Since: API level 2
public class

RestrictionPolicy

extends Object
java.lang.Object
   ↳ com.samsung.android.knox.restriction.RestrictionPolicy

Class Overview

This class provides APIs to restrict device functions.

Since
API level 2
MDM 2.0

Summary

Nested Classes
enum RestrictionPolicy.USBInterface Enum of USB class Interface 
Constants
String ACTION_UPDATE_FOTA_VERSION_RESULT Broadcast Action: To notify the administrator about result of FOTA version setting operations.
int ERROR_UPDATE_FOTA_ENABLED_BY_OTHER_ADMIN Another admin already set the policy.
int ERROR_UPDATE_FOTA_NONE Success.
int ERROR_UPDATE_FOTA_UNKNOWN Unknown/internal error.
int ERROR_UPDATE_FOTA_UNKNOWN_SERVER Unknown FOTA server error.
String EXTRA_UPDATE_FOTA_VERSION_STATUS Used as an integer extra field with ACTION_UPDATE_FOTA_VERSION_RESULT.
int LOCKSCREEN_MULTIPLE_WIDGET_VIEW LockScreen multiple widgets
int LOCKSCREEN_SHORTCUTS_VIEW LockScreen shortcuts
int STATUS_UPDATE_FOTA_ALREADY_LATEST_VERSION Current FOTA binary is latest.
int STATUS_UPDATE_FOTA_FAILURE FOTA binary update failure.
int STATUS_UPDATE_FOTA_PROCESSING FOTA binary update is progressing.
int STATUS_UPDATE_FOTA_SUCCESS FOTA binary update success.
String UPDATE_FOTA_CORPID Corporation Id key defined in bundle of setAllowedFOTAVersion(String, Bundle) API call.
int WEARABLE_GEAR_DEVICE To be deprecated since API level 25
Public Methods
boolean allowAirplaneMode(boolean allow)
API to allow or disallow Airplane Mode.
boolean allowAndroidBeam(boolean allow)
API to allow or disallow Android Beam on device.
boolean allowAudioRecord(boolean allow)
API to allow or disallow audio recording.
boolean allowBackgroundProcessLimit(boolean allow)
API to allow or disallow setting a background process limit.
boolean allowBluetooth(boolean enable)
API to enable or disable Bluetooth access.
boolean allowClipboardShare(boolean allow)
API to allow or disallow sharing the clipboard between applications.
boolean allowDataSaving(boolean allow)
API to allow or disallow Data Saving.
boolean allowDeveloperMode(boolean allow)
API to allow or disallow Developer Mode options in the device Settings.
boolean allowFactoryReset(boolean allow)
API to enable or disable the user from performing a factory reset.
boolean allowFastEncryption(boolean enable)
API to enforce Fast Encryption options in the device Settings.
boolean allowFirmwareRecovery(boolean allow)
API to allow or disallow firmware update.
boolean allowGoogleAccountsAutoSync(boolean allow)
API to allow or disallow auto sync for Google accounts.
boolean allowGoogleCrashReport(boolean allow)
API to enable or disable sending a crash report to Google.
boolean allowKillingActivitiesOnLeave(boolean allow)
API to allow or disallow killing an activity when the user leaves it
boolean allowLockScreenView(int view, boolean allow)
API to allow or disallow lock screen views in device, like widgets and shortcuts.
boolean allowOTAUpgrade(boolean allow)
API to allow or disallow upgrading the operating system (OS) over-the-air (OTA).
boolean allowPowerOff(boolean allow)
API to allow or disallow the user to power off the device by pressing the power button.
boolean allowPowerSavingMode(boolean allow)
API to allow or disallow Power Saving Mode.
boolean allowSBeam(boolean allow)
API to allow or disallow S Beam on device.
boolean allowSDCardMove(boolean enable)
API to allow or disallow SDCard Move options in the device Settings.
boolean allowSDCardWrite(boolean allow)
API to enable or disable writing to the Secure Digital (SD) card.
boolean allowSVoice(boolean allow)
API to allow or disallow the S Voice application on the device.
boolean allowSafeMode(boolean allow)
API to allow or disallow Safe Mode boot.
boolean allowScreenPinning(boolean allow)
API to allow or deny Screen Pinning on device.
boolean allowSettingsChanges(boolean allow)
API to allow or deny changes to Settings application.
boolean allowShareList(boolean allow)
API to allow or disallow display of Share Via List.
boolean allowSmartClipMode(boolean allow)
API to allow or deny Smart Clip on device.
boolean allowStatusBarExpansion(boolean allow)
API to allow or disallow status bar expansion.
boolean allowStopSystemApp(boolean allow)
API to allow or disallow user to stop system-signed applications.
boolean allowUsbHostStorage(boolean allow)
API to enable or disable usage of USB host storage.
boolean allowUserMobileDataLimit(boolean allow)
API to allow or disallow the user to set the mobile data limit.
boolean allowVideoRecord(boolean allow)
API to allow or disallow video recording.
boolean allowVpn(boolean allow)
API to allow or disallow the user to use the native virtual private network (VPN) functionality.
boolean allowWallpaperChange(boolean allow)
API to allow or deny changing the device wallpaper.
boolean allowWiFi(boolean enable)
API to enable or disable Wi-Fi access.
boolean allowWifiDirect(boolean allow)
API to allow or disallow Wi-Fi Direct.
boolean enableWearablePolicy(int device, boolean enable)
To be deprecated since API level 25
String getAllowedFOTAVersion()
API to get allowed FOTA version on device.
int getUsbExceptionList()
API to get USB class exception list.
boolean isAirplaneModeAllowed()
API to check whether the Airplane Mode is allowed or not.
boolean isAndroidBeamAllowed()
API to check whether Android Beam is allowed on the device.
boolean isAudioRecordAllowed()
API to check whether audio recording is allowed.
boolean isBackgroundDataEnabled()
API to check whether background data usage is enabled.
boolean isBackgroundProcessLimitAllowed()
API to check whether a limit on background processes is allowed.
boolean isBackupAllowed(boolean showMsg)
API to check whether Google backup is enabled.
boolean isBluetoothEnabled(boolean showMsg)
API to check whether Bluetooth is enabled.
boolean isBluetoothTetheringEnabled()
API to check whether Bluetooth tethering is enabled.
boolean isCameraEnabled(boolean showMsg)
API to check whether the camera is enabled.
boolean isCellularDataAllowed()
API to check whether cellular data connection is enabled.
boolean isClipboardAllowed(boolean showMsg)
API to check whether access to clipboard is enabled.
boolean isClipboardShareAllowed()
API to check whether sharing the clipboard between applications is allowed

boolean isDataSavingAllowed()
API to check whether Data Saving is allowed or not.
boolean isDeveloperModeAllowed()
API to check whether Developer Mode option in Settings application is allowed to be turned on along with the inner settings.
boolean isFactoryResetAllowed()
API to check whether the user is allowed to perform a factory reset.
boolean isFastEncryptionAllowed(boolean showMsg)
API to check whether or not Fast Encryption is enforced.
boolean isFirmwareRecoveryAllowed(boolean showMsg)
API to check whether or not firmware recovery are allowed.
boolean isGoogleAccountsAutoSyncAllowed()
API to check whether or not Google accounts are allowed to sync automatically.
boolean isGoogleCrashReportAllowed()
API to check whether sending a crash report to Google is enabled.
boolean isHeadphoneEnabled(boolean showMsg)
API to check whether or not Headphone is enabled.
boolean isHomeKeyEnabled()
API to check whether home key functionality is enabled.
boolean isKillingActivitiesOnLeaveAllowed()
API to check whether killing an activity when the user leaves it is allowed.
boolean isLockScreenEnabled(boolean showMsg)
API to check whether or not lockscreen is enabled.
boolean isLockScreenViewAllowed(int view)
API to check whether the usage of lock screen views is allowed or not.
boolean isMicrophoneEnabled(boolean showMsg)
API to check whether the microphone is enabled.
boolean isMockLocationEnabled()
API to check whether mock GPS location is enabled.
boolean isNonMarketAppAllowed()
API to check whether non-Google-Play application installation is allowed.
boolean isOTAUpgradeAllowed()
API to check whether upgrading the operating system (OS) over-the-air (OTA) is enabled.
boolean isPowerOffAllowed()
API to check whether the user is allowed to power off the device by pressing the power button.
boolean isPowerSavingModeAllowed()
API to check whether Power Saving Mode is allowed or not.
boolean isSBeamAllowed()
API to check whether S Beam is allowed on the device.
boolean isSDCardMoveAllowed(boolean showMsg)
API to check whether or not SDCard Move is allowed.
boolean isSDCardWriteAllowed()
API to check whether writing to the Secure Digital (SD) card is enabled.
boolean isSVoiceAllowed()
API to check whether S Voice application is allowed to be launched.
boolean isSafeModeAllowed()
API to check whether the Safe Mode boot is allowed or not.
boolean isScreenCaptureEnabled(boolean showMsg)
API to check whether screen capture setting is enabled.
boolean isScreenPinningAllowed()
API to check whether Screen Pinning is allowed.
boolean isSdCardEnabled()
API to check whether Secure Digital (SD) card access is enabled.
boolean isSettingsChangesAllowed(boolean showMsg)
API to check whether the user is allowed to change device settings through Settings application.
boolean isShareListAllowed()
API to check whether display of Share Via List is allowed or not.
boolean isSmartClipModeAllowed()
API to check whether Smart Clip is allowed.
boolean isStatusBarExpansionAllowed()
API to check whether status bar expansion is allowed.
boolean isStopSystemAppAllowed()
API to check whether the user is allowed to stop system-signed applications.
boolean isTetheringEnabled()
API to check whether tethering is enabled for all interfaces.
boolean isUsbDebuggingEnabled()
API to check whether USB debugging is enabled.
boolean isUsbHostStorageAllowed()
API to check whether USB host storage is allowed.
boolean isUsbMediaPlayerAvailable(boolean showMsg)
API to check whether MTP (media transfer protocol) is allowed or not.
boolean isUsbTetheringEnabled()
API to check whether USB tethering is enabled.
boolean isUserMobileDataLimitAllowed()
API to check whether the user is allowed to set the mobile data limit.
boolean isVideoRecordAllowed()
API to check whether video recording is allowed.
boolean isVpnAllowed()
API to check whether native virtual private network (VPN) functionality is allowed.
boolean isWallpaperChangeAllowed()
API to check whether the user is allowed to change the wallpaper.
boolean isWearablePolicyEnabled(int device)
To be deprecated since API level 25
boolean isWiFiEnabled(boolean showMsg)
API to check whether Wi-Fi is enabled.
boolean isWifiDirectAllowed()
API to check whether Wi-Fi Direct is allowed.
boolean isWifiTetheringEnabled()
API to check whether Wi-Fi tethering is enabled.
boolean setAllowNonMarketApps(boolean allow)
API to allow or disallow installation of non-Google-Play applications.
boolean setAllowedFOTAVersion(String version, Bundle bundle)
API to set allowed FOTA version on device.
boolean setBackgroundData(boolean enable)
API to enable or disable access to manage background data usage.
boolean setBackup(boolean enable)
API to enable or disable Google backup.
boolean setBluetoothTethering(boolean enable)
API to enable or disable Bluetooth tethering.
boolean setCameraState(boolean enable)
API to enable or disable the camera.
boolean setCellularData(boolean enable)
API to enable or disable cellular data connection.
boolean setClipboardEnabled(boolean enable)
API to enable or disable access to the clipboard.
boolean setHeadphoneState(boolean enable)
API to set Headphone state.
boolean setHomeKeyState(boolean enable)
API to enable or disable home key functionality.
boolean setLockScreenState(boolean enable)
API to allow or disallow lockscreen menu in the device Settings.
boolean setMicrophoneState(boolean enable)
API to enable or disable microphone.
boolean setMockLocation(boolean enable)
API to enable or disable mock GPS locations.
boolean setScreenCapture(boolean enable)
API to enable or disable screen capture.
boolean setSdCardState(boolean enable)
API to enable or disable Secure Digital (SD) card access.
boolean setTethering(boolean enable)
API to enable or disable all tethering interfaces.
boolean setUsbDebuggingEnabled(boolean enable)
API to enable or disable USB debugging.
boolean setUsbExceptionList(int exceptionList)
API to set USB class exception list.
boolean setUsbMediaPlayerAvailability(boolean enable)
API to allow or disallow MTP (media transfer protocol).
boolean setUsbTethering(boolean enable)
API to enable or disable USB tethering.
boolean setWifiTethering(boolean enable)
API to enable or disable Wi-Fi tethering.
[Expand]
Inherited Methods
From class java.lang.Object

Constants

public static final String ACTION_UPDATE_FOTA_VERSION_RESULT

Since: API level 20

Broadcast Action: To notify the administrator about result of FOTA version setting operations.

