Since: API level 11
public class

KnoxContainerManager

extends Object
java.lang.Object
   ↳ com.samsung.android.knox.container.KnoxContainerManager

Deprecated in API level 36

Class Overview

Public interface for managing containers.

Since
API level 11
KNOX 2.0

Summary

Constants
String ACTION_CONTAINER_ADMIN_LOCK This broadcast intent is sent when the container is administrator locked.
String ACTION_CONTAINER_CREATION_STATUS This intent is sent after container creation is either success or failure.
String ACTION_CONTAINER_REMOVED This broadcast intent is sent when the container is removed.
String ACTION_CONTAINER_STATE_CHANGED This broadcast intent is sent when the container state is changed.
int CONTAINER_ACTIVE This status is returned by getStatus() API when container is active.
String CONTAINER_CREATION_FAILED_SPECIFIC_ERROR_TYPE This constant should be used as a key for more specific error code in the Bundle that gets returned with the Intent, ACTION_CONTAINER_CREATION_STATUS.
int CONTAINER_CREATION_IN_PROGRESS This status is returned by getStatus() API when container setup is in progress.
String CONTAINER_CREATION_REQUEST_ID This constant should be used as a key in the Bundle that gets returned with the Intent, ACTION_CONTAINER_CREATION_STATUS.
String CONTAINER_CREATION_STATUS_CODE This constant should be used as a key in the Bundle that gets returned with the Intent, ACTION_CONTAINER_CREATION_STATUS.
int CONTAINER_DOESNT_EXISTS This status is returned by getStatus() API when container doesn't exist.
String CONTAINER_ID This constant should be used as a key in the Bundle to retrieve the container id, that gets returned with the Intent, ACTION_CONTAINER_STATE_CHANGED ACTION_CONTAINER_ADMIN_LOCK ACTION_CONTAINER_REMOVED.
int CONTAINER_INACTIVE This status is returned by getStatus() API when container is inactive.
int CONTAINER_LAYOUT_TYPE_CLASSIC This constant is used in setContainerLayout(int) API call.
int CONTAINER_LAYOUT_TYPE_FOLDER This constant is used in setContainerLayout(int) API call.
int CONTAINER_LOCKED This status is returned by getStatus() API when administrator locked the container.
String CONTAINER_NEW_STATE This constant should be used as a key in the Bundle that gets returned with the Intent, #INTENT_CONTAINER_STATE_CHANGED.
String CONTAINER_OLD_STATE This constant should be used as a key in the Bundle that gets returned with the Intent, #INTENT_CONTAINER_STATE_CHANGED.
int CONTAINER_REMOVE_IN_PROGRESS This status is returned by getStatus() API when container removal is in progress.
int ERROR_ADMIN_ACTIVATION_FAILED This error constant is returned as part of createContainer(String, String) API call, in case the admin passed as parameter couldn't be activated.
int ERROR_ADMIN_INSTALLATION_FAILED This error constant is returned as part of createContainer(CreationParams) API call, in case the admin passed as parameter couldn't be installed.
int ERROR_CONTAINER_MODE_CREATION_FAILED_BYOD_NOT_ALLOWED This error constant is returned as part of createContainer(CreationParams) API call.
int ERROR_CONTAINER_MODE_CREATION_FAILED_CONTAINER_EXIST This error constant is returned as part of createContainer(CreationParams) API call.
int ERROR_CONTAINER_MODE_CREATION_FAILED_KIOSK_ON_OWNER_EXIST This error constant is returned as part of createContainer(CreationParams) API call, when MDM tries to create a COM container even though device is in KIOSK mode.
int ERROR_CONTAINER_TYPE_NOT_ALLOWED This error constant is returned as part of createContainer(CreationParams) API call.
int ERROR_CREATION_ALREADY_IN_PROGRESS This error constant is returned as part of createContainer(CreationParams) API call, If another container creation/removal is in progress.
int ERROR_CREATION_CANCELLED This error constant is returned as part of extra (CONTAINER_CREATION_STATUS_CODE) in the bundle of ACTION_CONTAINER_CREATION_STATUS, If container creation is interrupted by user by cancelling the creation process.
int ERROR_CREATION_FAILED_CONTAINER_MODE_EXIST This error constant is returned as part of createContainer(CreationParams) API call.
int ERROR_CREATION_FAILED_EMERGENCY_MODE This error constant is returned as part of createContainer(CreationParams) API call API when MDM tries to create container in EmergencyMode.
int ERROR_CREATION_FAILED_GENERATE_CMK This error constant is returned as part of createContainer(CreationParams) API call Failed to generate container master key or fails to save container master key for the reason that SKMM module fails to create KEK or FILE IO error occurs.
int ERROR_CREATION_FAILED_INVALID_KNOX_CONFIGURATION_TYPE This error constant is returned as part of createContainer(CreationParams) API call This error code is returned when KnoxConfigurationType is null.
int ERROR_CREATION_FAILED_INVALID_PARAM This error constant is returned as part of createContainer(CreationParams) API call.
int ERROR_CREATION_FAILED_INVALID_PARAM_LIST This error constant is returned as part of createContainer(CreationParams) API call This error code is returned when can't found request param in CreationParam list.
int ERROR_CREATION_FAILED_INVALID_USER_INFO This error constant is returned as part of createContainer(CreationParams) API call This error code is returned when user info is wrong.
int ERROR_CREATION_FAILED_RESERVED_CONFIGURATION_TYPE_USED This error constant is returned as part of createContainer(CreationParams) API call This error code is returned when reserved configuration type is used.
int ERROR_CREATION_FAILED_SUB_USER This error constant is returned as part of createContainer(CreationParams) API call API when MDM tries to create container in Sub User.
int ERROR_CREATION_FAILED_TIMA_DISABLED This error constant is returned as part of createContainer(CreationParams) API call, when TIMA (Trust zone based integrity meansurement architecture) is disabled.
int ERROR_CREATION_FAILED_TIMA_PWD_KEY This error constant is returned as part of createContainer(CreationParams) API call Failed to save password reset token in TimaKeystore due to its abnormal status.
int ERROR_DOES_NOT_EXIST This error constant is returned as part of removeContainer(int) API call.
int ERROR_FILESYSTEM_ERROR This error constant is returned as part of createContainer(CreationParams) API call or extra (CONTAINER_CREATION_STATUS_CODE) in the bundle of ACTION_CONTAINER_CREATION_STATUS, when there is not enough memory or there is a problem during creation of Knox file system.
int ERROR_INTERNAL_ERROR This error constant is returned as part of createContainer(CreationParams) API call or extra (CONTAINER_CREATION_STATUS_CODE) in the bundle of ACTION_CONTAINER_CREATION_STATUS, when an unknown/internal error occurs.
int ERROR_INVALID_PASSWORD_RESET_TOKEN This error constant is returned as part of createContainer(CreationParams) API call.
int ERROR_MAX_LIMIT_REACHED This error constant is returned as part of createContainer(CreationParams) API call, when the total number of containers existing are same as MAX_CONTAINERS

