Summary: Methods | Inherited Methods | [Expand All]

Since: API level 19

public class

DLPManagerPolicy

extends Object

java.lang.Object
↳	com.samsung.android.knox.dlp.DLPManagerPolicy

Deprecated in API level 27

Class Overview

This class provides APIs for MDM administrators to configure Data Loss Prevention(DLP) on the device. It provides APIs to set configure the information and provide a list of applications (whitelist) that can make use of the DLP functionality

NOTE: : This API is not available since Android 12(deprecated in API level 27)

Since

API level 19

KNOX 2.6

Summary

Public Methods
boolean	addPackagesToAllowDLPWhiteList(List<DLPPackageInfo> list) Deprecated in API level 27
Bundle	getDLPConfig() Deprecated in API level 27
List<DLPPackageInfo>	getPackagesFromAllowDLPWhiteList() Deprecated in API level 27
boolean	removeDLPFiles(boolean onlyExpired) Deprecated in API level 27
boolean	removePackagesFromAllowDLPWhiteList(List<String> list) Deprecated in API level 27
boolean	setDLPConfig(Bundle config) Deprecated in API level 27

[Expand]

Inherited Methods

From class java.lang.Object

Public Methods

public boolean addPackagesToAllowDLPWhiteList (List<DLPPackageInfo> list)

Since: API level 19

Deprecated in API level 27

API to add list of applications to DLP whitelist.

Parameters

list	List of objects of type `DLPPackageInfo` to be added in DLP whitelist

Returns

true if success, false if it failed

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to add a list of applications in DLP whitelist which can access DLP files.

There are two type of application, both App types can set DLP attribute(s) while creating sensitive contents, and also can access these DLP contents. However, additional Restriction Policy (clipboard, network access, and so on) is enforced on consumer apps to prevent data leakage from these type of apps. You can create the DLP package-info list of apps that needs to be added to DLP whitelist. Each DLP Package-info can consist of package name, app type (creator is 0, consumer is 1), and signature (optional). If "Type" is not set for any given package-info then by default app type considered as creator.

Note: This API can be called only by Profile owner.

For Container:

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 DLPManagerPolicy dlpManagerPolicy = kcm.getDLPManagerPolicy();
 List<DLPPackageInfo> list = new ArrayList<DLPPackageInfo> (); 
 DLPPackageInfo app1 = new DLPPackageInfo(new AppIdentity("com.test.creator", "app1_siganature"), null);
 Bundle bundle = new Bundle();
 bundle.putInt("Type", 1);
 DLPPackageInfo app2 = new DLPPackageInfo(new AppIdentity("com.test.consumer", null), bundle);
 list.add(app1);
 list.add(app2);
 
 try {
     dlpManagerPolicy.addPackagesToAllowDLPWhiteList(list);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException" + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_DLP_MGMT" permission which has a protection level of signature.

Since

API level 19

KNOX 2.6

Multiuser Environment

User Scope

public Bundle getDLPConfig ()

Since: API level 19

Deprecated in API level 27

API to get DLP configuration.

Returns

Configuration bundle if success, else null

Usage

An administrator can use this API to get configuration for DLP

Note: This API can be called only by Profile owner.

For Container:

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 DLPManagerPolicy dlpManagerPolicy = kcm.getDLPManagerPolicy();
 
 try {
     Bundle config = dlpManagerPolicy.getDLPConfig();
 } catch (SecurityException e) {
     Log.w(TAG, "Exception" + e);
 }

 boolean isActivated = config.getBoolean("Activate", false);
 boolean isLocked = config.getBoolean("Lock", false);
 int expiryAfter = config.getInt("ExpiryAfter", 0);
 
 // List of additional supported extensions
 // Note: Since KNOX 2.7, Extra extension support is available for DLP
 String supportedExtraExtensions = config.getString("Extensions",null);
 
 // List of domain names whitelisted to allow DLP file upload operation.
 // Note: Since Knox 2.8, Domains support is available for DLP
 String supportedDomains = config.getString("Domains",null);
 
 //List of enabled events for dlp audit logging
 //Note: Since Knox 2.8, Audit logging support is available for DLP
 boolean isLogFileCreateEvent = config.getBoolean("CREATE", false);
 boolean isLogFileOpenEvent = config.getBoolean("OPEN", false);
 boolean isLogFileRenameEvent = config.getBoolean("RENAME", false);
 boolean isLogFileExpiredAccessEvent = config.getBoolean("EXPIRED", false);
 boolean isLogFileUnauthorizedAccessEvent = config.getBoolean("UNAUTHORIZED", false);

Since

API level 19

KNOX 2.6

Multiuser Environment

User Scope

public List<DLPPackageInfo> getPackagesFromAllowDLPWhiteList ()

Since: API level 19

Deprecated in API level 27

API to get list of applications from DLP whitelist.

Returns

List of objects of type DLPPackageInfo if succeeds, else null.

Usage

An administrator can use this API to get a list of applications from DLP whitelist which can access DLP files.

Note: This API can be called only by Profile owner.