The intent has the following extra values:

EXTRA_UPDATE_FOTA_VERSION_STATUS:

Permission
The use of this intent requires the user to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission which has a protection level of signature.
Since
API level 20
MDM 5.7
Constant Value: "com.samsung.android.knox.intent.action.UPDATE_FOTA_VERSION_RESULT"

public static final int ERROR_UPDATE_FOTA_ENABLED_BY_OTHER_ADMIN

Since: API level 20

Another admin already set the policy.

Since
API level 20
MDM 5.7
Constant Value: 2 (0x00000002)

public static final int ERROR_UPDATE_FOTA_NONE

Since: API level 20

Success.

Since
API level 20
MDM 5.7
Constant Value: 0 (0x00000000)

public static final int ERROR_UPDATE_FOTA_UNKNOWN

Since: API level 20

Unknown/internal error.

Since
API level 20
MDM 5.7
Constant Value: 4 (0x00000004)

public static final int ERROR_UPDATE_FOTA_UNKNOWN_SERVER

Since: API level 20

Unknown FOTA server error. This can only occur if the CorpID is changed.

Since
API level 20
MDM 5.7
Constant Value: 1 (0x00000001)

public static final String EXTRA_UPDATE_FOTA_VERSION_STATUS

Since: API level 20
Since
API level 20
MDM 5.7
Constant Value: "com.samsung.android.knox.intent.extra.UPDATE_FOTA_VERSION_STATUS"

public static final int LOCKSCREEN_MULTIPLE_WIDGET_VIEW

Since: API level 6

LockScreen multiple widgets

Since
API level 6
MDM 4.0
Constant Value: 1 (0x00000001)

public static final int LOCKSCREEN_SHORTCUTS_VIEW

Since: API level 6

LockScreen shortcuts

Since
API level 6
MDM 4.0
Constant Value: 2 (0x00000002)

public static final int STATUS_UPDATE_FOTA_ALREADY_LATEST_VERSION

Since: API level 21

Current FOTA binary is latest. This can only occur if a binary update is attempted.

Since
API level 21
MDM 5.7.1
Constant Value: 6 (0x00000006)

public static final int STATUS_UPDATE_FOTA_FAILURE

Since: API level 21

FOTA binary update failure. This can only occur if a binary update is attempted.

Since
API level 21
MDM 5.7.1
Constant Value: 8 (0x00000008)

public static final int STATUS_UPDATE_FOTA_PROCESSING

Since: API level 21

FOTA binary update is progressing. This can only occur if a binary update is attempted.

Since
API level 21
MDM 5.7.1
Constant Value: 7 (0x00000007)

public static final int STATUS_UPDATE_FOTA_SUCCESS

Since: API level 21

FOTA binary update success. This can only occur if a binary update is attempted.

Since
API level 21
MDM 5.7.1
Constant Value: 5 (0x00000005)

public static final String UPDATE_FOTA_CORPID

Since: API level 21

Corporation Id key defined in bundle of setAllowedFOTAVersion(String, Bundle) API call. It will only permit Corporation Id issued by SEAP portal and the random value will be failed

Since
API level 21
MDM 5.7.1
Constant Value: "update_fota_corpid"

public static final int WEARABLE_GEAR_DEVICE

Since: API level 19

To be deprecated since API level 25

Gear Wearable device

Since
API level 19
MDM 5.6
Constant Value: 1 (0x00000001)

Public Methods

public boolean allowAirplaneMode (boolean allow)

Since: API level 11

API to allow or disallow Airplane Mode.

Parameters
allow true to allow, false to disallow
Returns
  • true if successful, else false
Throws
SecurityException If caller does not have required permissions
Usage
Administrator can use this API to allow or disallow Airplane Mode. If administrator disallows Airplane Mode when it is already on, Airplane Mode will be turned off.
 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     if (restrictionPolicy.allowAirplaneMode(false)) {
         // Airplane Mode is disallowed.
     } else {
         // failure to disallow
     }
     // allow
     if (restrictionPolicy.allowAirplaneMode(true)) {
         // Airplane Mode is allowed.
     } else {
         // failure to allow
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to add the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
Global Scope

public boolean allowAndroidBeam (boolean allow)

Since: API level 6

API to allow or disallow Android Beam on device.

Parameters
allow true to allow, false to disallow.
Returns
  • true in case of success, false otherwise.
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can set this policy to block the use of Android Beam on the device. When Android Beam is disabled, the user is not able to send information (contacts, e-mails, Web addresses, etc.) using Android Beam. S Beam is also disabled when Android Beam is disabled.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean enableAndroidBeam = false;
     if (restrictionPolicy.allowAndroidBeam(enableAndroidBeam)) {
         Log.d(TAG, "Android Beam blocked.");
     } else {
         Log.d(TAG, "Failed blocking Android Beam.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 6
MDM 4.0
Multiuser Environment
Global Scope

public boolean allowAudioRecord (boolean allow)

Since: API level 6

API to allow or disallow audio recording.

Parameters
allow true to allow, false to disallow.
Returns
  • true if successful, false otherwise.
Throws
SecurityException If caller does not have required permissions
Usage

An administrator can use this API to disable audio recording. The device microphone is still available after disabling audio recording so that the user can make calls and use audio streaming. This API relies on declared use of the audio, allowing only calls, voice recognition, and voice over IP (VoIP). If the application declares a use type and does something else, then this API is not able to block it. When audio recording is disabled, any ongoing audio recording is interrupted. Video recording is still allowed if no audio recording is attempted.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean enableAudioRecording = false;
     if (restrictionPolicy.allowAudioRecord(enableAudioRecording)) {
         Log.w(TAG, "Audio record blocked.");
     } else {
         Log.w(TAG, "Failed to block audio record.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     boolean enableAudioRecording = false;
     if (restrictionPolicy.allowAudioRecord(enableAudioRecording)) {
         Log.w(TAG, "Audio record blocked.");
     } else {
         Log.w(TAG, "Failed to block audio record.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_HW_CONTROL" permission which has a protection level of signature.
Since
API level 6
MDM 4.0
Multiuser Environment
User Scope

public boolean allowBackgroundProcessLimit (boolean allow)

Since: API level 6

API to allow or disallow setting a background process limit.

Parameters
allow true to allow, false to disallow.
Returns
  • true if successful, false otherwise.
Throws
SecurityException If caller does not have required permissions
Usage

An administrator can use this API to allow or disallow setting a background process limit by the user. When disabled, the background process limit is set to the maximum.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean enableLimitBackgroundProcess = false;
     if (restrictionPolicy.allowBackgroundProcessLimit(enableLimitBackgroundProcess)) {
         Log.w(TAG, "Limit on background process blocked.");
     } else {
         Log.w(TAG, "Failed to block limit on background process.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 6
MDM 4.0
Multiuser Environment
Global Scope

public boolean allowBluetooth (boolean enable)

Since: API level 2

API to enable or disable Bluetooth access.

Parameters
enable true to enable, false to disable
Returns
  • true if operation is successful, else false
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to disable Bluetooth access without user interaction. User or third-party applications cannot enable Bluetooth access once it is disabled. Bluetooth is turned off and disabled if it is turned on when this API is called. When set to true, Bluetooth UI access is enabled but not Bluetooth functionality. Even with disabled Bluetooth access, BLE scanning is still possible.

NOTE:

This api always returns false when isBLEAllowed() returns false

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     // disable Bluetooth
     boolean result = restrictionPolicy.allowBluetooth(false);

     if (true == result) {
         // Bluetooth is disabled and cannot be enabled by user.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 // enable Bluetooth UI control
 try {
     boolean result = restrictionPolicy.allowBluetooth(true);
     if (true == result) {
         // Bluetooth UI control is enabled and user can change it.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_BLUETOOTH" permission with a protection level of signature.
Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean allowClipboardShare (boolean allow)

Since: API level 6

API to allow or disallow sharing the clipboard between applications.

Parameters
allow true to allow, false to disallow.
Returns
  • true if successful, else false.
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to allow or disallow sharing a global clipboard between applications. If the administrator disallows clipboard sharing, each application has an individual clipboard.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean allow = false;
     if (restrictionPolicy.allowClipboardShare(allow)) {
         Log.w(TAG, "allowClipboardShare() success");
     } else {
         Log.w(TAG, "allowClipboardShare() failed");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     boolean allow = false;
     if (restrictionPolicy.allowClipboardShare(allow)) {
         Log.w(TAG, "allowClipboardShare() success");
     } else {
         Log.w(TAG, "allowClipboardShare() failed");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 6
MDM 4.0
Multiuser Environment
User Scope

public boolean allowDataSaving (boolean allow)

Since: API level 21

API to allow or disallow Data Saving.

Parameters
allow true to allow, false to disallow
Returns
  • true if operation was successful, else false
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to allow/disallow "Data Saver" feature in the device. When turned on, this feature restricts background data usage by applications, which may prevent them from working properly. When set to false, this API will turn "Data Saver" off and prevent user from turn it back on, also it will turn on background data usage for all applications.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     // disallow Data Saving
     boolean result = restrictionPolicy.allowDataSaving(false);

     if (true == result) {
         // Data Saving is disabled and cannot be enabled by user.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 // enable Data Saver UI control
 try {
     boolean result = restrictionPolicy.allowDataSaving(true);
     if (true == result) {
         // Data Saver UI control is enabled and user can change it.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 21
MDM 5.7.1
Multiuser Environment
Global Scope
Dependency
This API is more restrictive than setBackgroundData(boolean), so if set to false it will prevail over setBackgroundData(boolean).

public boolean allowDeveloperMode (boolean allow)

Since: API level 11

API to allow or disallow Developer Mode options in the device Settings.