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0.
int ERROR_NO_ADMIN_APK This error constant is returned as part of createContainer(CreationParams) API call, when an invalid or non-existant admin is passed as parameter.
int ERROR_NO_CONFIGURATION_TYPE This error constant is returned as part of createContainer(CreationParams) API call, when an invalid KnoxConfigurationType is passed as parameter.
int ERROR_PLATFORM_VERSION_MISMATCH_IN_CONFIGURATION_TYPE This error constant is returned as part of createContainer(CreationParams) API call.
int ERROR_SDP_NOTSUPPORTED This error constant is returned as part of createContainer(CreationParams) API call, when particular device doesn't support sensitive data protection.
String INTENT_BUNDLE This constant should be used as a key to retrieve the Bundle that gets returned with the Intent, ACTION_CONTAINER_STATE_CHANGED ACTION_CONTAINER_ADMIN_LOCK ACTION_CONTAINER_REMOVED.
int MAX_CONTAINERS This constant defines the maximum number of containers allowed on the device.
int REMOVE_CONTAINER_SUCCESS This error constant is returned as part of removeContainer(int) API call.
int TZ_COMMON_CLOSE_COMMUNICATION_ERROR This error constant is returned as part of createContainer(CreationParams) API call.
int TZ_COMMON_COMMUNICATION_ERROR This error constant is returned as part of createContainer(CreationParams) API call.
int TZ_COMMON_INIT_ERROR This error constant is returned as part of createContainer(CreationParams) API call.
int TZ_COMMON_INIT_ERROR_TAMPER_FUSE_FAIL This error constant is returned as part of createContainer(CreationParams) API call.
int TZ_COMMON_INIT_MSR_MISMATCH This error constant is returned as part of createContainer(CreationParams) API call.
int TZ_COMMON_INIT_MSR_MODIFIED This error constant is returned as part of createContainer(CreationParams) API call.
int TZ_COMMON_INIT_UNINITIALIZED_SECURE_MEM This error constant is returned as part of createContainer(CreationParams) API call.
int TZ_COMMON_INTERNAL_ERROR This error constant is returned as part of createContainer(CreationParams) API call.
int TZ_COMMON_NULL_POINTER_EXCEPTION This error constant is returned as part of createContainer(CreationParams) API call.
int TZ_COMMON_RESPONSE_REQUEST_MISMATCH This error constant is returned as part of createContainer(CreationParams) API call.
int TZ_COMMON_UNDEFINED_ERROR This error constant is returned as part of createContainer(CreationParams) API call.
int TZ_KEYSTORE_ERROR This error constant is returned as part of createContainer(CreationParams) API call.
int TZ_KEYSTORE_INIT_FAILED This error constant is returned as part of createContainer(CreationParams) API call.
Public Constructors
KnoxContainerManager()
Public Methods
static boolean addConfigurationType(Context ctx, KnoxConfigurationType type)
Deprecated in API level 30
NOTE: This API is not available since Android 13.
static int createContainer(String type)
Deprecated in API level 30
NOTE: This API is not available since Android 10.
static int createContainer(CreationParams params)
Deprecated in API level 30
NOTE: This API is not available since Android 10.
static int createContainer(String type, String adminPackageName)
Deprecated in API level 30
NOTE: This API is not available since Android 10.
static void doSelfUninstall()
Deprecated in API level 30
NOTE: This API is not available since Android 13.
APMPolicy getAPMPolicy()
Get the object to access 'App Permission Monitor' Policy.
AdvancedRestrictionPolicy getAdvancedRestrictionPolicy()
Get the object to access the Advanced Restriction Policy Policy.
ApplicationPolicy getApplicationPolicy()
Get the object to access the Application Policy.
AuditLog getAuditLogPolicy()
Get the object to access the AuditLogPolicy.
BasePasswordPolicy getBasePasswordPolicy()
Get the object to access the Base Password Policy.
BootBanner getBootBanner()
API to get the object that accesses the BootBanner APIs.
BrowserPolicy getBrowserPolicy()
Get the object to access the Browser Policy.
CertificatePolicy getCertificatePolicy()
Get the object to access the Certificate Policy.
CertificateProvisioning getCertificateProvisioning()
API that gets the object that accesses the Certificate Provisioning.
ClientCertificateManager getClientCertificateManagerPolicy()
Get the object to access the Client Certificate Manager Policy.
static KnoxConfigurationType getConfigurationType(int containerId)
Deprecated in API level 30
NOTE: This API is not available since Android 13.
static KnoxConfigurationType getConfigurationTypeByName(String type)
Deprecated in API level 30
NOTE: This API is not available since Android 13.
static List<KnoxConfigurationType> getConfigurationTypes()
Deprecated in API level 30
NOTE: This API is not available since Android 13.
ContainerConfigurationPolicy getContainerConfigurationPolicy()
Get the object to access the Container Configuration Policy.
static List<Integer> getContainers()
Deprecated in API level 30
NOTE: This API is not available since Android 13.
DLPManagerPolicy getDLPManagerPolicy()
Get the object to access the Knox DLP.
DateTimePolicy getDateTimePolicy()
Get the object to access the DateTime Policy.
DeviceAccountPolicy getDeviceAccountPolicy()
Get the object to access the DeviceAccount Policy.
DualDARPolicy getDualDARPolicy()
Get the object to access 'DualDAR' Policy.
EmailAccountPolicy getEmailAccountPolicy()
Get the object to access the EmailAccount Policy.
EmailPolicy getEmailPolicy()
Get the object to access the EmailPolicy.
EnterpriseBillingPolicy getEnterpriseBillingPolicy()
Get the object to access the Enterprise Billing Policy
EnterpriseCertEnrollPolicy getEnterpriseCertEnrollPolicy(String cepProtocol)
Get the object to access the Enterprise Certificate Enrollment Policy.
ExchangeAccountPolicy getExchangeAccountPolicy()
Get the object to access the ExchangeAccount Policy.
Firewall getFirewall()
Get the object to access the Firewall.
Geofencing getGeofencing()
Get the object to access the Geofencing Policy.
KioskMode getKioskMode()
Get the object to access the KioskMode Policy.
LDAPAccountPolicy getLDAPAccountPolicy()
Get the object to access the LDAP Account Policy.
LocationPolicy getLocationPolicy()
Get the object to access the Location Policy.
NetworkAnalytics getNetworkAnalytics()
Deprecated in API level 35
NOTE: This API is not available since Android 13.
PasswordPolicy getPasswordPolicy()
Get the object to access the Password Policy.
RCPPolicy getRCPPolicy()
API to access Container RCP Policy.
RestrictionPolicy getRestrictionPolicy()
Get the object to access the Restriction Policy.
int getStatus()
Deprecated in API level 30
NOTE: This API is not available since Android 13.
UniversalCredentialManager getUCMManager()
Get the object to access the Universal Credential Manager Policy.
WifiPolicy getWifiPolicy()
Get the object to access the Wifi Policy.
boolean lock()
Deprecated in API level 30
NOTE: This API is not available since Android 13.
static boolean removeConfigurationType(String type)
Deprecated in API level 30
NOTE: This API is not available since Android 13.
static int removeContainer(int id)
Deprecated in API level 30
NOTE: This API is not available since Android 10.
boolean unlock()
Deprecated in API level 30
NOTE: This API is not available since Android 13.
[Expand]
Inherited Methods
From class java.lang.Object

