Since: API level 11
public class

SEAMSPolicy

extends Object
java.lang.Object
   ↳ com.samsung.android.knox.seams.SEAMSPolicy

Class Overview

This class provides SEAMS (SE Android Management) APIs.

Since
API level 11
KNOX 2.0

Summary

Constants
int CLIPBOARD_DISABLE_BIDIRECTIONAL Denotes constant value of CLIPBOARD_DISABLE_BIDIRECTIONAL
int CLIPBOARD_ENABLE_BIDIRECTIONAL Denotes constant value of CLIPBOARD_ENABLE_BIDIRECTIONAL
int ERROR_ALREADY_CONTAINER_APP Return Code denoting that the application is already in a container.
int ERROR_CERTS_NOT_MATCHED Return Code denoting that the Input certificate does not match the Signature
int ERROR_CONTAINER_COUNTS_OVERFLOW Return Code denoting that Container Count has exceeded the permitted range
int ERROR_CONTAINER_ID_MISMATCH Return Code denoting that the Container id is mismatched.
int ERROR_CONTAINER_NOT_EMPTY Return Code denoting that the Container is not empty.
int ERROR_NOT_SUPPORTED Return Code denoting the function is not support.
int ERROR_NO_CERTS Return Code denoting that the package is not installed and input certificate is null
int FALSE Return Code equivalent to boolean FALSE
int GENERIC_SECURED_APPTYPE Denotes constant value of GENERIC_SECURED_APPTYPE
int GENERIC_TRUSTED_APPTYPE Denotes constant value of GENERIC_TRUSTED_APPTYPE
int GET_SERVICE_ERROR Return Code denoting that the service has not started.
int IRM_PLATFORM_APPTYPE Deprecated in API level 27
int IRM_UNTRUST_APPTYPE Deprecated in API level 27
int NOT_INSTALLED Return Code denoting the package is not installed.
int POLICY_FAILED Return Code denoting that policy set has failed.
int POLICY_OK Return Code denoting that the policy was correctly set.
int POLICY_REFUSED Return Code denoting that policy set has been refused.
int RUNNING Return Code denoting that it is running application.
int TRUE Return Code equivalent to boolean TRUE.
Public Constructors
SEAMSPolicy()
Public Methods
int addAppToContainer(String packageName, String[] certificate, int containerID, int appType)
API to add an application to a specific container domain, corresponding to the appType.
int createSEContainer()
API to create a new SEAMS Container
String getAMSLog()
API to get the contents of the AMS (ActivityManagerService) access control log on the device.
int getAMSLogLevel()
API to return the current AMS access control log level.
int getAMSMode()
API to return the AMS access control enforcement mode.
String getAVCLog()
API to return the contents of the SE for Android AVC log.
String getDataType(String packageName)
API to return datatype name for a package name based on the current user
String getDataType(String packageName, int userId)
API to return datatype name for a package name.
String getDomain(String packageName)
API to return the domain name for a package name for the current user.
String getDomain(String packageName, int userId)
API to return the domain name for a package name.
static SEAMSPolicy getInstance(Context context)
API to get or create an instance of SEAMS module.
String[] getPackageNamesFromSEContainer(int containerID, int appType)
API to get all package name array from a specific My Container ID
String getSEAMSLog()
API to return the contents of the SE for Android SEAMS log.
int getSEContainerClipboardMode(int containerID)
API to provide status of clipboard isolation of a particular SEAMS container
int[] getSEContainerIDs()
API to get all the SEAMS Container IDs created by the Agent
int[] getSEContainerIDsFromPackageName(String packageName, int appType)
API to get the unique ID of the container based on the name of the package.
int getSELinuxMode()
API to return the current SELinux enforcement mode.
String getSepolicyVersion()
API to return SELinux policy level.
String getSignatureFromCertificate(byte[] certificate)
API to return the Signature in the format needed for argument for addAppToContainer.
String getSignatureFromMac(String packageName)
API to return the Signature in the format needed for argument for addAppToContainer.
String getSignatureFromPackage(String packageName)
API to return the Signature in the format needed for argument for addAppToContainer.
int hasKnoxContainers()
API to check if KNOX Containers exist on the device
int hasSEContainers()
API to check if SE Containers exist on the device
int isSEAndroidLogDumpStateInclude()
API to return status which indicates if seandroid logs are included in dumpstate logs
int isSEPolicyAutoUpdateEnabled()
Deprecated in API level 27
int loadContainerSetting(String packageName)
API to re-load mac_permissions.xml file, which is called after any policy file change (e.g., addAppToContainer(String, String[], int, int) and removeAppFromContainer(String, String[])).
int relabelAppDir(String packageName)
API to perform data relabeling for a particular package.
int relabelData()
API to perform data relabeling for the entire /data/data directory.
int removeAppFromContainer(String packageName, String[] certificate)
API to remove an application from an agent specific domain.
int removeAppFromContainer(String packageName, String[] certificate, int containerID, int appType)
API to remove an application from an agent specific domain.
int removeSEContainer(int containerID)
API to remove a SEAMS Container.
int setAMSLogLevel(int FLAG)
API to set AMS policy log level.
int setSEAndroidLogDumpStateInclude(boolean include)
API to set parameter to add/remove seandroid logs to dumpstate logs
int setSEContainerClipboardMode(int containerID, int mode)
API to enable/disable isolation of SEAMS container clipboard
[Expand]
Inherited Methods
From class java.lang.Object