Parameters
allow true to allow, false to disallow Developer Mode option in device Settings
Returns
  • true if Developer Mode option is successfully allowed or disallowed, false otherwise
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to allow or disallow the user of changing any Developer Mode option in Settings application. Once this policy is applied, every developer option is reset to its default state. Some specific developer options managed by policies such as setMockLocation(boolean), setUsbDebuggingEnabled(boolean), allowKillingActivitiesOnLeave(boolean), allowBackgroundProcessLimit(boolean) will have the same block behavior when Developer Mode policy is applied (set to false). Besides that, whenever the administrator try to allow one of these policies, the return state might be true, but the user will only be able to change a setting state if Developer Mode is also allowed.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 // disallow
 try {
  if (restrictionPolicy.allowDeveloperMode(false)) {
      // Developer Mode in Settings application is disallowed and cannot be
      // changed by user.
  } else {
      // failure to disallow
  }
  // allow
  if (restrictionPolicy.allowDeveloperMode(true)) {
      // user is allowed to set any Developer Mode option in Settings
      // application.
  } else {
      // failure to allow
  }
 } catch (SecurityException e) {
  Log.w(TAG, "SecurityException: " + e);
 }

 
Permission
The use of this API requires the caller to add the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
Global Scope

public boolean allowFactoryReset (boolean allow)

Since: API level 2

API to enable or disable the user from performing a factory reset.

Parameters
allow true to allow user to perform factory reset, false to disallow user from performing factory reset
Returns
  • true if operation is successful, else false
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to enable or disable the user performing a factory reset. If set to false (disable), the user cannot change the option through the Settings application. This will also disable factory reset via recovery mode and adb command. In other case that involve the factory reset, it does not affect. For example, firmware upgrade or binary download and etc.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean result = restrictionPolicy.allowFactoryReset(false);
     if (true == result) {
         // factory reset is disabled and cannot be enabled by user.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean allowFastEncryption (boolean enable)

Since: API level 11

API to enforce Fast Encryption options in the device Settings.

Returns
  • true if operation is successful, else false.
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to enforce Fast Encryption mode only.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean allow = true; // enforce fast encryption mode only
     if (restrictionPolicy.allowFastEncryption(allow)) {
         Log.w(TAG, "Succeeded to set the policy");
     } else {
         Log.w(TAG, "Failed to set the policy.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     boolean allow = true; // enforce fast encryption mode only
     if (restrictionPolicy.allowFastEncryption(allow)) {
         Log.w(TAG, "Succeeded to set the policy");
     } else {
         Log.w(TAG, "Failed to set the policy.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
Global Scope

public boolean allowFirmwareRecovery (boolean allow)

Since: API level 11

API to allow or disallow firmware update.

Parameters
allow true to allow, false to disallow.
Returns
  • true if operation is successful, else false.
Throws
SecurityException If caller does not have required permissions
Usage
Device administrator can use this API to block device firmware update from download mode.
 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean allow = false; // disallow firmware recovery
     if (restrictionPolicy.allowFirmwareRecovery(allow)) {
         Log.w(TAG, "firmware recovery is not allowed");
     } else {
         Log.w(TAG, "Failed to set the policy.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
Global Scope

public boolean allowGoogleAccountsAutoSync (boolean allow)

Since: API level 11

API to allow or disallow auto sync for Google accounts.

Parameters
allow true to allow, false to disallow.
Returns
  • true if operation is successful, else false.
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to allow or disallow google accounts to sync automatically. This policy will not block play store from update installed apps because it doesn't rely on google account auto sync for that. Also, user will still be able to perform manual sync from inside some applications like Gmail.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean allow = false; // disallow auto sync
     if (restrictionPolicy.allowGoogleAccountsAutoSync(allow)) {
         Log.w(TAG, "Auto sync for google accounts is not allowed");
     } else {
         Log.w(TAG, "Failed to set the policy.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     boolean allow = false; // disallow auto sync
     if (restrictionPolicy.allowGoogleAccountsAutoSync(allow)) {
         Log.w(TAG, "Auto sync for google accounts is not allowed");
     } else {
         Log.w(TAG, "Failed to set the policy.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
User Scope

public boolean allowGoogleCrashReport (boolean allow)

Since: API level 5

API to enable or disable sending a crash report to Google.

Parameters
allow true to enable, false to disable
Returns
  • true if successful, else false
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to enable or disable sending a crash report to Google. If disabled, all possible Google crash reports are blocked.
 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean enableGoogleCrashReport = true;
     restrictionPolicy.allowGoogleCrashReport(enableGoogleCrashReport);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     boolean enableGoogleCrashReport = true;
     restrictionPolicy.allowGoogleCrashReport(enableGoogleCrashReport);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 5
MDM 3.0
Multiuser Environment
User Scope

public boolean allowKillingActivitiesOnLeave (boolean allow)

Since: API level 6

API to allow or disallow killing an activity when the user leaves it

Parameters
allow true to allow, false to disallow.
Returns
  • true if successful, false otherwise.
Throws
SecurityException If caller does not have required permissions
Usage

An administrator can use this API to allow or disallow killing an activity when the user leaves it without user interaction. When disabled, the preference "Do not keep activities" in Developer Options of Settings application is unchecked, and the user cannot edit it. When enabled, the user can edit the preference.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean enableKillActivitiesOnLeave = false;
     if (restrictionPolicy.allowKillingActivitiesOnLeave(enableKillActivitiesOnLeave)) {
         Log.w(TAG, "Kill activities on leave blocked.");
     } else {
         Log.w(TAG, "Failed blocking kill activities on leave.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 6
MDM 4.0
Multiuser Environment
Global Scope

public boolean allowLockScreenView (int view, boolean allow)

Since: API level 6

API to allow or disallow lock screen views in device, like widgets and shortcuts.

Parameters
view LOCKSCREEN_MULTIPLE_WIDGET_VIEW to manage lock screen widget or LOCKSCREEN_SHORTCUTS_VIEW to manage lock screen shortcuts.
allow true to allow, false to disallow lock screen views.
Returns
  • true if operation is successful, else false.
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to allow or disallow the usage of widgets and shortcuts in device's lock screen.

NOTE:

Since Android 5.0, this functionality can't be verified from Settings application.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     // disallow multiple widgets on Lock screen.
     if (restrictionPolicy.allowLockScreenView(LOCKSCREEN_MULTIPLE_WIDGET_VIEW, false)) {
         Log.w(TAG, "Success.");
     } else {
         Log.w(TAG, "Failed.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 6
MDM 4.0
Multiuser Environment
Global Scope

public boolean allowOTAUpgrade (boolean allow)

Since: API level 5

API to allow or disallow upgrading the operating system (OS) over-the-air (OTA).

Parameters
allow true to allow, false to disallow
Returns
  • true if successful, else false
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to allow or disallow upgrading the OS via a firmware-over-the-air (FOTA) client (for example, Samsung DM or WebSync DM). If disabled, all possible OTA upgrade requests (user initiated, server initiated, and system initiated) are blocked; the user may see server messages related to new firmware updates but any attempt to upgrade fails. Note : This API will not have any effect if admin disables firmware recovery using allowFirmwareRecovery(boolean) API.

NOTE:

Since MDM 5.0, this API is supported on Verizon and Sprint North American devices too.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean blockOTAUpdate = true;
     // disable visible pattern
     restrictionPolicy.allowOTAUpgrade(blockOTAUpdate);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 5
MDM 3.0
Multiuser Environment
Global Scope

public boolean allowPowerOff (boolean allow)

Since: API level 5

API to allow or disallow the user to power off the device by pressing the power button. For a device managed by multiple administrators, each administrator can apply a different status. Powering off using the power button is disabled if at least one administrator disables it. Powering off is enabled only if all administrators enable it. If powering off is disabled, a toast with the message "Security policy prevents power off" appears when the user tries to power off the device.

Parameters
allow true to allow, false to disallow
Returns
  • true if allowing or disallowing power off was successful, else false.
Throws
SecurityException If caller does not have required permissions

NOTE: Since MDM 5.3, only owner (User 0) administrator can call this API. For guest users, API will return false.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean result = restrictionPolicy.allowPowerOff(false);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException");
 }
 
For Container:

NOTE: Since MDM 5.3, only COM (Kiosk) container administrator can call this API. For other container types, API will return false.

 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     boolean result = restrictionPolicy.allowPowerOff(false);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException");
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_HW_CONTROL" permission which has a protection level of signature.
Since
API level 5
MDM 3.0
Multiuser Environment
User Scope

public boolean allowPowerSavingMode (boolean allow)

Since: API level 22

API to allow or disallow Power Saving Mode.

Parameters
allow true to allow, false to disallow
Returns
  • true if operation was successful, else false.
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to allow or disallow "Power Saving Mode" feature in the device. When set to false, device can't enter the Power Saving Mode.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     // disallow Power Saving Mode
     boolean result = restrictionPolicy.allowPowerSavingMode(false);

     if (true == result) {
         // Power Saving Mode disallowed and cannot be enabled by user.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 22
MDM 5.8
Multiuser Environment
Global Scope

public boolean allowSBeam (boolean allow)

Since: API level 6

API to allow or disallow S Beam on device.

Parameters
allow true to allow, false to disallow.
Returns
  • true in case of success, false otherwise.
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can set this policy to block the use of S Beam on the device. S Beam allows users to share content using near field communication (NFC) or Wi-Fi Direct. When S Beam is disabled, the user cannot send or receive files using S Beam.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean enableSBeam = false;
     if (restrictionPolicy.allowSBeam(enableSBeam)) {
         Log.d(TAG, "S Beam blocked.");
     } else {
         Log.d(TAG, "Failed blocking S Beam.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 6
MDM 4.0
Multiuser Environment
Global Scope
See Also

public boolean allowSDCardMove (boolean enable)

Since: API level 11

API to allow or disallow SDCard Move options in the device Settings.

Returns
  • true if operation is successful, else false.
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to allow or disallow SDCard Move options.
 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
 	boolean allow = false; // disallow SDCardMove
 	if (restrictionPolicy.allowSDCardMove(allow)) {
 		Log.w(TAG, "SDCardMove is not allowed");
 	} else {
 		Log.w(TAG, "Failed to set the policy.");
 	}
 } catch (SecurityException e) {
 	Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:

NOTE: Only Android users (Owner/Guest user) administrator can call this API. For container, API will return false.

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
User Scope

public boolean allowSDCardWrite (boolean allow)

Since: API level 5

API to enable or disable writing to the Secure Digital (SD) card.

Parameters
allow true to enable, false to disable
Returns
  • true if successful, else false
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to enable or disable writing to the SD card. If disabled, all possible writes to the SD card are blocked.

NOTE:

This policy is not applicable when the SD card is encrypted.

If SD card is encrypted, the files in the SD card cannot be read by other devices or PCs except for the device that encrypted it. Hence SD card encryption takes priority over this policy.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean enableSDCardWrite = true;
     restrictionPolicy.allowSDCardWrite(enableSDCardWrite);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 5
MDM 3.0
Multiuser Environment
Global Scope

public boolean allowSVoice (boolean allow)

Since: API level 6

API to allow or disallow the S Voice application on the device.