Constants

public static final String ACTION_CONTAINER_ADMIN_LOCK

Since: API level 11

This broadcast intent is sent when the container is administrator locked. This intent contains data which is inside Bundle object INTENT_BUNDLE. Data in Bundle object is Container Id CONTAINER_ID.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: "com.samsung.android.knox.intent.action.CONTAINER_ADMIN_LOCK"

public static final String ACTION_CONTAINER_CREATION_STATUS

Since: API level 20

This intent is sent after container creation is either success or failure. The status code is sent as CONTAINER_CREATION_STATUS_CODE. When its a non zero and positive value, this can be treated as container id. Where as a negative status code might represent an actual error code.CONTAINER_CREATION_REQUEST_ID is for MDMs to match the request id returned by createContainer(CreationParams) API.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: "com.samsung.android.knox.intent.action.CONTAINER_CREATION_STATUS"

public static final String ACTION_CONTAINER_REMOVED

Since: API level 11

This broadcast intent is sent when the container is removed. This intent contains data which is inside Bundle object INTENT_BUNDLE. Data in Bundle object is Container Id CONTAINER_ID.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: "com.samsung.android.knox.intent.action.CONTAINER_REMOVED"

public static final String ACTION_CONTAINER_STATE_CHANGED

Since: API level 11

This broadcast intent is sent when the container state is changed. This intent contains data which is inside Bundle object INTENT_BUNDLE. Data in Bundle object are Container Id CONTAINER_ID, Container old state CONTAINER_OLD_STATE and Container new state CONTAINER_NEW_STATE.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: "com.samsung.android.knox.intent.action.CONTAINER_STATE_CHANGED"

public static final int CONTAINER_ACTIVE

Since: API level 11

This status is returned by getStatus() API when container is active.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: 91 (0x0000005b)

public static final String CONTAINER_CREATION_FAILED_SPECIFIC_ERROR_TYPE

Since: API level 17

This constant should be used as a key for more specific error code in the Bundle that gets returned with the Intent, ACTION_CONTAINER_CREATION_STATUS. It is for MDMs to match the request id returned by createContainer(CreationParams) API.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 17
KNOX 2.5
Constant Value: "specificErrorCode"

public static final int CONTAINER_CREATION_IN_PROGRESS

Since: API level 11

This status is returned by getStatus() API when container setup is in progress.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: 93 (0x0000005d)

public static final String CONTAINER_CREATION_REQUEST_ID

Since: API level 11

This constant should be used as a key in the Bundle that gets returned with the Intent, ACTION_CONTAINER_CREATION_STATUS. It is for MDMs to match the request id returned by createContainer(CreationParams) API.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: "requestId"

public static final String CONTAINER_CREATION_STATUS_CODE

Since: API level 11

This constant should be used as a key in the Bundle that gets returned with the Intent, ACTION_CONTAINER_CREATION_STATUS. When its a non zero and positive value, this can be treated as container id. Where as a negative status code might represent an actual error code. Please see



NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: "code"

public static final int CONTAINER_DOESNT_EXISTS

Since: API level 11

This status is returned by getStatus() API when container doesn't exist. The non-existence of the container could be because specified container has not been created yet.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: -1 (0xffffffff)

public static final String CONTAINER_ID

Since: API level 11

This constant should be used as a key in the Bundle to retrieve the container id, that gets returned with the Intent, ACTION_CONTAINER_STATE_CHANGED ACTION_CONTAINER_ADMIN_LOCK ACTION_CONTAINER_REMOVED.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: "containerid"

public static final int CONTAINER_INACTIVE

Since: API level 11

This status is returned by getStatus() API when container is inactive.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: 90 (0x0000005a)

public static final int CONTAINER_LAYOUT_TYPE_CLASSIC

Since: API level 17

This constant is used in setContainerLayout(int) API call.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 17
KNOX 2.5
Constant Value: 2 (0x00000002)

public static final int CONTAINER_LAYOUT_TYPE_FOLDER

Since: API level 17

This constant is used in setContainerLayout(int) API call.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 17
KNOX 2.5
Constant Value: 1 (0x00000001)

public static final int CONTAINER_LOCKED

Since: API level 11

This status is returned by getStatus() API when administrator locked the container.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: 95 (0x0000005f)

public static final String CONTAINER_NEW_STATE

Since: API level 11

This constant should be used as a key in the Bundle that gets returned with the Intent, #INTENT_CONTAINER_STATE_CHANGED. The list of possible bundle



NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: "container_new_state"

public static final String CONTAINER_OLD_STATE

Since: API level 11

This constant should be used as a key in the Bundle that gets returned with the Intent, #INTENT_CONTAINER_STATE_CHANGED. The list of possible bundle



NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: "container_old_state"

public static final int CONTAINER_REMOVE_IN_PROGRESS

Since: API level 11

This status is returned by getStatus() API when container removal is in progress.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: 94 (0x0000005e)

public static final int ERROR_ADMIN_ACTIVATION_FAILED

Since: API level 11

This error constant is returned as part of createContainer(String, String) API call, in case the admin passed as parameter couldn't be activated.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: -1009 (0xfffffc0f)

public static final int ERROR_ADMIN_INSTALLATION_FAILED

Since: API level 11

This error constant is returned as part of createContainer(CreationParams) API call, in case the admin passed as parameter couldn't be installed.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: -1008 (0xfffffc10)

public static final int ERROR_CONTAINER_MODE_CREATION_FAILED_BYOD_NOT_ALLOWED

Since: API level 12

This error constant is returned as part of createContainer(CreationParams) API call. This error code is returned when MDM tries to create BYOD COM container.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 12
KNOX 2.1
Constant Value: -1023 (0xfffffc01)

public static final int ERROR_CONTAINER_MODE_CREATION_FAILED_CONTAINER_EXIST

Since: API level 12

This error constant is returned as part of createContainer(CreationParams) API call. This error code is returned when COM container creation failed because another container exist.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 12
KNOX 2.1
Constant Value: -1021 (0xfffffc03)

public static final int ERROR_CONTAINER_MODE_CREATION_FAILED_KIOSK_ON_OWNER_EXIST

Since: API level 12

This error constant is returned as part of createContainer(CreationParams) API call, when MDM tries to create a COM container even though device is in KIOSK mode.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 12
KNOX 2.1
Constant Value: -1022 (0xfffffc02)

public static final int ERROR_CONTAINER_TYPE_NOT_ALLOWED

Since: API level 28

This error constant is returned as part of createContainer(CreationParams) API call. This error code is returned when the device doesn't support given container type.