Constants

public static final int CLIPBOARD_DISABLE_BIDIRECTIONAL

Since: API level 19

Denotes constant value of CLIPBOARD_DISABLE_BIDIRECTIONAL

Since
API level 19
KNOX 2.6
Constant Value: 1 (0x00000001)

public static final int CLIPBOARD_ENABLE_BIDIRECTIONAL

Since: API level 19

Denotes constant value of CLIPBOARD_ENABLE_BIDIRECTIONAL

Since
API level 19
KNOX 2.6
Constant Value: 0 (0x00000000)

public static final int ERROR_ALREADY_CONTAINER_APP

Since: API level 12

Return Code denoting that the application is already in a container.

Since
API level 12
KNOX 2.1
Constant Value: -9 (0xfffffff7)

public static final int ERROR_CERTS_NOT_MATCHED

Since: API level 12

Return Code denoting that the Input certificate does not match the Signature

Since
API level 12
KNOX 2.1
Constant Value: -13 (0xfffffff3)

public static final int ERROR_CONTAINER_COUNTS_OVERFLOW

Since: API level 12

Return Code denoting that Container Count has exceeded the permitted range

Since
API level 12
KNOX 2.1
Constant Value: -7 (0xfffffff9)

public static final int ERROR_CONTAINER_ID_MISMATCH

Since: API level 12

Return Code denoting that the Container id is mismatched.

Since
API level 12
KNOX 2.1
Constant Value: -12 (0xfffffff4)

public static final int ERROR_CONTAINER_NOT_EMPTY

Since: API level 12

Return Code denoting that the Container is not empty.

Since
API level 12
KNOX 2.1
Constant Value: -11 (0xfffffff5)

public static final int ERROR_NOT_SUPPORTED

Since: API level 12

Return Code denoting the function is not support.

Since
API level 12
KNOX 2.1
Constant Value: -3 (0xfffffffd)

public static final int ERROR_NO_CERTS

Since: API level 12

Return Code denoting that the package is not installed and input certificate is null

Since
API level 12
KNOX 2.1
Constant Value: -14 (0xfffffff2)

public static final int FALSE

Since: API level 11

Return Code equivalent to boolean FALSE

Since
API level 11
KNOX 2.0
Constant Value: 0 (0x00000000)

public static final int GENERIC_SECURED_APPTYPE

Since: API level 12

Denotes constant value of GENERIC_SECURED_APPTYPE

Since
API level 12
KNOX 2.1
Constant Value: 3 (0x00000003)

public static final int GENERIC_TRUSTED_APPTYPE

Since: API level 12

Denotes constant value of GENERIC_TRUSTED_APPTYPE

Since
API level 12
KNOX 2.1
Constant Value: 4 (0x00000004)

public static final int GET_SERVICE_ERROR

Since: API level 11

Return Code denoting that the service has not started.