For Container:

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 DLPManagerPolicy dlpManagerPolicy = kcm.getDLPManagerPolicy();
 
 try {
     List<DLPPackageInfo> list = dlpManagerPolicy.getPackagesFromAllowDLPWhiteList();
 } catch (SecurityException e) {
     Log.w(TAG, "Exception" + e);
 }

Since

API level 19

KNOX 2.6

Multiuser Environment

User Scope

public boolean removeDLPFiles (boolean onlyExpired)

Since: API level 19

Deprecated in API level 27

API to remove DLP files.

Parameters

onlyExpired	If true then only expired DLP files will be removed; if false all DLP Files will be removed

Returns

true if success, false if it failed

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to remove DLP files on device.

Note: This API can be called only by Profile owner.

For Container:

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 DLPManagerPolicy dlpManagerPolicy = kcm.getDLPManagerPolicy();
 
 try {
     boolean ret = dlpManagerPolicy.removeDLPFiles(false);
 } catch (SecurityException e) {
     Log.w(TAG, "Exception" + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_DLP_MGMT" permission which has a protection level of signature.

Since

API level 19

KNOX 2.6

Multiuser Environment

User Scope

public boolean removePackagesFromAllowDLPWhiteList (List<String> list)

Since: API level 19

Deprecated in API level 27

API to remove list of applications from DLP whitelist.

Parameters

list	List of String to be removed from DLP whitelist

Returns

true if success, false if it failed

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to remove a list of appliations from DLP whitelist.

Note: This API can be called only by Profile owner.

For Container:

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 DLPManagerPolicy dlpManagerPolicy = kcm.getDLPManagerPolicy();
 
 List<String> list = new ArrayList<String> ();
 list.add("com.test.consumer");
 
 try {
     dlpManagerPolicy.removePackagesFromAllowDLPWhiteList(list);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException" + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_DLP_MGMT" permission which has a protection level of signature.

Since

API level 19

KNOX 2.6

Multiuser Environment

User Scope

public boolean setDLPConfig (Bundle config)

Since: API level 19

Deprecated in API level 27

API to set DLP configuration.

Parameters

config	Bundle of configuration data to set

Returns

return true if success, false if it failed

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to set configuration for DLP.

Note: This API can be called only by Profile owner.

For Container:

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 DLPManagerPolicy dlpManagerPolicy = kcm.getDLPManagerPolicy();
 
 // set configuration
 Bundle config = new Bundle();
 config.putBoolean("Activate", true);
 config.putBoolean("Lock", false);
 config.putInt("ExpiryAfter", 3 * 24 * 60 * 60);
 
 // Extra extension list to be supported for DLP. In case null is passed only default extensions will be supported
 // Default supproted extensions:[xls,xlsx,doc,docx,ppt,pptx,pdf,jpg,jpeg,zip,mp4,txt,asd,xlam,htm,html,mht,eml,msg,hwp,gul,rtf,mysingle,png,gif]
 // To add: pass comma(,) seperated extensions
 // To delete: remove the extension from list or pass null to delete all previously set extra extensions
 // Note: Since KNOX 2.7, Extra extension support is available for DLP.
 config.putString("Extensions", "xxx,yyy,zzz");
 
 //Domain names separated by comma, which are trusted by admin through which 
 //sensitive file upload operations are allowed. To delete: remove the domain 
 //names from list or pass null to delete all previously set domain names. 
 //Note: Since Knox 2.8, Domain name whitelist support for DLP file upload operation is available for DLP.
 config.putString("Domains", "google.com,filedrive.com");
 
 //5 separate boolean values related to event types must be passed in the config variable
 //to enable or disable DLP audit logging for respective events
 //To enable logging: pass true value to respective event flag
 //To disable logging: pass false value to respective event flag
 //Note: Since Knox 2.8, Audit logging feature is available for DLP.
 config.putBoolean("CREATE", true);
 config.putBoolean("OPEN", true);
 config.putBoolean("RENAME", false);
 config.putBoolean("EXPIRED", false);
 config.putBoolean("UNAUTHORIZED", true);
 try {
     dlpManagerPolicy.setDLPConfig(config);
 } catch (SecurityException e) {
     Log.w(TAG, "Exception" + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_DLP_MGMT" permission which has a protection level of signature.

Since

API level 19

KNOX 2.6

Multiuser Environment

User Scope

Knox SDK API reference

Classes

DLPManagerPolicy

Class Overview

Since

Summary

Public Methods

public boolean addPackagesToAllowDLPWhiteList (List<DLPPackageInfo> list)

Parameters

Returns

Throws

Usage

For Container:

Permission

Since

Multiuser Environment

See Also

public Bundle getDLPConfig ()

Returns

Usage

For Container:

Since

Multiuser Environment

See Also

public List<DLPPackageInfo> getPackagesFromAllowDLPWhiteList ()

Returns

Usage

For Container:

Since

Multiuser Environment

See Also

public boolean removeDLPFiles (boolean onlyExpired)

Parameters

Returns

Throws

Usage

For Container:

Permission

Since

Multiuser Environment

public boolean removePackagesFromAllowDLPWhiteList (List<String> list)

Parameters

Returns

Throws

Usage

For Container:

Permission

Since

Multiuser Environment

See Also

public boolean setDLPConfig (Bundle config)

Parameters

Returns

Throws

Usage

For Container:

Permission

Since

Multiuser Environment

See Also