Parameters
allow true to allow, false to disallow S Voice
Returns
  • true if S Voice is successfully allowed or disallowed, false otherwise
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to allow or disallow launching the S Voice application (Samsung personal assistant). When S Voice is disabled, the user can neither set a new wake-up command nor unlock the device by using a wake-up command set prior to disallowing S Voice. In addition, once disallowed, the administrator can no longer set a new face and voice lock screen. However, the device can still be unlocked if the lock screen had already been set prior to disallowing S Voice.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 // disallow
 try {
     if (restrictionPolicy.allowSVoice(false)) {
         // S Voice application is disallowed and cannot be changed by user.
     } else {
         // failure to disallow
     }
     // allow
     if (restrictionPolicy.allowSVoice(true)) {
         // user is allowed to launch S Voice.
     } else {
         // failure to allow
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 // disallow
 try {
     if (restrictionPolicy.allowSVoice(false)) {
         // S Voice application is disallowed and cannot be changed by user.
     } else {
         // failure to disallow
     }
     // allow
     if (restrictionPolicy.allowSVoice(true)) {
         // user is allowed to launch S Voice.
     } else {
         // failure to allow
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to add the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 6
MDM 4.0
Multiuser Environment
User Scope

public boolean allowSafeMode (boolean allow)

Since: API level 6

API to allow or disallow Safe Mode boot.

Parameters
allow true to allow, false to disallow
Returns
  • true if successful, else false
Throws
SecurityException If caller does not have required permissions
Usage
Administrator can use this API to allow or disallow Safe Mode boot.
 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     // Disallow Safe Mode boot
     restrictionPolicy.allowSafeMode(false);
 } catch (SecurityException e) {
     Log.e(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to add the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 6
MDM 4.0
Multiuser Environment
Global Scope

public boolean allowScreenPinning (boolean allow)

Since: API level 17

API to allow or deny Screen Pinning on device.

Parameters
allow true to allow Screen Pinning on user space, false to block
Returns
  • true if successful, false if failed
Throws
SecurityException If caller does not have required permissions
Usage
Screen Pinning is an Android feature that allows the user to screen pin any application. A pinned application will never lose focus to any other activity, until it is cancelled by the user. Administrator could use this policy to block Screen Pinning feature on device. If it is set to false, user will not be able to pin any application and any current pinning will be cancelled. Otherwise, if it is set to true, this feature will be allowed again.
 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     // Administrator wishes to block Screen Pinning functionality
     restrictionPolicy.allowScreenPinning(false);
 } catch (RemoteException e) {
     Log.e(TAG, "Remote exception : " + e);
 }
 
For Container:
NOTE: Only Android users (Owner/Guest user) administrator can call this API. For container, API will return false.
Permission
The API usage requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 17
MDM 5.5
Multiuser Environment
User Scope

public boolean allowSettingsChanges (boolean allow)

Since: API level 2

API to allow or deny changes to Settings application.

Parameters
allow true to allow settings change, false to deny settings change.
Returns
  • true if allow setting changes is successful, else false
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to allow or prevent changes to Settings application. After disabling Settings, several changes to system preferences cannot be made.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     if (restrictionPolicy.allowSettingsChanges(false)) {
         // Settings application is disabled.
     } else {
         // Failure to restrict Settings app.
     }
     if (restrictionPolicy.allowSettingsChanges(true)) {
         // Settings application is enabled.
     } else {
         // Failure to remove restriction on Settings app.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:

NOTE: Since MDM 5.3, only Android users (Owner/Guest user) administrator can call this API. For container, API will return false.

 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     if (restrictionPolicy.allowSettingsChanges(false)) {
         // Settings application is disabled.
     } else {
         // Failure to restrict Settings app.
     }
     if (restrictionPolicy.allowSettingsChanges(true)) {
         // Settings application is enabled.
     } else {
         // Failure to remove restriction on Settings app.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 2
MDM 2.0
Multiuser Environment
User Scope

public boolean allowShareList (boolean allow)

Since: API level 6

API to allow or disallow display of Share Via List.

Parameters
allow true to allow, false to disallow.
Returns
  • true if success, false otherwise.
Usage

Administrator can disable the display of the Share Via List, the Share Via List is displayed in certain applications that share data with other appplications.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     if(restrictionPolicy.allowShareList(allowShareList)) {
        Log.w(TAG, "Share List display is disabled.");
     } else {
        Log.w(TAG, "Failed to disable Share List display.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     if(restrictionPolicy.allowShareList(allowShareList)) {
        Log.w(TAG, "Share List display is disabled.");
     } else {
        Log.w(TAG, "Failed to disable Share List display.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 6
MDM 4.0
Multiuser Environment
User Scope

public boolean allowSmartClipMode (boolean allow)

Since: API level 13

API to allow or deny Smart Clip on device.

Parameters
allow true to allow smart clip on user space, false to block
Returns
  • true if successful, false if failed
Throws
SecurityException If caller does not have required permissions
Usage
Administrator could use this policy to block Smart Clip feature on device. If it is set to false, user will not be able use the stylus pen smart clip copy/paste. Otherwise, if it is set to true, this mode will be allowed again.
 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     // Administrator wishes to block smart clip functionality
     restrictionPolicy.allowSmartClipMode(false);
 } catch (RemoteException e) {
     Log.e(TAG, "Remote exception : " + e);
 }
 

For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     // Administrator wishes to block smart clip functionality.
     restrictionPolicy.allowSmartClipMode(false);
 } catch (RemoteException e) {
     Log.e(TAG, "Remote exception : " + e);
 }
 

Permission
The API usage requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 13
MDM 5.2
Multiuser Environment
User Scope

public boolean allowStatusBarExpansion (boolean allow)

Since: API level 5

API to allow or disallow status bar expansion.

Parameters
allow true to enable status bar expansion, false to disallow status bar expansion.
Returns
  • true if allowing/disallowing status bar expansion was successful, else false.
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to allow or disallow expansion of the status bar. If set to false (disallow), status bar expansion is disabled, and the user cannot access controls on the status bar until the administrator enables expansion again. If set to true (allow), status bar expansion is enabled. All notifications are still visible on the status bar even when expansion is disabled. This API also disables expansion of the recent applications panel on tablets.

NOTE: Since MDM 5.3, only owner (User 0) administrator can call this API. For guest users, API will return false.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     if (restrictionPolicy.allowStatusBarExpansion(false)) {
         // status bar expansion is disabled and cannot be accessed by user.
     } else {
         // failure to enable
     }
     // enable
     if (restrictionPolicy.allowStatusBarExpansion(true)) {
         // status bar expansion is enabled.
     } else {
         // failure to disable
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:

NOTE: Since MDM 5.3, only COM (Kiosk) container administrator can call this API. For other container types, API will return false.

 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     if (restrictionPolicy.allowStatusBarExpansion(false)) {
         // status bar expansion is disabled and cannot be accessed by user.
     } else {
         // failure to enable
     }
     // enable
     if (restrictionPolicy.allowStatusBarExpansion(true)) {
         // status bar expansion is enabled.
     } else {
         // failure to disable
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 5
MDM 3.0
Multiuser Environment
User Scope

public boolean allowStopSystemApp (boolean allow)

Since: API level 6

API to allow or disallow user to stop system-signed applications.

Parameters
allow true to allow, false to disallow.
Returns
  • true if successful, false otherwise.
Throws
SecurityException If caller does not have required permissions
Usage

An administrator can use this API to disable a force stop button for system-signed applications on the application Info UI in Settings and the stop button for the system application process on the Running application UI in Settings.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean enableSystemAppButtons = true;
     if (restrictionPolicy.allowStopSystemApp(enableSystemAppButtons)) {
         Log.w(TAG, "System application buttons are enabled for user.");
     } else {
         Log.w(TAG, "Failed to enable system application button.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     boolean enableSystemAppButtons = true;
     if (restrictionPolicy.allowStopSystemApp(enableSystemAppButtons)) {
         Log.w(TAG, "System application buttons are enabled for user.");
     } else {
         Log.w(TAG, "Failed to enable system application button.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission which has a protection level of signature.
Since
API level 6
MDM 4.0
Multiuser Environment
User Scope

public boolean allowUsbHostStorage (boolean allow)

Since: API level 6

API to enable or disable usage of USB host storage.

Returns
  • true if allowing or disallowing USB host storage was successful, else false.
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to enable or disable the usage of USB host storage via USB OTG. If enabled, a user can connect any pen drive (portable USB storage), external HD, or Secure Digital (SD) card reader, and it is mounted as a storage drive on the device. If disabled, external storage devices are disallowed from being mounted.

NOTE:

Since MDM 5.7, This API will block All USB Host functionality.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();

 try {
     if (restrictionPolicy.allowUsbHostStorage(false)) {
         Log.d(TAG, "Usb host storage is now blocked.");
     } else {
         Log.d(TAG, "Failed to block USB host storage");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission which has a protection level of signature.
Since
API level 6
MDM 4.0
Multiuser Environment
Global Scope

public boolean allowUserMobileDataLimit (boolean allow)

Since: API level 6

API to allow or disallow the user to set the mobile data limit.

Parameters
allow true to allow, false to disallow.
Returns
  • true if successful, false otherwise.
Throws
SecurityException If caller does not have required permissions
Usage

An administrator can use this API to allow or disallow the user to set the mobile data limit. Even when disallowed user still be able to manipulate android "Warning" message.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean enableMobileDataLimit = false;
     if (restrictionPolicy.allowUserMobileDataLimit(enableMobileDataLimit)) {
         Log.d(TAG, "Successfully blocked user from setting mobile data limit.");
     } else {
         Log.d(TAG, "Failed to block user from setting mobile data limit.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 6
MDM 4.0
Multiuser Environment
Global Scope

public boolean allowVideoRecord (boolean allow)

Since: API level 6

API to allow or disallow video recording.

Parameters
allow true to allow, false to disallow.
Returns
  • true if successful, false otherwise.
Throws
SecurityException If caller does not have required permissions
Usage

An administrator can use this API to enable or disable video recording without user interaction. Tne device camera is still available after disabling video recording so that user can take pictures and use video streaming. When video recording is disabled, any ongoing video recording is interrupted.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean enableVideoRecording = false;
     if (restrictionPolicy.allowVideoRecord(enableVideoRecording)) {
         Log.w(TAG, "Video recording blocked.");
     } else {
         Log.w(TAG, "Failed to block video recording.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     boolean enableVideoRecording = false;
     if (restrictionPolicy.allowVideoRecord(enableVideoRecording)) {
         Log.w(TAG, "Video recording blocked.");
     } else {
         Log.w(TAG, "Failed to block video recording.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_HW_CONTROL" permission which has a protection level of signature.
Since
API level 6
MDM 4.0
Multiuser Environment
User Scope

public boolean allowVpn (boolean allow)

Since: API level 4

API to allow or disallow the user to use the native virtual private network (VPN) functionality.

Parameters
allow true to allow user to use native VPN, false to disallow user from using native VPN
Returns
  • true if operation is successful, false for failure
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to allow or disallow use of the native VPN functionality. If set to false, the user cannot establish a VPN session, and the UI for using VPN through the Settings application is inaccessible.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean result = restrictionPolicy.allowVpn(false);
     if (true == result) {
         // Native VPN functionality is disabled and cannot be enabled by user.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 4
MDM 2.2
Multiuser Environment
Global Scope
See Also

public boolean allowWallpaperChange (boolean allow)

Since: API level 5

API to allow or deny changing the device wallpaper.