Since
API level 11
KNOX 2.0
Constant Value: -10 (0xfffffff6)

public static final int IRM_PLATFORM_APPTYPE

Since: API level 17

Deprecated in API level 27

Denotes constant value of IRM_PLATFORM_APPTYPE

Since
API level 17
KNOX 2.5
Constant Value: 7 (0x00000007)

public static final int IRM_UNTRUST_APPTYPE

Since: API level 17

Deprecated in API level 27

Denotes constant value of IRM_UNTRUST_APPTYPE

Since
API level 17
KNOX 2.5
Constant Value: 8 (0x00000008)

public static final int NOT_INSTALLED

Since: API level 11

Return Code denoting the package is not installed.

Since
API level 11
KNOX 2.0
Constant Value: -4 (0xfffffffc)

public static final int POLICY_FAILED

Since: API level 11

Return Code denoting that policy set has failed.

Since
API level 11
KNOX 2.0
Constant Value: -1 (0xffffffff)

public static final int POLICY_OK

Since: API level 11

Return Code denoting that the policy was correctly set.

Since
API level 11
KNOX 2.0
Constant Value: 0 (0x00000000)

public static final int POLICY_REFUSED

Since: API level 11

Return Code denoting that policy set has been refused.

Since
API level 11
KNOX 2.0
Constant Value: -2 (0xfffffffe)

public static final int RUNNING

Since: API level 11

Return Code denoting that it is running application.

Since
API level 11
KNOX 2.0
Constant Value: -8 (0xfffffff8)

public static final int TRUE

Since: API level 11

Return Code equivalent to boolean TRUE.

Since
API level 11
KNOX 2.0
Constant Value: 1 (0x00000001)

Public Constructors

public SEAMSPolicy ()

Since: API level 11

Public Methods

public int addAppToContainer (String packageName, String[] certificate, int containerID, int appType)

Since: API level 11

API to add an application to a specific container domain, corresponding to the appType.

Parameters
packageName packageName of the application
certificate Signature array based on the certificate array for the application see getSignatureFromPackage or getSignatureFromCertificate for creating signature array in correct format
containerID id for the container
appType describes the domain category to which the application is being added. appType for GENERIC_SECURED_APPTYPE = 3. appType for GENERIC_TRUSTED_APPTYPE = 4.
Returns
For Container:

 SEAMSPolicy seams = SEAMSPolicy.getInstance(context);
 int result = -1;
 try {
     // add app to container
     result = seams.addAppToContainer (packageName, certificate, containerID, appType);
 } catch (SecurityException e) {
 Log.e(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SEAMS_MGMT" permission, which has a protection level of signature.
Since
API level 11
KNOX 2.0
Multiuser Environment
Global Scope

public int createSEContainer ()

Since: API level 12

API to create a new SEAMS Container

Returns
For Container:

 SEAMSPolicy seams = SEAMSPolicy.getInstance(context);
 int result = -1;
 try {
     // Create SEContainer
     result = seams.createSEContainer();

 } catch (SecurityException e) {
     Log.e(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SEAMS_MGMT" permission, which has a protection level of signature.
Since
API level 12
KNOX 2.1
Multiuser Environment
Global Scope

public String getAMSLog ()

Since: API level 11

API to get the contents of the AMS (ActivityManagerService) access control log on the device.

Returns
  • Returns the AMS log as a string. null in the case of an error or license validation failure
For Container:

 SEAMSPolicy seams = SEAMSPolicy.getInstance(context);
 String result = "";
 try {
     // get AMS log
     result = seams.getAMSLog();

 } catch (SecurityException e) {
     Log.e(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SEAMS_MGMT" permission, which has a protection level of signature.
Since
API level 11
KNOX 2.0
Multiuser Environment
Global Scope

public int getAMSLogLevel ()

Since: API level 11

API to return the current AMS access control log level.