Since
API level 28
KNOX 3.3
Constant Value: -9999 (0xffffd8f1)

public static final int ERROR_CREATION_ALREADY_IN_PROGRESS

Since: API level 11

This error constant is returned as part of createContainer(CreationParams) API call, If another container creation/removal is in progress.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: -1016 (0xfffffc08)

public static final int ERROR_CREATION_CANCELLED

Since: API level 11

This error constant is returned as part of extra (CONTAINER_CREATION_STATUS_CODE) in the bundle of ACTION_CONTAINER_CREATION_STATUS, If container creation is interrupted by user by cancelling the creation process.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: -1017 (0xfffffc07)

public static final int ERROR_CREATION_FAILED_CONTAINER_MODE_EXIST

Since: API level 12

This error constant is returned as part of createContainer(CreationParams) API call. This error code is returned when regular container creation failed because Container only mode(COM/Kiosk) container exist.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 12
KNOX 2.1
Constant Value: -1020 (0xfffffc04)

public static final int ERROR_CREATION_FAILED_EMERGENCY_MODE

Since: API level 17

This error constant is returned as part of createContainer(CreationParams) API call API when MDM tries to create container in EmergencyMode.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 17
KNOX 2.5
Constant Value: -1031 (0xfffffbf9)

public static final int ERROR_CREATION_FAILED_GENERATE_CMK

Since: API level 17

This error constant is returned as part of createContainer(CreationParams) API call Failed to generate container master key or fails to save container master key for the reason that SKMM module fails to create KEK or FILE IO error occurs.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 17
KNOX 2.5
Constant Value: -1034 (0xfffffbf6)

public static final int ERROR_CREATION_FAILED_INVALID_KNOX_CONFIGURATION_TYPE

Since: API level 17

This error constant is returned as part of createContainer(CreationParams) API call This error code is returned when KnoxConfigurationType is null.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 17
KNOX 2.5
Constant Value: -1030 (0xfffffbfa)

public static final int ERROR_CREATION_FAILED_INVALID_PARAM

Since: API level 17

This error constant is returned as part of createContainer(CreationParams) API call. This error code is returned when CreationParam is null.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 17
KNOX 2.5
Constant Value: -1026 (0xfffffbfe)

public static final int ERROR_CREATION_FAILED_INVALID_PARAM_LIST

Since: API level 17

This error constant is returned as part of createContainer(CreationParams) API call This error code is returned when can't found request param in CreationParam list.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 17
KNOX 2.5
Constant Value: -1029 (0xfffffbfb)

public static final int ERROR_CREATION_FAILED_INVALID_USER_INFO

Since: API level 17

This error constant is returned as part of createContainer(CreationParams) API call This error code is returned when user info is wrong.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 17
KNOX 2.5
Constant Value: -1032 (0xfffffbf8)

public static final int ERROR_CREATION_FAILED_RESERVED_CONFIGURATION_TYPE_USED

Since: API level 17

This error constant is returned as part of createContainer(CreationParams) API call This error code is returned when reserved configuration type is used.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 17
KNOX 2.5
Constant Value: -1028 (0xfffffbfc)

public static final int ERROR_CREATION_FAILED_SUB_USER

Since: API level 17

This error constant is returned as part of createContainer(CreationParams) API call API when MDM tries to create container in Sub User.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 17
KNOX 2.5
Constant Value: -1027 (0xfffffbfd)

public static final int ERROR_CREATION_FAILED_TIMA_DISABLED

Since: API level 11

This error constant is returned as part of createContainer(CreationParams) API call, when TIMA (Trust zone based integrity meansurement architecture) is disabled.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: -1018 (0xfffffc06)

public static final int ERROR_CREATION_FAILED_TIMA_PWD_KEY

Since: API level 17

This error constant is returned as part of createContainer(CreationParams) API call Failed to save password reset token in TimaKeystore due to its abnormal status.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 17
KNOX 2.5
Constant Value: -1033 (0xfffffbf7)

public static final int ERROR_DOES_NOT_EXIST

Since: API level 11

This error constant is returned as part of removeContainer(int) API call. The container removal failed because It doesn't exist.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: -1202 (0xfffffb4e)

public static final int ERROR_FILESYSTEM_ERROR

Since: API level 11

This error constant is returned as part of createContainer(CreationParams) API call or extra (CONTAINER_CREATION_STATUS_CODE) in the bundle of ACTION_CONTAINER_CREATION_STATUS, when there is not enough memory or there is a problem during creation of Knox file system.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: -1011 (0xfffffc0d)

public static final int ERROR_INTERNAL_ERROR

Since: API level 11

This error constant is returned as part of createContainer(CreationParams) API call or extra (CONTAINER_CREATION_STATUS_CODE) in the bundle of ACTION_CONTAINER_CREATION_STATUS, when an unknown/internal error occurs.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: -1014 (0xfffffc0a)

public static final int ERROR_INVALID_PASSWORD_RESET_TOKEN

Since: API level 13

This error constant is returned as part of createContainer(CreationParams) API call. Password reset token shall be in the range of 32 characters to 128 characters, and composed of a combination with at least one letter and one non-letter.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 13
KNOX 2.2
Constant Value: -1025 (0xfffffbff)

public static final int ERROR_MAX_LIMIT_REACHED

Since: API level 11

This error constant is returned as part of createContainer(CreationParams) API call, when the total number of containers existing are same as MAX_CONTAINERS

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: -1012 (0xfffffc0c)

public static final int ERROR_NO_ADMIN_APK

Since: API level 11

This error constant is returned as part of createContainer(CreationParams) API call, when an invalid or non-existant admin is passed as parameter.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: -1004 (0xfffffc14)

public static final int ERROR_NO_CONFIGURATION_TYPE

Since: API level 11

This error constant is returned as part of createContainer(CreationParams) API call, when an invalid KnoxConfigurationType is passed as parameter.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: -1005 (0xfffffc13)

public static final int ERROR_PLATFORM_VERSION_MISMATCH_IN_CONFIGURATION_TYPE

Since: API level 12

This error constant is returned as part of createContainer(CreationParams) API call. When this error is returned, MDM has to assume that the cloned type object doesn't match with platform version. So the MDM has to recreate another type object. This usually comes only in case of a Cloned configuration type after FOTA upgrade, if the configuration is created before FOTA upgrade.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 12
KNOX 2.1
Constant Value: -1019 (0xfffffc05)

public static final int ERROR_SDP_NOTSUPPORTED

Since: API level 13

This error constant is returned as part of createContainer(CreationParams) API call, when particular device doesn't support sensitive data protection.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 13
KNOX 2.2
Constant Value: -1024 (0xfffffc00)

public static final String INTENT_BUNDLE

Since: API level 11

This constant should be used as a key to retrieve the Bundle that gets returned with the Intent, ACTION_CONTAINER_STATE_CHANGED ACTION_CONTAINER_ADMIN_LOCK ACTION_CONTAINER_REMOVED.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: "intent"

public static final int MAX_CONTAINERS

Since: API level 11

This constant defines the maximum number of containers allowed on the device.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: 2 (0x00000002)