Parameters
allow true to allow user to change wallpaper, false to disallow user to change wallpaper.
Returns
  • true if allowing or disallowing wallpaper change was successful, else false.
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to allow or deny the user to change the device wallpaper. If set to false, changing wallpaper is disabled, and the user cannot change it until the administrator enables the change again; A toast with the message "Security policy restricts changing wallpaper" is shown when the user tries to change the wallpaper. If set to true, the wallpaper change UI control is enabled. Enabling wallpaper change has no effect until the user attempts again to change the wallpaper.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     if (restrictionPolicy.allowWallpaperChange(false)) {
         // Wallpaper change is disabled and cannot be changed by user.
     } else {
         // failure to enable
     }
     // enable
     if (restrictionPolicy.allowWallpaperChange(true)) {
         // user allowed to change wallpaper.
     } else {
         // failure to disable
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:

NOTE: Since MDM 5.3, only Android users (Owner/Guest user) administrator can call this API. For container, API will return false.

 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     if (restrictionPolicy.allowWallpaperChange(false)) {
         // Wallpaper change is disabled and cannot be changed by user.
     } else {
         // failure to enable
     }
     // enable
     if (restrictionPolicy.allowWallpaperChange(true)) {
         // user allowed to change wallpaper.
     } else {
         // failure to disable
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 5
MDM 3.0
Multiuser Environment
User Scope

public boolean allowWiFi (boolean enable)

Since: API level 2

API to enable or disable Wi-Fi access.

Parameters
enable true to enable, false to disable
Returns
  • true if operation is successful, else false
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can disable or enabled Wi-Fi access without user interaction. User or third-party applications cannot enable Wi-Fi access once it is disabled. Wi-Fi is turned off and disabled if it is turned on when this API is called. If set to true, the Wi-Fi UI setting is enabled for user access but Wi-Fi functionality is not enabled. Wi-Fi Direct and S-Beam features which depend on this policy will also be affected by this setting. Even with disabled Wifi access, Wifi scanning is still possible.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 // disable wi-fi UI control
 try {

     boolean result = restrictionPolicy.allowWiFi(false);
     if (true == result) {
         // Wi-Fi is disabled and cannot be enabled by user.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 // enable Wi-Fi UI control
 try {

     boolean result = restrictionPolicy.allowWiFi(true);
     if (true == result) {
         // Wi-Fi UI control is enabled and user can change settings.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_WIFI" permission with a protection level of signature.
Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean allowWifiDirect (boolean allow)

Since: API level 6

API to allow or disallow Wi-Fi Direct.

Parameters
allow true to allow, false to disallow.
Returns
  • true if successful, false otherwise.
Throws
SecurityException
SecurityException If caller does not have required permissions
Usage

An administrator can enable or disable Wi-Fi Direct without user interaction. When Wi-Fi Direct is disabled, any ongoing Wi-Fi Direct connection is interrupted, and the user cannot turn on Wi-Fi Direct. S-Beam feature which depend on this policy will also be affected by this setting.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean enableWifiDirect = false;
     if (restrictionPolicy.allowWifiDirect(enableWifiDirect)) {
         Log.w(TAG, "Wi-Fi Direct blocked.");
     } else {
         Log.w(TAG, "Failed to block Wi-Fi Direct.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 6
MDM 4.0
Multiuser Environment
Global Scope

public boolean enableWearablePolicy (int device, boolean enable)

Since: API level 19

To be deprecated since API level 25

API to enable or disable wearable policy for given wearable device type.

Parameters
device wearable device type. WEARABLE_GEAR_DEVICE
enable true to enable, false to disable
Returns
  • true if successful, else false
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to enable or disable wearable policy for given wearable device type. Once enabled, enforced Application and Restriction policies on phone will be enforced to wearable device.
 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 // enable wearable policy for Gear device.
 try {
     boolean result = restrictionPolicy.enableWearablePolicy(RestrictionPolicy.WEARABLE_GEAR_DEVICE, true);
     if (true == result) {
         // wearable policy is enabled and Gear device will be managed by IT Policy.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission which has a protection level of signature.
Since
API level 19
MDM 5.6
Multiuser Environment
Global Scope

public String getAllowedFOTAVersion ()

Since: API level 20

API to get allowed FOTA version on device.

Returns
  • String Allowed FOTA version
Usage
An administrator can use this API to get allowed FOTA version that allows for updating.
 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 // set final version that allows for updating
 try {
     String result = restrictionPolicy.getAllowedFOTAVersion();
     if (result == null) {
         // this policy not set by any admin
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Since
API level 20
MDM 5.7
Multiuser Environment
Global Scope

public int getUsbExceptionList ()

Since: API level 26

API to get USB class exception list.

Returns
  • an integer ranging from -1 to 131071 if success, else -1000.
    -1 for defualt case
    0 for ABL case
    1 to 131071 for exception masks (Check binary value. 1 for USB exception, 0 for block)
Usage
An administrator can use this API to get USB class exception list (Device wide).
 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 int usbExceptionMask = restrictionPolicy.getUsbExceptionList();
 
Since
API level 23
MDM 5.9
Multiuser Environment
Global Scope

public boolean isAirplaneModeAllowed ()

Since: API level 11

API to check whether the Airplane Mode is allowed or not.

Returns
  • true if Airplane Mode is allowed, else false
Usage
Administrator can check whether the Airplane Mode is allowed or not. The default value will be true.
Since
API level 11
MDM 5.0
Multiuser Environment
Global Scope

public boolean isAndroidBeamAllowed ()

Since: API level 6

API to check whether Android Beam is allowed on the device.

Returns
  • true if Android Beam is allowed, false otherwise
Usage
An administrator can check whether Android Beam is allowed on device. The default value is true.
Since
API level 6
MDM 4.0
Multiuser Environment
Global Scope

public boolean isAudioRecordAllowed ()

Since: API level 6

API to check whether audio recording is allowed.

Returns
  • true if audio recording is allowed, false if audio recording is disallowed
Usage
An administrator can use this API to check whether audio recording is allowed and take appropriate action based on enterprise policy.
Since
API level 6
MDM 4.0
Multiuser Environment
User Scope

public boolean isBackgroundDataEnabled ()

Since: API level 2

API to check whether background data usage is enabled.

Returns
  • true if background data is enabled, false if background data is disabled
Usage
An administrator can use this API to check whether background data usage is allowed. The default value is true (enabled).
Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean isBackgroundProcessLimitAllowed ()

Since: API level 6

API to check whether a limit on background processes is allowed.

Returns
  • true if limit on background processes is allowed, false otherwise
Usage
An administrator can use this API to check whether a limit on background processes is allowed and take appropriate action based on enterprise policy.
Since
API level 6
MDM 4.0
Multiuser Environment
Global Scope

public boolean isBackupAllowed (boolean showMsg)

Since: API level 2

API to check whether Google backup is enabled.

For a device managed by multiple administrators, Google backup is disabled if at least one administrator has disabled it.

Parameters
showMsg Flag to show a warning toast when Google backup is disabled
Returns
  • true if Google backup is enabled, false if Google backup is disabled
Usage
An administrator can use this API to check whether Google backup is enabled. The default value is true (enabled).
Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean isBluetoothEnabled (boolean showMsg)

Since: API level 2

API to check whether Bluetooth is enabled.

Parameters
showMsg Flag to show a warning toast when Bluetooth is disabled
Returns
  • true if Bluetooth is enabled, false if Bluetooth is disabled
Usage
An administrator can use this API to check whether Bluetooth is enabled and take appropriate action based on enterprise policy. The default value is true (enabled).
Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean isBluetoothTetheringEnabled ()

Since: API level 2

API to check whether Bluetooth tethering is enabled.

Returns
  • true if enabled, false if not enabled or fail.
Usage
An administrator can use this API to check whether the device can share its network data through Bluetooth. The default value is true (enabled).

For a device managed by multiple administrators, Bluetooth tethering is disabled if at least one administrator has disabled it.

Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean isCameraEnabled (boolean showMsg)

Since: API level 2

API to check whether the camera is enabled.

Parameters
showMsg Flag to show a warning toast when camera is disabled
Returns
  • true if camera is enabled, false if camera is disabled
Usage
An administrator can check whether the camera is enabled and take appropriate action based on enterprise policy. The default value is true (enabled).
Since
API level 2
MDM 2.0
Multiuser Environment
User Scope

public boolean isCellularDataAllowed ()

Since: API level 2

API to check whether cellular data connection is enabled.

Returns
  • true if cellular data is enabled, false if cellular data is disabled.
Usage
An administrator can use this API to check whether a data connection through the SIM is allowed.

For a device managed by multiple administrators, cellular data is disabled if at least one administrator has disabled it.

Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean isClipboardAllowed (boolean showMsg)

Since: API level 2

API to check whether access to clipboard is enabled.

Parameters
showMsg Flag to show a warning toast when clipboard operation is disabled.
Returns
  • true if access to clipboard is enabled, false if access to clipboard is disabled.
Usage
An administrator can use this API to check whether cut, copy, and paste operations that access the clipboard are allowed. The default value is true (enabled).

For a device managed by multiple administrators, access to the clipboard is disabled if at least one administrator has disabled it.

Since
API level 2
MDM 2.0
Multiuser Environment
User Scope

public boolean isClipboardShareAllowed ()

Since: API level 6

API to check whether sharing the clipboard between applications is allowed

Returns
  • true if successful, else false
Usage
An administrator can use this API to check whether a global clipboard is shared between applications.
Since
API level 6
MDM 4.0
Multiuser Environment
User Scope

public boolean isDataSavingAllowed ()

Since: API level 21

API to check whether Data Saving is allowed or not.

Returns
  • true if allowed, false if disallowed
Usage
An administrator can use this API to check whether "Data Saver" feature is allowed or not in the device.
 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 boolean result = false;
 try {
     // Check Data Saver is allowed
     result = restrictionPolicy.isDataSavingAllowed();
 } catch (RemoteException e) {
     Log.e(TAG, "Remote exception : " + e);
 }
 
Since
API level 21
MDM 5.7.1
Multiuser Environment
Global Scope

public boolean isDeveloperModeAllowed ()

Since: API level 11

API to check whether Developer Mode option in Settings application is allowed to be turned on along with the inner settings.

Returns
  • true if Developer Mode option is allowed, false otherwise
Usage
An administrator can use this API to check whether the Developer Mode option in Settings application is allowed to be set. The default value is false (disallowed).
Since
API level 11
MDM 5.0
Multiuser Environment
Global Scope

public boolean isFactoryResetAllowed ()

Since: API level 2

API to check whether the user is allowed to perform a factory reset.

Returns
  • true if allowed, false if not allowed
Usage
An administrator can use this API to check whether a user is allowed to perform a factory reset. The default value is true (allowed).
Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean isFastEncryptionAllowed (boolean showMsg)

Since: API level 11

API to check whether or not Fast Encryption is enforced.

Returns
  • true if Fast Encryption is enforced, false if Fast Encryption is not enforced.
Usage
An administrator can use this API to check whether Fast Encryption is enforced.
Since
API level 11
MDM 5.0
Multiuser Environment
Global Scope

public boolean isFirmwareRecoveryAllowed (boolean showMsg)

Since: API level 11

API to check whether or not firmware recovery are allowed.

Returns
  • true if firmware recovery is allowed , false if disallowed.
Usage
An administrator can use this API to check whether firmware update is allowed or not.
Since
API level 11
MDM 5.0
Multiuser Environment
Global Scope

public boolean isGoogleAccountsAutoSyncAllowed ()

Since: API level 11

API to check whether or not Google accounts are allowed to sync automatically.