Returns
  • Returns #NO_LOGS if NO_LOGS mode, #DENIAL_ONLY if DENIAL_ONLY mode, and #ALL_LOGS if ALL_LOGS mode.
For Container:

 SEAMSPolicy seams = SEAMSPolicy.getInstance(context);
 int result = -1;
 try {
     // get AMS log level
     result = seams.getAMSLogLevel();

 } catch (SecurityException e) {
     Log.e(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SEAMS_MGMT" permission, which has a protection level of signature.
Since
API level 11
KNOX 2.0
Multiuser Environment
Global Scope

public int getAMSMode ()

Since: API level 11

API to return the AMS access control enforcement mode.

Returns
  • Returns TRUE if AMS access control is in enforcement mode, FALSE if in permissive mode, POLICY_REFUSED if authentication fails.
For Container:

 SEAMSPolicy seams = SEAMSPolicy.getInstance(context);
 int result = -1;
 try {
     // get AMS enforcement mode
     result = seams.getAMSMode();

 } catch (SecurityException e) {
     Log.e(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SEAMS_MGMT" permission, which has a protection level of signature.
Since
API level 11
KNOX 2.0
Multiuser Environment
Global Scope

public String getAVCLog ()

Since: API level 11

API to return the contents of the SE for Android AVC log.

Returns
  • Returns the AVC log as a string. null in the case of an error or license validation failure.
For Container:

 SEAMSPolicy seams = SEAMSPolicy.getInstance(context);
 String result = "";
 try {
     // get AVC log
     result = seams.getAVCLog();

 } catch (SecurityException e) {
     Log.e(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SEAMS_MGMT" permission, which has a protection level of signature.
Since
API level 11
KNOX 2.0
Multiuser Environment
Global Scope

public String getDataType (String packageName)

Since: API level 11

API to return datatype name for a package name based on the current user

Parameters
packageName The package name.
Returns
  • Returns The datatype corresponding to the packageName, null if any error occurs or license validation fails
Usage
the package specified in the input is installed.
For Container:

 SEAMSPolicy seams = SEAMSPolicy.getInstance(context);
 String result = "";
 try {
     // get selinux data type of the package
     result = seams.getDataType(packageName);

 } catch (SecurityException e) {
     Log.e(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SEAMS_MGMT" permission, which has a protection level of signature.
Since
API level 11
KNOX 2.0
Multiuser Environment
Global Scope

public String getDataType (String packageName, int userId)

Since: API level 11

API to return datatype name for a package name.

Parameters
packageName The package name.
userId Relevant userId
Returns
  • Returns The datatype corresponding to the packageName, null if any error occurs or license validation fails
Usage
the package specified in the input is installed.
For Container:

 SEAMSPolicy seams = SEAMSPolicy.getInstance(context);
 String result = "";
 try {
     // get selinux data type of the package
     result = seams.getDataType(packageName, userId);

 } catch (SecurityException e) {
     Log.e(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SEAMS_MGMT" permission, which has a protection level of signature.
Since
API level 11
KNOX 2.0
Multiuser Environment
Global Scope

public String getDomain (String packageName)

Since: API level 11

API to return the domain name for a package name for the current user.

Parameters
packageName The package name.
Returns
  • Returns The domain name corresponding to the packageName, or null if any error occurs or license validation fails
Usage
the package specified as input should be installed.
For Container:

 SEAMSPolicy seams = SEAMSPolicy.getInstance(context);
 String result = "";
 try {
     // get selinux domain of the packagename
     result = seams.getDomain(packageName);

 } catch (SecurityException e) {
     Log.e(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SEAMS_MGMT" permission, which has a protection level of signature.
Since
API level 11
KNOX 2.0
Multiuser Environment
Global Scope

public String getDomain (String packageName, int userId)

Since: API level 11

API to return the domain name for a package name.