public static final int REMOVE_CONTAINER_SUCCESS

Since: API level 11

This error constant is returned as part of removeContainer(int) API call. Container is successfully removed.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: 0 (0x00000000)

public static final int TZ_COMMON_CLOSE_COMMUNICATION_ERROR

Since: API level 11

This error constant is returned as part of createContainer(CreationParams) API call. Failed to shutdown TIMA KeyStore TrustZone application.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: -65538 (0xfffefffe)

public static final int TZ_COMMON_COMMUNICATION_ERROR

Since: API level 11

This error constant is returned as part of createContainer(CreationParams) API call. Failed to communicate with TrustZone.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: -65537 (0xfffeffff)

public static final int TZ_COMMON_INIT_ERROR

Since: API level 11

This error constant is returned as part of createContainer(CreationParams) API call. TIMA KeyStore initialization failed: error to read /system/tima_measurement_info.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: -65546 (0xfffefff6)

public static final int TZ_COMMON_INIT_ERROR_TAMPER_FUSE_FAIL

Since: API level 11

This error constant is returned as part of createContainer(CreationParams) API call. Device compromised: Knox warranty bit is invalid.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: -65548 (0xfffefff4)

public static final int TZ_COMMON_INIT_MSR_MISMATCH

Since: API level 11

This error constant is returned as part of createContainer(CreationParams) API call. Device compromised: the system measurement does not match.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: -65549 (0xfffefff3)

public static final int TZ_COMMON_INIT_MSR_MODIFIED

Since: API level 11

This error constant is returned as part of createContainer(CreationParams) API call. Device compromised: /system/tima_measurement_info is modified.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: -65550 (0xfffefff2)

public static final int TZ_COMMON_INIT_UNINITIALIZED_SECURE_MEM

Since: API level 11

This error constant is returned as part of createContainer(CreationParams) API call. /system/tima_measurement_info has not been cached into secure memory yet.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: -65547 (0xfffefff5)

public static final int TZ_COMMON_INTERNAL_ERROR

Since: API level 11

This error constant is returned as part of createContainer(CreationParams) API call. TIMA internal error.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: -65541 (0xfffefffb)

public static final int TZ_COMMON_NULL_POINTER_EXCEPTION

Since: API level 11

This error constant is returned as part of createContainer(CreationParams) API call. TIMA KeyStore context is null.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: -65542 (0xfffefffa)

public static final int TZ_COMMON_RESPONSE_REQUEST_MISMATCH

Since: API level 11

This error constant is returned as part of createContainer(CreationParams) API call. Invalid response from TIMA KeyStore TrustZone application.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: -65539 (0xfffefffd)

public static final int TZ_COMMON_UNDEFINED_ERROR

Since: API level 11

This error constant is returned as part of createContainer(CreationParams) API call. TIMA KeyStore undefined error.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: -65543 (0xfffefff9)

public static final int TZ_KEYSTORE_ERROR

Since: API level 11

This error constant is returned as part of createContainer(CreationParams) API call. TIMA KeyStore initialization failed: TIMA Service unreachable or TIMA version is not 3.0.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: -1 (0xffffffff)

public static final int TZ_KEYSTORE_INIT_FAILED

Since: API level 11

This error constant is returned as part of createContainer(CreationParams) API call. TIMA KeyStore initialization failed: errro to get context.

NOTE: This constant is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0
Constant Value: -2 (0xfffffffe)

Public Constructors

public KnoxContainerManager ()

Since: API level 11

Public Methods

public static boolean addConfigurationType (Context ctx, KnoxConfigurationType type)

Since: API level 11

Deprecated in API level 30
NOTE: This API is not available since Android 13.

API to add a custom configuration type object. The name parameter of the type object has to be unique for an admin.

Parameters
ctx Application's context. An instance of ContextImpl.
type name of the configuration type
Returns
Throws
SecurityException If caller does not have required permissions.
Usage
This API will add a custom configuration type object.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

          try {
              KnoxConfigurationType predefinedConfiguration = KnoxContainerManager.getConfigurationTypeByName("knox-b2b");
              KnoxConfigurationType newConfig = predefinedConfiguration.clone("custom-configuration"); //Clones and assigns a new name
              typeObj.setPasswordMinimumLength(length);
              typeObj.setCustomWallpaper(wallpaperPath);
              ....

              boolean status = KnoxContainerManager.addConfigurationType(context, type);
          } catch (SecurityException e) {
              ....
          }     *        

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.

Since
API level 11
KNOX 2.0

public static int createContainer (String type)

Since: API level 11

Deprecated in API level 30
NOTE: This API is not available since Android 10.

API to create a new Knox application container. Creator of the container has to be an MDM administrator. It retains all claims on the container and applies all policies on the container

Throws
SecurityException If caller does not have required permissions.
Usage
Use this API to create Knox Application container. Container creation process is a two step process, where the API call just initiates a container creation process and doesn't actually create a container based on the state of the device, if the API returns a positive value, it can be treated as a unique request id. A negative number may mean that some kind of error might have happened.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

          try {
              initialRequestId = KnoxContainerManager.createContainer("knox-b2b");
              if(initialRequestId < 0) {
                  switch(initialRequestId) {
                      case KnoxContainerManager.ERROR_INTERNAL_ERROR:
                          ....... (More cases)
                  }
              } else {
                  Log.d(TAG, "Container creation in progress with id:" + initialRequestId);
              }
          } catch (SecurityException e) {
              ....
          }
        

Note:

  • On Device Encryption (ODE) does not work after COM container is created. If device encryption is required, please perform ODE before COM container creation.
  • CCM is the default certificate store in Container. When Container is locked, CCM store for that container is also locked. Certificates cannot be accessed when CCM store is locked. For an application to access certificates when Container is locked the application package must be whitelisted with addPackageToExemptList(String) API.


Call to this API initiates a UI flow, which user has to complete before the actual container can be created. The status of container creation is then notified through an intent ACTION_CONTAINER_CREATION_STATUS. If the return id of createContainer(String, String) matches to that of CONTAINER_CREATION_REQUEST_ID of intent ACTION_CONTAINER_CREATION_STATUS, only then the intent could be trusted.

      IntentFilter filter = new IntentFilter();
      filter.addAction(KnoxContainerManager.ACTION_CONTAINER_CREATION_STATUS);
      registerReceiver(creationStatusReceiver, filter);
      


      private BroadcastReceiver creationStatusReceiver = new BroadcastReceiver() {
          public void onReceive(Context context, Intent intent) {
               int containerCreationRequestId = -1;
               int statusCode = ERROR_INTERNAL_ERROR;
               Bundle extras = intent.getExtras();
               if (extras != null) {
                   containerCreationRequestId = extras.getInt(CONTAINER_CREATION_REQUEST_ID);
                   statusCode = extras.getInt(CONTAINER_CREATION_STATUS_CODE);
               }
               if(initialRequestId != containerCreationRequestId) {
                   return; //Intent belongs to another MDM or a fake Intent.
               }
               if (statusCode >= 0) {
                   showNoteWithToast("container created successfully.");
               } else {
                   displayCreationErrorString(statusCode);
               }

               try {
                   unregisterReceiver(creationStatusReceiver);
               } catch (IllegalArgumentException e) {
                   e.printStackTrace();
               }
           }
       };
      


Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.