Returns
  • true if auto sync is allowed for google accounts, false if disallowed.
Usage
An administrator can use this API to check whether google accounts are allowed to automatically sync.
Since
API level 11
MDM 5.0
Multiuser Environment
User Scope

public boolean isGoogleCrashReportAllowed ()

Since: API level 5

API to check whether sending a crash report to Google is enabled.

Returns
  • true if Google crash report is enabled, else false
Usage
An administrator can use this API to check whether sending a crash report to Google is enabled. The default value is true (enabled).
Since
API level 5
MDM 3.0
Multiuser Environment
User Scope

public boolean isHeadphoneEnabled (boolean showMsg)

Since: API level 11

API to check whether or not Headphone is enabled.

Returns
  • true Headphone is enabled, false if disabled.
Usage
An administrator can use this API to check whether Headphone is enabled.
Since
API level 11
MDM 5.0
Multiuser Environment
Global Scope

public boolean isHomeKeyEnabled ()

Since: API level 2

API to check whether home key functionality is enabled.

For a device managed by multiple administrators, the home key is non-functional if at least one administrator has disabled it.

Returns
  • true if home key is enabled, false if home key is disabled
Usage
An administrator can use this API to check whether home key functionality is enabled. The default value is true (enabled).
Since
API level 2
MDM 2.0
Multiuser Environment
User Scope

public boolean isKillingActivitiesOnLeaveAllowed ()

Since: API level 6

API to check whether killing an activity when the user leaves it is allowed.

Returns
  • true if killing activities on leave is allowed, false otherwise
Usage
An administrator can use this API to check whether killing an activity when the user leaves it is allowed and take appropriate action based on enterprise policy.
Since
API level 6
MDM 4.0
Multiuser Environment
Global Scope

public boolean isLockScreenEnabled (boolean showMsg)

Since: API level 11

API to check whether or not lockscreen is enabled.

Returns
  • true if lockscreen is enabled, false if disabled.
Usage
An administrator can use this API to check whether lockscreen is enabled.
Since
API level 11
MDM 5.0
Multiuser Environment
User Scope

public boolean isLockScreenViewAllowed (int view)

Since: API level 6

API to check whether the usage of lock screen views is allowed or not.

Returns
  • true if allowed, else false.
Since
API level 6
MDM 4.0
Multiuser Environment
Global Scope

public boolean isMicrophoneEnabled (boolean showMsg)

Since: API level 2

API to check whether the microphone is enabled.

Parameters
showMsg Flag to show a warning toast when microphone is disabled
Returns
  • true if microphone is enabled, false if microphone is disabled
Usage
An administrator can use this API to check whether the microphone is enabled and take appropriate action based on enterprise policy. The default value is true (enabled).
Since
API level 2
MDM 2.0
Multiuser Environment
User Scope

public boolean isMockLocationEnabled ()

Since: API level 2

API to check whether mock GPS location is enabled.

Returns
  • true if mock location is enabled, false if mock location is disabled
Usage
An administrator can use this API to check whether the function to show a fake GPS location is enabled. The default value is true (enabled).
Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean isNonMarketAppAllowed ()

Since: API level 2

API to check whether non-Google-Play application installation is allowed.

Returns
  • true if non-Google-Play application installation is allowed, false if non-Google-Play application installation is disallowed.
Usage
An administrator can use this API to check whether non-Google-Play application installation is allowed. The default value is true (enabled).

For a device managed by multiple administrators, enabling access for application installation is disabled if at least one administrator has disabled it.

Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean isOTAUpgradeAllowed ()

Since: API level 5

API to check whether upgrading the operating system (OS) over-the-air (OTA) is enabled.

Returns
  • true if OTA upgrade is enabled, else false
Usage
An administrator can use this API to check whether upgrading the OS OTA is enabled. The default value is true (enabled).
Since
API level 5
MDM 3.0
Multiuser Environment
Global Scope

public boolean isPowerOffAllowed ()

Since: API level 5

API to check whether the user is allowed to power off the device by pressing the power button. For a device managed by multiple administrators, each administrator can apply a different status. Powering off using the power button is disabled if at least one administrator disables it. Powering off is enabled only if all administrators enable it.

Returns
  • true if power off is allowed, else false.
Since
API level 5
MDM 3.0
Multiuser Environment
User Scope

public boolean isPowerSavingModeAllowed ()

Since: API level 22

API to check whether Power Saving Mode is allowed or not.

Returns
  • true if allowed, false if disallowed.
Usage
An administrator can use this API to check whether "Power Saving Mode" feature is allowed or not in the device.
 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 boolean result = false;
 try {
     // Check Power Saving Mode is allowed
     result = restrictionPolicy.isPowerSavingModeAllowed();
 } catch (RemoteException e) {
     Log.e(TAG, "Remote exception : " + e);
 }
 
Since
API level 22
MDM 5.8
Multiuser Environment
Global Scope

public boolean isSBeamAllowed ()

Since: API level 6

API to check whether S Beam is allowed on the device.

Returns
  • true if S Beam is allowed, false otherwise
Usage
An administrator can check whether S Beam is allowed on the device. The default value is true.
Since
API level 6
MDM 4.0
Multiuser Environment
Global Scope

public boolean isSDCardMoveAllowed (boolean showMsg)

Since: API level 11

API to check whether or not SDCard Move is allowed.

Returns
  • true if SDCard Move is allowed, false if disallowed.
Usage
An administrator can use this API to check whether SDCard Move is allowed.
Since
API level 11
MDM 5.0
Multiuser Environment
User Scope

public boolean isSDCardWriteAllowed ()

Since: API level 5

API to check whether writing to the Secure Digital (SD) card is enabled.

Returns
  • true if writing to SD card is enabled, else false
Usage
An administrator can use this API to check whether writing to the SD card is enabled. The default value is true (enabled).
Since
API level 5
MDM 3.0
Multiuser Environment
Global Scope

public boolean isSVoiceAllowed ()

Since: API level 6

API to check whether S Voice application is allowed to be launched.

Returns
  • true if S Voice is allowed, false otherwise
Usage
An administrator can use this API to check whether the S Voice application is allowed to be launched. The default value is true (allowed).
Since
API level 6
MDM 4.0
Multiuser Environment
User Scope

public boolean isSafeModeAllowed ()

Since: API level 6

API to check whether the Safe Mode boot is allowed or not.

Returns
  • true if Safe Mode boot is allowed, else false
Usage
Administrator can check whether the Safe Mode boot is allowed or not to user. The default value will be true.
Since
API level 6
MDM 4.0
Multiuser Environment
Global Scope

public boolean isScreenCaptureEnabled (boolean showMsg)

Since: API level 2

API to check whether screen capture setting is enabled.

Parameters
showMsg Flag to show a warning toast when screen capture is disabled
Returns
  • true if enabled, false if disabled or fail
Usage
An administrator can use this API to check whether the user can take a screenshot of the device screen. The default value is true (enabled).
Since
API level 2
MDM 2.0
Multiuser Environment
User Scope

public boolean isScreenPinningAllowed ()

Since: API level 17

API to check whether Screen Pinning is allowed.

Returns
  • true if Screen Pinning is allowed, false otherwise.
Usage
An administrator can use this API to check whether Screen Pinning is allowed. The default value is true (allowed).
 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 boolean result = true;
 try {
     // Administrator wants to check if Screen Pinning functionality
     // is allowed or not at user space
     result = restrictionPolicy.isScreenPinningAllowed();
 } catch (RemoteException e) {
     Log.e(TAG, "Remote exception : " + e);
 }
 
For Container:
NOTE: Only Android users (Owner/Guest user) administrator can call this API. For container, API will return false.
Since
API level 17
MDM 5.5
Multiuser Environment
User Scope

public boolean isSdCardEnabled ()

Since: API level 2

API to check whether Secure Digital (SD) card access is enabled.

Returns
  • true if access to SD card is enabled, false if access to SD card is disabled.
Usage
An administrator can use this API to check whether data transfer to the SD card is allowed. The default value is true (enabled).

For a device managed by multiple administrators, access to the SD card is disabled if at least one administrator has disabled it.

Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean isSettingsChangesAllowed (boolean showMsg)

Since: API level 2

API to check whether the user is allowed to change device settings through Settings application.

Parameters
showMsg true to show a message to the user, false to not show
Returns
  • true if changes to settings are allowed, false if changes to settings are disallowed.
Usage
An administrator can use this API to check whether a user can change device settings through the Setting application. The default value is true (enabled).

For a device managed by multiple administrators, a user cannot change settings if at least one administrator has disallowed it.

Since
API level 2
MDM 2.0
Multiuser Environment
User Scope

public boolean isShareListAllowed ()

Since: API level 6

API to check whether display of Share Via List is allowed or not.

Administrator can check whether display of Share Via List is allowed or not, and take appropriate action based on enterprise policy.

Returns
  • true - display of Share Via List is allowed, false - display is disallowed
Since
API level 6
MDM 4.0
Multiuser Environment
User Scope

public boolean isSmartClipModeAllowed ()

Since: API level 13

API to check whether Smart Clip is allowed.

Returns
  • true if smart clip is allowed, false otherwise.
Usage
An administrator can use this API to check whether Smart Clip is allowed. The default value is true (allowed).

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 boolean result = true;
 try {
     // Administrator wants to check if Smart Clip functionality
     // is allowed or not at user space
     result = restrictionPolicy.isSmartClipModeAllowed();
 } catch (RemoteException e) {
     Log.e(TAG, "Remote exception : " + e);
 }
 

For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 boolean result = true;
 try {
     // Administrator wants to check if Smart Clip functionality
     // is allowed or not at user space
     result = restrictionPolicy.isSmartClipModeAllowed();
 } catch (RemoteException e) {
     Log.e(TAG, "Remote exception : " + e);
 }
 

Since
API level 13
MDM 5.2
Multiuser Environment
User Scope

public boolean isStatusBarExpansionAllowed ()

Since: API level 5

API to check whether status bar expansion is allowed.

Returns
  • true if status bar expansion is allowed, else false.
Usage
An administrator can use this API to check whether status bar expansion is allowed. The default value is true (allowed).

Since
API level 5
MDM 3.0
Multiuser Environment
User Scope

public boolean isStopSystemAppAllowed ()

Since: API level 6

API to check whether the user is allowed to stop system-signed applications.

Returns
  • true if stopping system sign application is allowed, false if disallowed
Usage
An administrator can use this API to check whether a user is allowed to stop system-signed applications and take appropriate action based on enterprise policy.
Since
API level 6
MDM 4.0
Multiuser Environment
User Scope

public boolean isTetheringEnabled ()

Since: API level 2

API to check whether tethering is enabled for all interfaces.

Returns
  • true if enabled, false if disabled
Usage
An administrator can use this API to check whether the device can share its internet connection with other devices over all interfaces (USB, WiFi, bluetooth). The default value is true (enabled).

For a device managed by multiple administrators, all interfaces are disabled if at least one administrator has disabled each one.

Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean isUsbDebuggingEnabled ()

Since: API level 2

API to check whether USB debugging is enabled.

Returns
  • true if USB debugging is enabled, false if USB debugging is disabled.
Usage
An administrator can use this API to check whether USB debugging is enabled.

For a device managed by multiple administrators, USB debugging is disabled if at least one administrator has disabled it.

Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean isUsbHostStorageAllowed ()

Since: API level 6

API to check whether USB host storage is allowed.