Parameters
packageName The package name.
userId Relevant userId
Returns
  • Returns The domain name corresponding to the packageName, or null if any error occurs or license validation fails
Usage
the package specified as input should be installed.
For Container:

 SEAMSPolicy seams = SEAMSPolicy.getInstance(context);
 String result = "";
 try {
     // get selinux domain of the packagename
     result = seams.getDomain(packageName, userId);

 } catch (SecurityException e) {
     Log.e(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SEAMS_MGMT" permission, which has a protection level of signature.
Since
API level 11
KNOX 2.0
Multiuser Environment
Global Scope

public static SEAMSPolicy getInstance (Context context)

Since: API level 11

API to get or create an instance of SEAMS module.

Parameters
context context
Returns
  • Returns the SEAMS object, else returns null
For Container:

 SEAMSPolicy seams = SEAMSPolicy.getInstance(context);
 
Since
API level 11
KNOX 2.0
Multiuser Environment
User Scope

public String[] getPackageNamesFromSEContainer (int containerID, int appType)

Since: API level 12

API to get all package name array from a specific My Container ID

Returns
  • If input appType = GENERIC_SECURED_APPTYPE, Array of packageNames in this container, or null otherwise. If input appType = GENERIC_TRUSTED_APPTYPE, Array of packageNames which are marked as Trusted for this Container, or null otherwise.
For Container:

 SEAMSPolicy seams = SEAMSPolicy.getInstance(context);
 String[] result;
 try {
     // get package name From SEcontainer
     result = seams.getPackageNamesFromSEContainer(containerID, appType);

 } catch (SecurityException e) {
     Log.e(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SEAMS_MGMT" permission, which has a protection level of signature.
Since
API level 12
KNOX 2.1
Multiuser Environment
Global Scope

public String getSEAMSLog ()

Since: API level 12

API to return the contents of the SE for Android SEAMS log.

Returns
  • Returns the SEAMS log as a string. null in the case of an error or license validation failure.
For Container:

 SEAMSPolicy seams = SEAMSPolicy.getInstance(context);
 String result = "";
 try {
     // get SEAMS log
     result = seams.getSEAMSLog();

 } catch (SecurityException e) {
     Log.e(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SEAMS_MGMT" permission, which has a protection level of signature.
Since
API level 12
KNOX 2.1
Multiuser Environment
Global Scope

public int getSEContainerClipboardMode (int containerID)

Since: API level 19

API to provide status of clipboard isolation of a particular SEAMS container

Parameters
containerID ID of the SEAMS container
Returns
For Container:

 SEAMSPolicy seams = SEAMSPolicy.getInstance(context);
 int result = -1;
 try {
     // replace selinux policy
     seams.getSEContainerClipboardMode(int containerID);

 } catch (SecurityException e) {
     Log.e(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SEAMS_MGMT" permission, which has a protection level of signature.
Since
API level 19
KNOX 2.6

public int[] getSEContainerIDs ()

Since: API level 12

API to get all the SEAMS Container IDs created by the Agent

Returns
  • Array of Container IDs created by this Agent or null.
For Container:

 SEAMSPolicy seams = SEAMSPolicy.getInstance(context);
 int[] result;
 try {
     // get SEContainer IDs
     result = seams.getSEContainerIDs();

 } catch (SecurityException e) {
     Log.e(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SEAMS_MGMT" permission, which has a protection level of signature.
Since
API level 12
KNOX 2.1
Multiuser Environment
Global Scope

public int[] getSEContainerIDsFromPackageName (String packageName, int appType)

Since: API level 12

API to get the unique ID of the container based on the name of the package.

Parameters
packageName name of the package.
appType describes the domain category to which the application is being added. appType for GENERIC_SECURED_APPTYPE = 3. appType for GENERIC_TRUSTED_APPTYPE = 4.
Returns
For Container:

 SEAMSPolicy seams = SEAMSPolicy.getInstance(context);
 int[] result = -1;
 try {
     // get SEcontainerIDs From packageName
     result = seams.getSEContainerIDsFromPackageName(packageName);

 } catch (SecurityException e) {
     Log.e(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SEAMS_MGMT" permission, which has a protection level of signature.
Since
API level 12
KNOX 2.1
Multiuser Environment
Global Scope

public int getSELinuxMode ()

Since: API level 11

API to return the current SELinux enforcement mode.

Returns
  • Returns TRUE if SELinux is in enforcing mode, FALSE otherwise.
For Container:

 SEAMSPolicy seams = SEAMSPolicy.getInstance(context);
 int result = -1;
 try {
     // get selinux enforcement mode
     result = seams.getSELinuxMode();

 } catch (SecurityException e) {
     Log.e(TAG, "SecurityException: " + e);
 }
 
Since
API level 11
KNOX 2.0
Multiuser Environment
Global Scope

public String getSepolicyVersion ()

Since: API level 11

API to return SELinux policy level.

Returns
  • Returns SELinux policy version. null in the case of any error.
For Container:

 SEAMSPolicy seams = SEAMSPolicy.getInstance(context);
 String result = "";
 try {
     // get version of sepolicy
     result = seams.getSepolicyVersion();

 } catch (SecurityException e) {
     Log.e(TAG, "SecurityException: " + e);
 }
 
Since
API level 11
KNOX 2.0
Multiuser Environment
Global Scope

public String getSignatureFromCertificate (byte[] certificate)

Since: API level 11

API to return the Signature in the format needed for argument for addAppToContainer. Extract the Signature from the certificate (pem format) at the path given as argument.

Parameters
certificate .pem format
Returns
  • Returns String Signature if successful, null in case of any failure
Usage
The non-null output can be used as an input argument for addAppToContainer(String, String[], int, int)/removeAppFromContainer(String, String[])
For Container:

 SEAMSPolicy seams = SEAMSPolicy.getInstance(context);
 String result = "";
 try {
     // get signature from certificate
     result = seams.getSignatureFromCertificate(certificate);

 } catch (SecurityException e) {
     Log.e(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SEAMS_MGMT" permission, which has a protection level of signature.
Since
API level 11
KNOX 2.0
Multiuser Environment
Global Scope

public String getSignatureFromMac (String packageName)

Since: API level 15

API to return the Signature in the format needed for argument for addAppToContainer.

Parameters
packageName name of the package
Returns
  • Returns String Signature if successful, null in case of any failure.
Usage
package should be installed The non-null output can be used as an input argument for addAppToContainer(String, String[], int, int)/removeAppFromContainer(String, String[])
For Container:

 SEAMSPolicy seams = SEAMSPolicy.getInstance(context);
 String result = "";
 try {
     // extract signature based on package
     result = seams.getSignatureFromMac(packageName);

 } catch (SecurityException e) {
     Log.e(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SEAMS_MGMT" permission, which has a protection level of signature.
Since
API level 15
KNOX 2.4
Multiuser Environment
Global Scope

public String getSignatureFromPackage (String packageName)

Since: API level 11

API to return the Signature in the format needed for argument for addAppToContainer.

Parameters
packageName name of the package
Returns
  • Returns String Signature if successful, null in case of any failure.
Usage
package should be installed The non-null output can be used as an input argument for addAppToContainer(String, String[], int, int)/removeAppFromContainer(String, String[])
For Container:

 SEAMSPolicy seams = SEAMSPolicy.getInstance(context);
 String result = "";
 try {
     // extract signature based on package
     result = seams.getSignatureFromPackage(packageName);

 } catch (SecurityException e) {
     Log.e(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SEAMS_MGMT" permission, which has a protection level of signature.
Since
API level 11
KNOX 2.0
Multiuser Environment
Global Scope

public int hasKnoxContainers ()

Since: API level 12

API to check if KNOX Containers exist on the device

Returns
For Container:

 SEAMSPolicy seams = SEAMSPolicy.getInstance(context);
 int result = -1;
 try {
     // check if caller is authorized
     result = seams.hasKnoxContainers();

 } catch (SecurityException e) {
     Log.e(TAG, "SecurityException: " + e);
 }
 
Since
API level 12
KNOX 2.1
Multiuser Environment
Global Scope

public int hasSEContainers ()

Since: API level 12

API to check if SE Containers exist on the device

Returns
For Container:
SEAMSPolicy seams = SEAMSPolicy.getInstance(context); int result = -1; try { // check if caller is authorized result = seams.hasSEContainers(); } catch (SecurityException e) { Log.e(TAG, "SecurityException: " + e); }
Since
API level 12
KNOX 2.1
Multiuser Environment
Global Scope

public int isSEAndroidLogDumpStateInclude ()

