chris banks
Jun 01, 2017
8:41 pm

Unable to black list email account

Hi,

Im currently trying to blacklist gmail email accounts inside my container.   Im using this code given in the docs for DeviceAccountPolicy.addAccountsToAdditionBlacklist:

 

EnterpriseKnoxManager ekm = KASTPolicyUtilityBase.getInstance().getEnterpriseKnoxManager();
KnoxContainerManager kmcm = ekm.getKnoxContainerManager(KASTPreferenceActivity.getInstance().getApplicationContext(), KASTContainer.getInstance().getContainerId());

List<String> blackList = new ArrayList<String>();
blackList.add(".*@gmail.com");
// Supported account types can be retrieved from getSupoprtedAccountTypes()
// For example supported Google account type will be "com.google"
kmcm.getDeviceAccountPolicy().removeAccountsFromAdditionWhiteList("com.google", blackList); //in case whitelist is overriding it
success = kmcm.getDeviceAccountPolicy().addAccountsToAdditionBlackList("com.google", blackList);
if (success) {
   Toast.makeText(KASTPreferenceActivity.getAppContext(), "Added to blackList", Toast.LENGTH_LONG).show();

} else {
   Toast.makeText(KASTPreferenceActivity.getAppContext(), "not added", Toast.LENGTH_LONG).show();
}

 

After this get called I see the message pop up that it was added to the blacklist. However, I am still able to add a Gmail email account to my container by doing Knox Settings -> Accounts -> Add Account -> Email.

Im missing something somewhere, does anyone have any ideas what could be going on? 

Samuel Veloso
Jun 03, 2017
12:01 am

Hi Chris,

FYI, I re-categorized your post to Premium SDK. 

I tried your code and failed to reproduce the issue. When I go to Knox settings to add an account, I can no longer add a Google account. 

I suspect that you might be getting the wrong containerId as the getContainerId() API is deprecated, or perhaps there's a bug with our API. 

Just to test further, could you try the following code snippet to find your container id?

private int findMyContainerId() {
    int theId = -1;
    List<Integer> ids = KnoxContainerManager.getContainers();
    if (ids != null && !ids.isEmpty()) {
        theId = ids.get(0);
    }
    Log.d(TAG, "findMyContainerId: " + theId);
    return theId;
}

Please let me know how it goes.

Best regards,

Samuel

chris banks
Jun 05, 2017
5:15 pm

Hi Samuel,

 

Thanks for the reply!  Unfortunately it still allowed me to add an account. Furthermore, comparing KASTContainer.getInstance().getContainerId(), with your findMyContainerId function, they are returning the same id. 

 

For clarification, I have this functionality tied to a button within the MDM in my container.  I'm not sure if that makes a difference.

 

Thanks!

Chris

Samuel Veloso
Jun 05, 2017
6:08 pm

Hi Chris,

The way I do it is:

  1. Install my MDM in personal space
  2. Create a container with the MDM
  3. Call DeviceAccountPolicy.addAccountsToAdditionBlacklist() with my MDM from personal space
  4. Observe that I can no longer add a google account in the container

I have three questions:

  • Is the MDM inside your container the same MDM that created the container in personal space?
  • I understand it should work with your scenario, but could you try my scenario where you call DeviceAccountPolicy.addAccountsToAdditionBlacklist with an MDM outside the container?
  • Which device and Android version are you using?

Best regards,

Samuel

chris banks
Jun 12, 2017
3:48 pm

Hi Samuel,

Sorry for the late reply.  I ended up figuring something out.  I think the combination of that domain name + the account type was incorrect.   Instead Im able to loop through all of the supported accounts on the device and for each one blacklist the domain "*@*.*" and it blacklists everything I need. Im then able to allow the user to whitelist what emails they need from the MDM.  

 

Thanks for the help,

Chris