Returns
  • true if USB host storage is allowed, false if USB host storage is blocked
Usage
An administrator can use this API to check whether USB host storage devices are allowed to be mounted. Through USB OTG, a user can connect any pen drive (portable USB storage), external HD, or SD card reader, and it is mounted as a storage drive on the device.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();

 try {
     if (restrictionPolicy.isUsbHostStorageAllowed()) {
         Log.d(TAG, "USB host storage is allowed");
     } else {
         Log.w(TAG, "USB host storage is disallowed");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 

Since
API level 6
MDM 4.0
Multiuser Environment
Global Scope

public boolean isUsbMediaPlayerAvailable (boolean showMsg)

Since: API level 2

API to check whether MTP (media transfer protocol) is allowed or not.

Parameters
showMsg Flag to show a warning toast.
Returns
  • true if MTP is allowed on the device, false if MTP is disallowed.
Usage
An administrator can use this API to check whether MTP (media transfer protocol) is allowed or not. The default value is true (allowed).

For a device managed by multiple administrators, MTP is disallowed if at least one administrator has disabled it.

Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean isUsbTetheringEnabled ()

Since: API level 2

API to check whether USB tethering is enabled.

Returns
  • true if enabled, false if disabled.
Usage
An administrator can use this API to check whether the device can share its network data through a USB connection. The default value is true (enabled).

For a device managed by multiple administrators, this method returns disabled if at least one administrator has disabled USB tethering.

Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean isUserMobileDataLimitAllowed ()

Since: API level 6

API to check whether the user is allowed to set the mobile data limit.

Returns
  • true if user is allowed to set mobile data limit, false otherwise
Usage
An administrator can use this API to check whether the user is allowed to set the mobile data limit and take appropriate action based on enterprise policy.
Since
API level 6
MDM 4.0
Multiuser Environment
Global Scope

public boolean isVideoRecordAllowed ()

Since: API level 6

API to check whether video recording is allowed.

Returns
  • true if video recording is allowed, false if video recording is disallowed
Usage
An administrator can use this API to check whether video recording is allowed and take appropriate action based on enterprise policy.
Since
API level 6
MDM 4.0
Multiuser Environment
User Scope

public boolean isVpnAllowed ()

Since: API level 4

API to check whether native virtual private network (VPN) functionality is allowed.

Returns
  • true if allowed, false if disallowed
Usage
An administrator can use this API to check whether a user can use the native VPN functionality. The default value is true (allowed).
Since
API level 4
MDM 2.2
Multiuser Environment
Global Scope

public boolean isWallpaperChangeAllowed ()

Since: API level 5

API to check whether the user is allowed to change the wallpaper.

Returns
  • true if wallpaper change is allowed, else false.
Usage
An administrator can use this API to check whether the user is allowed to change the device wallpaper. The default value is true (allowed).

*

Since
API level 5
MDM 3.0
Multiuser Environment
User Scope

public boolean isWearablePolicyEnabled (int device)

Since: API level 19

To be deprecated since API level 25

API to check whether wearable policy is enabled for given wearable device type.

Parameters
device wearable device type. WEARABLE_GEAR_DEVICE
Returns
  • true if wearable policy is enabled, false if wearable policy is disabled
Usage
An administrator can use this API to check whether wearable policy is enabled or not.
 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 boolean result = false;
 try {
     // Check whether wearable policy is enabled or not
     result = restrictionPolicy.isWearablePolicyEnabled(RestrictionPolicy.WEARABLE_GEAR_DEVICE);
 } catch (RemoteException e) {
     Log.e(TAG, "Remote exception : " + e);
 }
 
Since
API level 19
MDM 5.6
Multiuser Environment
Global Scope

public boolean isWiFiEnabled (boolean showMsg)

Since: API level 2

API to check whether Wi-Fi is enabled.

Parameters
showMsg Flag to show a warning toast when Wi-Fi is disabled
Returns
  • true if Wi-Fi is enabled, false if Wi-Fi is disabled
Usage
An administrator can use this API to check whether Wi-Fi is enabled and take appropriate action based on enterprise policy. The default value is true (enabled).
Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean isWifiDirectAllowed ()

Since: API level 6

API to check whether Wi-Fi Direct is allowed.

Returns
  • true if Wi-Fi Direct is allowed, false if Wi-Fi Direct is disallowed
Usage
An administrator can use this API to check whether Wi-Fi Direct is allowed and take appropriate action based on enterprise policy.
Since
API level 6
MDM 4.0
Multiuser Environment
Global Scope

public boolean isWifiTetheringEnabled ()

Since: API level 2

API to check whether Wi-Fi tethering is enabled.

Returns
  • true if enabled, false if disabled or fail
Usage
An administrator can use this API to check whether the device can share its network data through a Wi-Fi connection. The default value is true (enabled).

For a device managed by multiple administrators, the Wi-Fi connection is disabled if at least one administrator has disabled it.

Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean setAllowNonMarketApps (boolean allow)

Since: API level 2

API to allow or disallow installation of non-Google-Play applications.

Parameters
allow true to allow installation of non-Google-Play application, false to disallow installation of non-Google-Play application.
Returns
  • true if setting access to installation of non-Google-Play application is successful, else false
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to allow or disallow installation of non-Google-Play applications. If set to false, installation of non-Google-Play applications is disabled, and the user cannot access the UI until the administrator enables access again. If set to true, UI access to enabling installation of non-Google-Play applications is enabled. Enabling UI access does not enable the actual functionality.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 // disable
 try {
     if (restrictionPolicy.setAllowNonMarketApps(false)) {
         // Non-Google-Play application installation is disabled and cannot be enabled
         // by user.
     } else {
         // failure to enable UI access
     }
     // enable
     if (restrictionPolicy.setAllowNonMarketApps(true)) {
         // user allowed to change non-Google-Play application installation.
     } else {
         // failure to disable UI access
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean setAllowedFOTAVersion (String version, Bundle bundle)

Since: API level 20

API to set allowed FOTA version on device.

Parameters
version Allowed FOTA version. Pass this value in format "ap_version/csc_version/cp_version" or "ap_version/csc_version/" if device do not support cp. Passing null will reset previous set version.
bundle Bundle for extra to pass Corporation Id key UPDATE_FOTA_CORPID. Pass this value in format "mdm_id/customer_id/group_id". Passing null will fail.
NOTE: This parameter is supported from MDM 5.7.1. If both version and bundle are null, reset previous set value.
Returns
  • true if successfully API call, else false. Actual results are passed by intent
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to set allowed FOTA version (Enterprise FOTA) that allows for updating. User can not update device to the higher version of administrator set version. If this API returns true, system will broadcast intent with action ACTION_UPDATE_FOTA_VERSION_RESULT with string EXTRA_UPDATE_FOTA_VERSION_STATUS.
For details about how to deploy EFOTA, including information about using the REST API calls and getting authorization tokens, see the EFOTA Developer Guide.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 // set final version that allows for updating
 try {
     Bundle bundle = new Bundle();
     String str_corpId = "MDM_ID/Customer_ID/Group_ID";
     bundle.putString(RestrictionPolicy.UPDATE_FOTA_CORPID, str_corpId);
     boolean result = restrictionPolicy.setAllowedFOTAVersion("G920FXXU3DPDO/G920FXXU3DPA1/G920FOXA3DPD2", bundle);
     if (true == result) {
         // IT admin will be received the result by intent
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission which has a protection level of signature.
Since
API level 20
MDM 5.7
Multiuser Environment
Global Scope

public boolean setBackgroundData (boolean enable)

Since: API level 2

API to enable or disable access to manage background data usage.

Parameters
enable true to enable, false to disable
Returns
  • true if successful, else false
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to enable or disable access to manage background data usage. If set to false, disabling access blocks the user from syncing with a server when the application is in the background. The user cannot access background data usage until the administrator enables access again. If set to true, background data control is enabled. Enabling access does not enable the background data usage functionality.

NOTE:

For Android 4.0 onward, disabling background data works only when a mobile data limit is set. When the policy is enabled, the mobile data limit is set to 100GB; the user cannot disable the mobile data limit but can change the actual limit.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 // disable
 try {
     boolean result = restrictionPolicy.setBackgroundData(false);
     if (true == result) {
         // background data transfer is disabled and cannot be enabled
         // by user.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 // enable
 try {
     boolean result = restrictionPolicy.setBackgroundData(true);
     if (true == result) {
         // background data UI control is enabled and user can change it
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope
Dependency
This API will be applied only if allowDataSaving(boolean) is not set to false.

public boolean setBackup (boolean enable)

Since: API level 2

API to enable or disable Google backup.

Parameters
enable true to enable, false to disable
Returns
  • true if successful, else false.
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to enable or disable backing up to Google servers. If disabled, the user cannot back up data onto Google servers.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean result = restrictionPolicy.setBackup(false);
     if (true == result) {
         // Data backup is disabled and cannot be enabled by user.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission which has a protection level of signature.
Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean setBluetoothTethering (boolean enable)

Since: API level 2

API to enable or disable Bluetooth tethering.

Parameters
enable true to enable, false to disable.
Returns
  • true if operation is successful, else false.
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to allow or disallow the device sharing its carrier data connection with other devices through a Bluetooth connection. If set to false, access to Bluetooth tethering functionality is disabled, and the user cannot turn it on until the administrator enables it again. If it set to true, access to Bluetooth tethering is enabled. Enabling access to Bluetooth tethering does not enable Bluetooth tethering.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 // disable
 try {
     boolean result = restrictionPolicy.setBluetoothTethering(false);
     if (true == result) {
         // UI access to Bluetooth tethering is disabled and cannot be enabled by user.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 // enable
 try {
     boolean result = restrictionPolicy.setBluetoothTethering(true);
     if (true == result) {
         // Bluetooth tethering UI control is enabled.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean setCameraState (boolean enable)

Since: API level 2

API to enable or disable the camera.

Parameters
enable true to enable, false to disable.
Returns
  • true if successful, else false.
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to disable the camera without user interaction. User or third-party applications cannot enable the camera once it is disabled. The camera is turned off and disabled if it is turned on when this API is called. The API disables the photo camera, video camera, and video telephony functionality.

NOTE:

If the policy has been applied at user 0, then camera will be disabled for user 0 as well as all the containers and users created on the device.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     // Disable camera. Other applications that use the camera cannot
     // use it.
     boolean result = restrictionPolicy.setCameraState(false);

     if (true == result) {
         // Camera is disabled and cannot be enabled by user.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     // Disable camera. Other applications that use the camera cannot
     // use it.
     boolean result = restrictionPolicy.setCameraState(false);

     if (true == result) {
         // Camera is disabled and cannot be enabled by user.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_HW_CONTROL" permission which has a protection level of signature.
Since
API level 2
MDM 2.0
Multiuser Environment
User Scope

public boolean setCellularData (boolean enable)

Since: API level 2

API to enable or disable cellular data connection.

Parameters
enable true to enable cellular data connection, false to disable cellular data connection.
Returns
  • true if setting cellular data is successful, else false
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to allow or disallow mobile data connections. If disallowed, the user cannot use its data connection through the SIM.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     if (restrictionPolicy.setCellularData(false)) {
         // cellular data is disabled and cannot be enabled by user.
     } else {
         // failure to restrict cellular data.
     }
     if (restrictionPolicy.setCellularData(true)) {
         // cellular data can be enabled by user.
     } else {
         // failure to remove restriction on cellular data.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean setClipboardEnabled (boolean enable)

Since: API level 2

API to enable or disable access to the clipboard.