Since: API level 12

API to return status which indicates if seandroid logs are included in dumpstate logs

Returns
  • TRUE if dumpstate logs includes seandroid logs FALSE if dumpstate logs do not include seandroid logs POLICY_REFUSED otherwise
For Container:

 SEAMSPolicy seams = SEAMSPolicy.getInstance(context);
 int result = -1;
 try {
     // get selinux enforcement mode
     result = seams.isSEAndroidLogDumpStateInclude();

 } catch (SecurityException e) {
     Log.e(TAG, "SecurityException: " + e);
 }
 
Since
API level 12
KNOX 2.1
Multiuser Environment
Global Scope

public int isSEPolicyAutoUpdateEnabled ()

Since: API level 12

Deprecated in API level 27

API to get the value of the automatic sepolicy update system setting (on/off)

Returns
  • TRUE, Represent policy auto-update has been enabled, FALSE, represent policy auto-update has been disabled, POLICY_FAILED in the case of an error and POLICY_REFUSED if license authentication fails.
For Container:

 SEAMSPolicy seams = SEAMSPolicy.getInstance(context);
 int result = -1;
 try {
     // Enable automatic policy update
     result = seams.isSEPolicyAutoUpdateEnabled();

 } catch (SecurityException e) {
     Log.e(TAG, "SecurityException:" + e);
 }
 
Permission
The caller should have the "com.samsung.android.knox.permission.KNOX_SEAMS_MGMT" permission, which has a protection level of "signature"
Since
API level 12
KNOX 2.1
Multiuser Environment
Global Scope

public int loadContainerSetting (String packageName)

Since: API level 11

API to re-load mac_permissions.xml file, which is called after any policy file change (e.g., addAppToContainer(String, String[], int, int) and removeAppFromContainer(String, String[])).

Parameters
packageName The package name of the target application.
Returns
Usage
The application will run in designated domain when re-started. This API should be followed by relabelAppDir(String).
For Container:

 SEAMSPolicy seams = SEAMSPolicy.getInstance(context);
 int result = -1;
 try {
     // load application setting after reloading mac_permissions.xml
     result = seams.loadContainerSetting(packageName);

 } catch (SecurityException e) {
     Log.e(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SEAMS_MGMT" permission, which has a protection level of signature.
Since
API level 11
KNOX 2.0
Multiuser Environment
Global Scope

public int relabelAppDir (String packageName)

Since: API level 11

API to perform data relabeling for a particular package.

Parameters
packageName The name of the application.
Returns
Usage
The package is installed. Usually this is called after any policy change such as addAppToContainer(String, String[], int, int) and removeAppFromContainer(String, String[]). The data directory of the application is labelled according to security policy.
For Container:

 SEAMSPolicy seams = SEAMSPolicy.getInstance(context);
 int result = -1;
 try {
     // relabel application data directory
     result = seams.relabelAppDir(packageName);

 } catch (SecurityException e) {
     Log.e(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SEAMS_MGMT" permission, which has a protection level of signature.
Since
API level 11
KNOX 2.0
Multiuser Environment
Global Scope

public int relabelData ()

Since: API level 11

API to perform data relabeling for the entire /data/data directory.

Returns
Usage
The /data/data directory is labelled accroding to security policy.
For Container:

 SEAMSPolicy seams = SEAMSPolicy.getInstance(context);
 int result = -1;
 try {
     // relabel data
     result = seams.relabelData();

 } catch (SecurityException e) {
     Log.e(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SEAMS_MGMT" permission, which has a protection level of signature.
Since
API level 11
KNOX 2.0
Multiuser Environment
Global Scope

public int removeAppFromContainer (String packageName, String[] certificate)

Since: API level 11

API to remove an application from an agent specific domain.

Parameters
packageName The package name of the application.
certificate Certificate array for the application.
Returns
Usage
Other options such as loadContainerSetting(String) and relabelAppDir(String) should be followed. The use of this API requires pre-installing the certificate of the caller on the device.
For Container:

 SEAMSPolicy seams = SEAMSPolicy.getInstance(context);
 int result = -1;
 try {
     // remove app from container
     result = seams.removeAppFromContainer(packageName, certificate);

 } catch (SecurityException e) {
     Log.e(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SEAMS_MGMT" permission, which has a protection level of signature.
Since
API level 11
KNOX 2.0
Multiuser Environment
Global Scope

public int removeAppFromContainer (String packageName, String[] certificate, int containerID, int appType)

Since: API level 12

API to remove an application from an agent specific domain. [For SEAMS Container]

Parameters
packageName The package name of the application.
certificate Certificate array for the application.
containerID The Container ID from which the package Name should be removed.
appType for GENERIC_SECURED_APPTYPE = 3. appType for GENERIC_TRUSTED_APPTYPE = 4.
Returns
Usage
Other options such as loadContainerSetting(String) and relabelAppDir(String) should be followed. The use of this API requires pre-installing the certificate of the caller on the device.
For Container:

 SEAMSPolicy seams = SEAMSPolicy.getInstance(context);
 int result = -1;
 try {
     // remove app from container
     result = seams.removeAppFromContainer(packageName, certificate, containerID, appType);

 } catch (SecurityException e) {
     Log.e(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SEAMS_MGMT" permission, which has a protection level of signature.
Since
API level 12
KNOX 2.1
Multiuser Environment
Global Scope

public int removeSEContainer (int containerID)

Since: API level 12

API to remove a SEAMS Container. The container should be empty before it can be removed.

Returns
For Container:

 SEAMSPolicy seams = SEAMSPolicy.getInstance(context);
 int result = -1;
 try {
     // Remove SEContainer
     result = seams.removeSEContainer();

 } catch (SecurityException e) {
     Log.e(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SEAMS_MGMT" permission, which has a protection level of signature.
Since
API level 12
KNOX 2.1
Multiuser Environment
Global Scope

public int setAMSLogLevel (int FLAG)

Since: API level 11

API to set AMS policy log level.

Returns
For Container:

 SEAMSPolicy seams = SEAMSPolicy.getInstance(context);
 int result = -1;
 try {
     // set ams log level
     result = seams.setAMSLogLevel(FLAG);

 } catch (SecurityException e) {
     Log.e(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SEAMS_MGMT" permission, which has a protection level of signature.
Since
API level 11
KNOX 2.0
Multiuser Environment
Global Scope

public int setSEAndroidLogDumpStateInclude (boolean include)

Since: API level 12

API to set parameter to add/remove seandroid logs to dumpstate logs

Parameters
include true indicates seandroid logs are included in dumpstate and false otherwise
Returns
For Container:

 SEAMSPolicy seams = SEAMSPolicy.getInstance(context);
 try {
     // replace selinux policy
     seams.setSEAndroidLogDumpStateInclude(include);

 } catch (SecurityException e) {
     Log.e(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SEAMS_MGMT" permission, which has a protection level of signature.
Since
API level 12
KNOX 2.1
Multiuser Environment
Global Scope

public int setSEContainerClipboardMode (int containerID, int mode)

Since: API level 19

API to enable/disable isolation of SEAMS container clipboard

Parameters
containerID containerID of the SEAMS container
mode mode will represent if clipboard is enabled or disabled mode = CLIPBOARD_ENABLE_BIDIRECTIONAL , separate SEContainer clipboard disabled for containerID (share user 0 clipboard) mode = CLIPBOARD_DISABLE_BIDIRECTIONAL, separate SEContainer clipboard enabled for containerID (separate seams container clipboard)
Returns
For Container:

 SEAMSPolicy seams = SEAMSPolicy.getInstance(context);
 int result = -1;
 try {
     // replace selinux policy
     seams.setSEContainerClipboardMode(int containerID, int mode);

 } catch (SecurityException e) {
     Log.e(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_SEAMS_MGMT" permission, which has a protection level of signature.
Since
API level 19
KNOX 2.6