Since
API level 11
KNOX 2.0

public static int createContainer (CreationParams params)

Since: API level 13

Deprecated in API level 30
NOTE: This API is not available since Android 10.

API to create a SDP enabled Knox application container.

Parameters
params the creation parameters constructed through CreationParams.
Throws
SecurityException If caller does not have required permissions.
Usage
Use this API to create Knox Application container. Container creation process is a two step process, where the API call just initiates a container creation process and doesn't actually create a container based on the state of the device, if the API returns a positive value, it can be treated as a unique request id. A negative number may mean that some kind of error might have happened.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Note:

  • On Device Encryption (ODE) does not work after COM container is created. If device encryption is required, please perform ODE before COM container creation.
  • CCM is the default certificate store in Container. When Container is locked, CCM store for that container is also locked. Certificates cannot be accessed when CCM store is locked. For an application to access certificates when Container is locked the application package must be whitelisted with addPackageToExemptList(String) API.

 For Non-SDP container(A.K.A Default SDP):
          try {
              CreationParams params = new CreationParams();
              // Build creation params as per your needs.
              params.setConfigurationName("knox-b2b");
              initialRequestId = KnoxContainerManager.createContainer(params);
              if(initialRequestId < 0) {
                  switch(initialRequestId) {
                      case KnoxContainerManager.ERROR_INTERNAL_ERROR:
                          ....... (More cases)
                  }
              } else {
                  Log.d(TAG, "Container creation in progress with id:" + initialRequestId);
              }
          } catch (SecurityException e) {
              ....
          }
        

For SDP enabled container A.K.A MDFPP(Mobile Device Fundamentals Protection Profile) SDP: try { CreationParams params = new CreationParams(); // Build creation params as per your needs. params.setConfigurationName("knox-b2b"); // The key used by administrator in following API is mandatory to enable MDFPP(Mobile Device Fundamentals Protection Profile) SDP otherwise appropriate error code will be returned. params.setPasswordResetToken("passwordResetToken"); initialRequestId = KnoxContainerManager.createContainer(params); if(initialRequestId < 0) { switch(initialRequestId) { case KnoxContainerManager.ERROR_INTERNAL_ERROR: ....... (More cases) } } else { Log.d(TAG, "Container creation in progress with id:" + initialRequestId); } } catch (SecurityException e) { .... }

Call to this API initiates a UI flow, which user has to complete before the actual container can be created. The status of container creation is then notified through an intent ACTION_CONTAINER_CREATION_STATUS. If the return id of createContainer(String, String) matches to that of CONTAINER_CREATION_REQUEST_ID of intent ACTION_CONTAINER_CREATION_STATUS, only then the intent could be trusted.

      IntentFilter filter = new IntentFilter();
      filter.addAction(KnoxContainerManager.ACTION_CONTAINER_CREATION_STATUS);
      registerReceiver(creationStatusReceiver, filter);
      


      private BroadcastReceiver creationStatusReceiver = new BroadcastReceiver() {
          public void onReceive(Context context, Intent intent) {
               int containerCreationRequestId = -1;
               int statusCode = ERROR_INTERNAL_ERROR;
               Bundle extras = intent.getExtras();
               if (extras != null) {
                   containerCreationRequestId = extras.getInt(CONTAINER_CREATION_REQUEST_ID);
                   statusCode = extras.getInt(CONTAINER_CREATION_STATUS_CODE);
               }
               if(initialRequestId != containerCreationRequestId) {
                   return; //Intent belongs to another MDM or a fake Intent.
               }
               if (statusCode >= 0) {
                   showNoteWithToast("container created successfully.");
               } else {
                   displayCreationErrorString(statusCode);
               }

               try {
                   unregisterReceiver(creationStatusReceiver);
               } catch (IllegalArgumentException e) {
                   e.printStackTrace();
               }
           }
       };
      


Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.

Since
API level 13
KNOX 2.2

public static int createContainer (String type, String adminPackageName)

Since: API level 11

Deprecated in API level 30
NOTE: This API is not available since Android 10.

API to create a new Knox application container with MDM inside the container.

Parameters
type The type string refers to the name getName() of KnoxConfigurationType
adminPackageName Package name of the administrator component for whom ownership will be transferred.
Throws
SecurityException If caller does not have required permissions.
Usage
This API takes an "administrator package" as parameter. Once the container is created, framework will install the "administrator package" inside the container. Then ownership of container gets transferred to the admin installed inside container from the creator application. Creator of the container looses all claims on the container and will not be able to apply any policy at all.

Container creation process is a two step process, where the API call just initiates the container creation process and doesn't actually create a container based on the state of the device, if the API returns a positive value, it can be treated as a unique request id. A negative number signifies that an error has occured. The request id is used in the second step of container creation.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

          try {
              initialRequestId = KnoxContainerManager.createContainer("knox-b2b", "com.samsung.edmtest");
              if(initialRequestId < 0) {
                  switch(initialRequestId) {
                      case KnoxContainerManager.ERROR_INTERNAL_ERROR:
                          ....... (More cases)
                  }
              } else {
                  Log.d(TAG, "Container creation in progress with id:" + initialRequestId);
              }
          } catch (SecurityException e) {
              ....
          }
        

Notes:

  • Currently device administrator should pass its own package name to install inside container. Device administrator application data will be restored to application installed inside container.
  • This API is not supported when Device Owner is enabled on the device.
  • CCM is the default certificate store in Container. When Container is locked, CCM store for that container is also locked. Certificates cannot be accessed when CCM store is locked. For an application to access certificates when Container is locked the application package must be whitelisted with addPackageToExemptList(String) API.


Call to this API initiates a UI flow, which user has to complete before the actual container can be created. The status of container creation is then notified through an intent ACTION_CONTAINER_CREATION_STATUS. If the return id of createContainer(String, String) matches to that of CONTAINER_CREATION_REQUEST_ID of intent ACTION_CONTAINER_CREATION_STATUS, only then the intent could be trusted.

      IntentFilter filter = new IntentFilter();
      filter.addAction(KnoxContainerManager.ACTION_CONTAINER_CREATION_STATUS);
      registerReceiver(creationStatusReceiver, filter);
      


      private BroadcastReceiver creationStatusReceiver = new BroadcastReceiver() {
          public void onReceive(Context context, Intent intent) {
               int containerCreationRequestId = -1;
               int statusCode = ERROR_INTERNAL_ERROR;
               Bundle extras = intent.getExtras();
               if (extras != null) {
                   containerCreationRequestId = extras.getInt(CONTAINER_CREATION_REQUEST_ID);
                   statusCode = extras.getInt(CONTAINER_CREATION_STATUS_CODE);
               }
               if(initialRequestId != containerCreationRequestId) {
                   return; //Intent belongs to another MDM or a fake Intent.
               }
               if (statusCode >= 0) {
                   showNoteWithToast("container created successfully.");
               } else {
                   displayCreationErrorString(statusCode);
               }

               try {
                   unregisterReceiver(creationStatusReceiver);
               } catch (IllegalArgumentException e) {
                   e.printStackTrace();
               }
           }
       };
      


Please look at doSelfUninstall() for post creation steps.
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.

Since
API level 11
KNOX 2.0

public static void doSelfUninstall ()

Since: API level 11

Deprecated in API level 30
NOTE: This API is not available since Android 13.

API that allows device administrator to uninstall itself.

Throws
SecurityException If caller does not have required permissions.
Usage
Device administrator can remove self from device. This API is intended to be used for BYOD scenario where IT administrator creates a container and install itself as administrator inside container using createContainer(String, String). After container creation, MDM can call this API to delete itself but that is optional.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.

Since
API level 11
KNOX 2.0

public APMPolicy getAPMPolicy ()

Since: API level 25

Get the object to access 'App Permission Monitor' Policy.

Returns
  • 'App Permission Monitor' policy object
Usage
Administrator can get the object to access the 'App Permission Monitor' Policy.

Since
API level 25
KNOX 3.1

public AdvancedRestrictionPolicy getAdvancedRestrictionPolicy ()

Since: API level 11

Get the object to access the Advanced Restriction Policy Policy.

Returns
Usage
Administrator can get the object to access the AdvancedRestrictionPolicy object.

Since
API level 11
KNOX 2.0

public ApplicationPolicy getApplicationPolicy ()

Since: API level 11

Get the object to access the Application Policy.

Returns
Usage
Administrator can get the object to access the ApplicationPolicy object.

Since
API level 11
KNOX 2.0

public AuditLog getAuditLogPolicy ()

Since: API level 19

Get the object to access the AuditLogPolicy.

Returns
  • The AuditLogPolicy object if success, else null.
Usage
Administrator can get the object to access the AuditLogPolicy object.

Since
API level 19
KNOX 2.6

public BasePasswordPolicy getBasePasswordPolicy ()

Since: API level 11

Get the object to access the Base Password Policy.

Returns
Usage
Administrator can get the object to access the BasePasswordPolicy object.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Since
API level 11
KNOX 2.0

public BootBanner getBootBanner ()

Since: API level 11

API to get the object that accesses the BootBanner APIs.

Returns
  • The BootBanner object if successful, else null.
Usage
An administrator can use this API to get the object that accesses the BootBanner APIs.

Since
API level 6
MDM 4.0

public BrowserPolicy getBrowserPolicy ()

Since: API level 11

Get the object to access the Browser Policy.

Returns
Usage
Administrator can get the object to access the BrowserPolicy. Browser policies applied using this object will be enforced on the Browser application belonging to the container represented by this KnoxContainerManager object.

Since
API level 11
KNOX 2.0

public CertificatePolicy getCertificatePolicy ()

Since: API level 12

Get the object to access the Certificate Policy.

Returns
Usage
Admin can get the object to access the CertificatePolicy object.

Since
API level 12
KNOX 2.1

public CertificateProvisioning getCertificateProvisioning ()

Since: API level 11

API that gets the object that accesses the Certificate Provisioning.

Returns
  • The Certificate Provisioning object if successful, else null.
Usage
An administrator can use this API to get the object that accesses the Certificate Provisioning.

Since
API level 2
MDM 2.0

public ClientCertificateManager getClientCertificateManagerPolicy ()

Since: API level 12

Get the object to access the Client Certificate Manager Policy.

Returns
Usage
Admin can get the object to access the ClientCertificateManager object.

Since
API level 12
KNOX 2.1

public static KnoxConfigurationType getConfigurationType (int containerId)

Since: API level 11

Deprecated in API level 30
NOTE: This API is not available since Android 13.

API to return a configuration type object based on a container id, if the caller is an owner of the container.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Parameters
containerId Id of the container
Returns
Throws
SecurityException If caller does not have required permissions.
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.

Since
API level 11
KNOX 2.0

public static KnoxConfigurationType getConfigurationTypeByName (String type)

Since: API level 11

Deprecated in API level 30
NOTE: This API is not available since Android 13.

API to return a configuration type object based on a name.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Parameters
type Name of the configuration type
Returns
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.

Since
API level 11
KNOX 2.0

public static List<KnoxConfigurationType> getConfigurationTypes ()

Since: API level 11

Deprecated in API level 30
NOTE: This API is not available since Android 13.

API to return a list of accessible configuration types. It includes predefined types and custom types created by current admin.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

Returns
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.

Since
API level 11
KNOX 2.0

public ContainerConfigurationPolicy getContainerConfigurationPolicy ()

Since: API level 11

Get the object to access the Container Configuration Policy.

Returns
Usage
Administrator can get the object to access the ContainerConfigurationPolicy object.

Since
API level 11
KNOX 2.0

public static List<Integer> getContainers ()

Since: API level 11

Deprecated in API level 30
NOTE: This API is not available since Android 13.

API to fetch a list of available Knox application containers. The list only contains the containers created by the current administrator.

Returns
  • A list of container ids for the current user context
Throws
SecurityException If caller does not have required permissions.
Usage
Use this API to fetch a list of available Knox application containers.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.

Since
API level 11
KNOX 2.0

public DLPManagerPolicy getDLPManagerPolicy ()

Since: API level 19

Get the object to access the Knox DLP.

Returns
Usage
Admin can get the object to access the DLPManagerPolicy object.

Since
API level 19
KNOX 2.6

public DateTimePolicy getDateTimePolicy ()

Since: API level 11

Get the object to access the DateTime Policy.

Returns
Usage
Administrator can get the object to access the DateTimePolicy object.

Since
API level 11
KNOX 2.0

public DeviceAccountPolicy getDeviceAccountPolicy ()

Since: API level 11

Get the object to access the DeviceAccount Policy.

Returns
Usage
Administrator can get the object to access the DeviceAccountPolicy object.

Since
API level 11
KNOX 2.0

public DualDARPolicy getDualDARPolicy ()

Since: API level 28

Get the object to access 'DualDAR' Policy.

Returns
  • 'DualDAR' policy object
Usage
Administrator can get the object to access the 'DualDARPolicy' Policy.

Since
API level 28
KNOX 3.3

public EmailAccountPolicy getEmailAccountPolicy ()

Since: API level 11

Get the object to access the EmailAccount Policy.

Returns
Usage
Administrator can get the object to access the EmailAccountPolicy object.

Since
API level 11
KNOX 2.0

public EmailPolicy getEmailPolicy ()

Since: API level 11

Get the object to access the EmailPolicy.

Returns
Usage
Administrator can get the object to access the EmailPolicy object.

Since
API level 11
KNOX 2.0

public EnterpriseBillingPolicy getEnterpriseBillingPolicy ()

Since: API level 13

Get the object to access the Enterprise Billing Policy

Returns
Since
API level 13
KNOX 2.2

public EnterpriseCertEnrollPolicy getEnterpriseCertEnrollPolicy (String cepProtocol)

Since: API level 12

Get the object to access the Enterprise Certificate Enrollment Policy.

Parameters
cepProtocol The Certificate enrollment protocol for which the policy object is retrieved e.g. CERT_PROFILE_TYPE_SCEP for SCEP.
Returns
Usage

Admin can get the object to access the EnterpriseCertEnrollPolicy depending up on the Certificate Enrollment Protocol Service to be used.

Since
API level 12
KNOX 2.1

public ExchangeAccountPolicy getExchangeAccountPolicy ()

Since: API level 11

Get the object to access the ExchangeAccount Policy.

Returns
Usage
Administrator can get the object to access the ExchangeAccountPolicy object.

Since
API level 11
KNOX 2.0

public Firewall getFirewall ()

Since: API level 17

Get the object to access the Firewall.

Returns
  • The Firewall object if success, else null.
Usage
Administrator can get the object to access the Firewall object.

Since
API level 17
KNOX 2.5

public Geofencing getGeofencing ()

Since: API level 11

Get the object to access the Geofencing Policy.

Returns
Usage
Administrator can get the object to access the Geofencing object.

Since
API level 11
KNOX 2.0

public KioskMode getKioskMode ()

Since: API level 12

Get the object to access the KioskMode Policy.

Returns
Usage
Administrator can get the object to access the KioskMode object.

Since
API level 12
KNOX 2.1

public LDAPAccountPolicy getLDAPAccountPolicy ()

Since: API level 11

Get the object to access the LDAP Account Policy.

Returns
Usage
Administrator can get the object to access the LDAPAccountPolicy object.

Since
API level 11
KNOX 2.0

public LocationPolicy getLocationPolicy ()

Since: API level 11

Get the object to access the Location Policy.

Returns
Usage
Administrator can get the object to access the LocationPolicy object.

Since
API level 11
KNOX 2.0

public NetworkAnalytics getNetworkAnalytics ()

Since: API level 22

Deprecated in API level 35
NOTE: This API is not available since Android 13.

API to get the object to access the Network Analytics platform.

Returns
Usage
Admin can get the object to access the NetworkAnalytics object.

Since
API level 22
KNOX 2.8

public PasswordPolicy getPasswordPolicy ()

Since: API level 11

Get the object to access the Password Policy.

Returns
Usage
Administrator can get the object to access the PasswordPolicy object.

Since
API level 11
KNOX 2.0

public RCPPolicy getRCPPolicy ()

Since: API level 11

API to access Container RCP Policy.

Returns
Usage
Administrator can get the object to access the RCPPolicy. RCP sync policies applied using this object will be enforced on the container represented by this KnoxContainerManager object.

Since
API level 11
KNOX 2.0

public RestrictionPolicy getRestrictionPolicy ()

Since: API level 11

Get the object to access the Restriction Policy.

Returns
Usage
Administrator can get the object to access the RestrictionPolicy object.

Since
API level 11
KNOX 2.0

public int getStatus ()

Since: API level 11

Deprecated in API level 30
NOTE: This API is not available since Android 13.

API towill give the current container status.

Returns
  • container status.
Usage
API to retrive the current status for the specified container Id. The status can be one of CONTAINER_INACTIVE, CONTAINER_ACTIVE, CONTAINER_CREATION_IN_PROGRESS, CONTAINER_LOCKED or CONTAINER_DOESNT_EXISTS.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.


 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     int status = kcm.getStatus();
 } catch (NoSuchFieldException e) {
     Log.e(TAG, "UnsupportedOperationException: " + e);
 }
 

Since
API level 11
KNOX 2.0

public UniversalCredentialManager getUCMManager ()

Since: API level 26

Get the object to access the Universal Credential Manager Policy.

Returns
Usage

Administrator can get the object to access the UniversalCredentialManager.

Since
API level 26
KNOX 3.2

public WifiPolicy getWifiPolicy ()

Since: API level 11

Get the object to access the Wifi Policy.

Returns
Usage
Administrator can get the object to access the WifiPolicy object.

Since
API level 11
KNOX 2.0

public boolean lock ()

Since: API level 11

Deprecated in API level 30
NOTE: This API is not available since Android 13.

API to lock the container.

Returns
  • true if the container is successfully locked.false otherwise.
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of container the API throws SecurityException.
NoSuchFieldException If container does not exist or container creation/removal is in progress.
Usage
Use this API to lock the container. It will return true if the container was locked successfully. Calling this API will change the status of the container to CONTAINER_LOCKED

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     boolean returnValue = kcm.lock();
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }  catch (NoSuchFieldException e) {
     Log.e(TAG, "UnsupportedOperationException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.

Since
API level 11
KNOX 2.0
See Also

public static boolean removeConfigurationType (String type)

Since: API level 13

Deprecated in API level 30
NOTE: This API is not available since Android 13.

API to remove a custom configuration type object provided there are no active containers related to this type and the caller is creator of the type.

Parameters
type name of the configuration type
Returns
Throws
SecurityException If caller does not have required permissions.
Usage
This API will remove a custom configuration type object.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

          try {
              boolean status = KnoxContainerManager.removeConfigurationType("knox-custom");
          } catch (SecurityException e) {
              ....
          }     *        

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.

Since
API level 13
KNOX 2.2

public static int removeContainer (int id)

Since: API level 11

Deprecated in API level 30
NOTE: This API is not available since Android 10.

API to remove a Knox application container.

Parameters
id of container.
Throws
SecurityException If caller does not have required permissions.
Usage
Use this API to remove Knox Application container.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.

          try {
              int errorCode = KnoxContainerManager.removeContainer(100);
              if(containerId == KnoxContainerManager.REMOVE_CONTAINER_SUCCESS) {
                  //success
              } else {
                  switch(containerId) {
                      case KnoxContainerManager.ERROR_INTERNAL_ERROR:
                          ....... (More cases)
                  }
              }
          } catch (SecurityException e) {
              ....
          }
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.

Since
API level 11
KNOX 2.0

public boolean unlock ()

Since: API level 11

Deprecated in API level 30
NOTE: This API is not available since Android 13.

API to unlock the container.

Returns
  • true if the container is successfully unlocked. false otherwise.
Throws
SecurityException If caller does not have required permissions. Only administrator who created container can enforce policy, if the calling administrator is not an owner of container the API throws SecurityException.
NoSuchFieldException If container does not exist or container creation/removal is in progress.
Usage
Calling this API will unlock the container. It will return true if the container was successfully unlocked. Calling this API will change the status of the container to CONTAINER_INACTIVE. The container is in the CONTAINER_INACTIVE state when administrator calls unlock after locking the container.

NOTE: This API is impacted by changes made to the Workspace container in Knox 3.0. For more information, please see New container architecture overview.


 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 try {
     KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
     boolean returnValue = kcm.unlock();
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }  catch (NoSuchFieldException e) {
     Log.e(TAG, "UnsupportedOperationException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_CONTAINER" permission which has a protection level of signature.

Since
API level 11
KNOX 2.0