Parameters
enable true to enable the clipboard, false to disable the clipboard.
Returns
  • true if setting access to clipboard is successful, else false
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to enable or disable any editing functions that require access to the clipboard, including cut, copy, and paste operations.



NOTE:

This policy only take effect over native android clipboard

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     if (restrictionPolicy.setClipboardEnabled(false)) {
         // clipboard operation like cut or copy or paste is disabled
     } else {
         // failure to restrict access to clipboard.
     }
     if (restrictionPolicy.setClipboardEnabled(true)) {
         // clipboard enabled.
     } else {
         // failure to remove restriction on access to clipboard.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     if (restrictionPolicy.setClipboardEnabled(false)) {
         // clipboard operation like cut or copy or paste is disabled
     } else {
         // failure to restrict access to clipboard.
     }
     if (restrictionPolicy.setClipboardEnabled(true)) {
         // clipboard enabled.
     } else {
         // failure to remove restriction on access to clipboard.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 2
MDM 2.0
Multiuser Environment
User Scope

public boolean setHeadphoneState (boolean enable)

Since: API level 11

API to set Headphone state.

Parameters
enable true to enable, false to disable.
Returns
  • true if operation is successful, else false.
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to enable or disable Headphone usage

NOTE:

Enabling headphones while they are still plugged in will not work because headphones need to be initialized by re-plugging in.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean allow = false; // disable HeadphoneState
     if (restrictionPolicy.setHeadphoneState(allow)) {
         Log.w(TAG, "Headphone is disabled");
     } else {
         Log.w(TAG, "Failed to set the policy.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     boolean allow = false; // disable HeadphoneState
     if (restrictionPolicy.setHeadphoneState(allow)) {
         Log.w(TAG, "Headphone is disabled");
     } else {
         Log.w(TAG, "Failed to set the policy.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
Global Scope

public boolean setHomeKeyState (boolean enable)

Since: API level 2

API to enable or disable home key functionality.

Parameters
enable true to enable, false to disable
Returns
  • true if successful, else false
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to enable or disable home key functionality. The API also blocks display of the list of recent applications when performing a long press on the home key. The user can still use the back key to navigate to other screens.

NOTE: Since MDM 5.3, only owner (User 0) administrator can call this API. For guest users, API will return false.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean result = restrictionPolicy.setHomeKeyState(false);
     if (true == result) {
         // Home key feature is disabled and user cannot use home soft/hard key.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:

NOTE: Since MDM 5.3, only COM (Kiosk) container administrator can call this API. For other container types, API will return false.

 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     boolean result = restrictionPolicy.setHomeKeyState(false);
     if (true == result) {
         // Home key feature is disabled and user cannot use home soft/hard key.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 2
MDM 2.0
Multiuser Environment
User Scope

public boolean setLockScreenState (boolean enable)

Since: API level 11

API to allow or disallow lockscreen menu in the device Settings.

Returns
  • true if operation is successful, else false.
Throws
SecurityException If caller does not have required permissions
Usage

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean allow = false; // disallow
     if (restrictionPolicy.setLockScreenState(allow)) {
         Log.w(TAG, "lockscreen menu is disabled");
     } else {
         Log.w(TAG, "Failed to set the policy.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:

NOTE: Since MDM 5.3, only Android users (Owner/Guest user) administrator can call this API. For container, API will return false.

 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     boolean allow = false; // disallow
     if (restrictionPolicy.setLockScreenState(allow)) {
         Log.w(TAG, "lockscreen menu is disabled");
     } else {
         Log.w(TAG, "Failed to set the policy.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
User Scope

public boolean setMicrophoneState (boolean enable)

Since: API level 2

API to enable or disable microphone.

Parameters
enable true to enable, false to disable
Returns
  • true if successful, else false
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can disable the microphone without user interaction. User or third-party applications cannot enable the microphone once it is disabled. The microphone is turned off and disabled if it is turned on when this API is called. This API disables only the microphone used for recording, not the phone application microphone.

NOTE:

If the policy has been applied at user 0, then microphone will be disabled for user 0 as well as all the containers and users created on the device.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     // Disable microphone. Other functionalities like voice recording cannot
     // be used
     boolean result = restrictionPolicy.setMicrophoneState(false);

     if (true == result) {
         // Microphone is disabled and user cannot use microphone-related
         // functions.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     // Disable microphone. Other functionalities like voice recording cannot
     // be used
     boolean result = restrictionPolicy.setMicrophoneState(false);

     if (true == result) {
         // Microphone is disabled and user cannot use microphone-related
         // functions.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_HW_CONTROL" permission which has a protection level of signature.
Since
API level 2
MDM 2.0
Multiuser Environment
User Scope

public boolean setMockLocation (boolean enable)

Since: API level 2

API to enable or disable mock GPS locations.

Parameters
enable true to enable, false to disable
Returns
  • true if successful, else false
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to enable or disable mocking the device's GPS location. If set to true, the device can change its actual longitude and latitude readings, and GPS applications will show the fake coordinates instead of the actual coordinates.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean result = restrictionPolicy.setMockLocation(false);
     if (true == result) {
         // mock location is disabled and cannot be enabled by user.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_LOCATION" permission with a protection level of signature.
Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean setScreenCapture (boolean enable)

Since: API level 2

API to enable or disable screen capture.

Parameters
enable true to enable, false to disable
Returns
  • true if operation is successful, else false.
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to prevent a user from taking screenshots of the device screen. The API also blocks the user from taking screenshots using the Dalvik Debug Monitor Server (DDMS).

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean result = restrictionPolicy.setScreenCapture(false);
     if (true == result) {
         // screen capture is disabled and user cannot capture device screen
         // shot.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     boolean result = restrictionPolicy.setScreenCapture(false);
     if (true == result) {
         // screen capture is disabled and user cannot capture device screen
         // shot.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 2
MDM 2.0
Multiuser Environment
User Scope

public boolean setSdCardState (boolean enable)

Since: API level 2

API to enable or disable Secure Digital (SD) card access.

Parameters
enable true to enable access to SD card, false to disable access to SD card.
Returns
  • true if setting access to SD card is successful, else false
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to enable or disable data access to the SD card. If disabled, any attempt to transfer data to the SD card fails.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     if (restrictionPolicy.setSdCardState(false)) {
         // SD card is disabled and user cannot mount/use it.
     } else {
         // failure to restrict access to SD card.
     }
     if (restrictionPolicy.setSdCardState(true)) {
         // user control of SD card is enabled.
     } else {
         // failure to remove access restriction to SD card.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_HW_CONTROL" permission with a protection level of signature.
Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean setTethering (boolean enable)

Since: API level 2

API to enable or disable all tethering interfaces.

Parameters
enable true to enable, false to disable
Returns
  • true if operation is successful, else false.
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to block the device from sharing its carrier data with another device through USB, WiFi, and Bluetooth.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();

 try {
     if (restrictionPolicy.setTethering(false)) {
         // tethering is disabled and cannot be enabled by user.
     } else {
         // failure to restrict tethering.
     }
     if (restrictionPolicy.setTethering(true)) {
         // tethring UI control is enabled.
     } else {
         // failure to remove restriction on tethering.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean setUsbDebuggingEnabled (boolean enable)

Since: API level 2

API to enable or disable USB debugging.

Parameters
enable true to enable USB debugging, false to disable USB debugging.
Returns
  • true if operation is successful, else false.
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to block USB access. This function blocks any kind of device debugging through Dalvik Debug Monitor Server (DDMS) or adb.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     if (restrictionPolicy.setUsbDebuggingEnabled(false)) {
         // USB debugging is disabled and cannot be enabled by user.
     } else {
         // failure to restrict USB debugging.
     }
     if (restrictionPolicy.setUsbDebuggingEnabled(true)) {
         // USB debugging UI control is enabled.
     } else {
         // failure to remove restriction on USB debugging.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean setUsbExceptionList (int exceptionList)

Since: API level 26

API to set USB class exception list.

Parameters
exceptionList Using RestrictionPolicy.USBInterface value. If you want to handle multiple exceptions, "USBInterface.HID.getValue() | USBInterface.HUB.getValue() | USBInterface......".
Returns
  • true if success, else false.
Usage
An administrator can use this API to set the USB device class exception list.
- If set, all USB device classes will be blocked except the classes in the exception list.
- If any class is set, the HUB class will be added automatically to the exception list.
- To reset the USB exception list, pass USBInterface.OFF.getValue().

NOTE:
A USB Composite Device is a peripheral device that supports more than one device class.
if you use this API to a USB Composite Device, please add all supported classes in the exception list.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 restrictionPolicy.setUsbExceptionList(USBInterface.HID.getValue() | USBInterface.HUB.getValue());
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 23
MDM 5.9
Multiuser Environment
Global Scope

public boolean setUsbMediaPlayerAvailability (boolean enable)

Since: API level 2

API to allow or disallow MTP (media transfer protocol).

Parameters
enable true to allow MTP, false to disallow MTP.
Returns
  • true if MTP is successfully allowed or disallowed, false otherwise
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to allow or disallow MTP (media transfer protocol). Since Android only supports USB file transfer through MTP, using this API will allow the administrator to block any kind of file transfer through USB. PTP (picture transfer protocol) is a subset of MTP and will also be affected by this API.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     if (restrictionPolicy.setUsbMediaPlayerAvailability(false)) {
         // MTP is disallowed and cannot be enabled by user.
     } else {
         // Failure to disallow MTP.
     }
     if (restrictionPolicy.setUsbMediaPlayerAvailability(true)) {
         // MTP is allowed
     } else {
         // Failure to allow MTP.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean setUsbTethering (boolean enable)

Since: API level 2

API to enable or disable USB tethering.

Parameters
enable true to enable, false to disable
Returns
  • true if operation is successful, else false
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to allow or disallow the device sharing its carrier data connection with other devices through a USB connection. If set to false, access to USB tethering functionality is disabled, and the user cannot turn it on until the administrator enables it again. If it set to true, access to USB tethering is enabled. Enabling access to USB tethering does not enable USB tethering.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 // disable
 try {
     if (restrictionPolicy.setUsbTethering(false)) {
         // USB tethering access is disabled and cannot be enabled by user.
     } else {
         // failure restricting USB tethering.
     }
     // enable
     if (restrictionPolicy.setUsbTethering(true)) {
         // USB tethering UI control is enabled.
     } else {
         // failure removing restriction to USB tethering.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean setWifiTethering (boolean enable)

Since: API level 2

API to enable or disable Wi-Fi tethering.

Parameters
enable true to enable, false to disable
Returns
  • true if operation is successful, else false
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to allow or disallow the device sharing its carrier data connection with other devices through a Wi-Fi connection. If set to false, access to Wi-Fi tethering functionality is disabled, and the user cannot turn it on until the administrator enables it again. If set to true, access to Wi-Fi tethering is enabled. Enabling access to Wi-Fi tethering does not enable Wi-Fi tethering.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 // disable
 try {
     if (restrictionPolicy.setWifiTethering(false)) {
         // Wi-Fi tethring is disabled and cannot be enabled by user.
     } else {
         // failure restricting Wi-Fi tethering.
     }
     // enable
     if (restrictionPolicy.setWifiTethering(true)) {
         // Wi-Fi tethering UI control is enabled.
     } else {
         // failure removing restriction of Wi-Fi tethering.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.
Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope