disallowed.

Returns
  • true if Wifi scanning is allowed, false if disallowed.
Since
API level 26
KNOX 3.2
Multiuser Environment
Global Scope

public boolean setCCMode (boolean enable)

Since: API level 11

API to enable or disable CC (Common Criteria) mode.

Parameters
enable true to enable, false to disable.
Returns
  • true if operation is successful, else false.
Throws
SecurityException If caller does not have required permissions
Usage
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
     boolean enable = false;
     ekm.getAdvancedRestrictionPolicy().setCCMode(enable);
     Log.w(TAG, "Set CCMode is called.");
 } catch (SecurityException e) {
     Log.w(TAG, "Exception" + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_ADVANCED_RESTRICTION" permission with a protection level of signature.
Since
API level 11
KNOX 2.0
Multiuser Environment
Global Scope
See Also
  • com.samsung.android.knox.restriction.RestrictionPolicy.isFastEncryptionAllowed(boolean)
  • getCCModeState()