Since: API level 19
public class

DomainFilterRule

extends Object
implements Parcelable
java.lang.Object
   ↳ com.samsung.android.knox.net.firewall.DomainFilterRule

Class Overview

This class encapsulates a Domain Filter Rule that will be manipulated by the firewall policies.

A rule is represented by the following fields:

Application's package name

The package name of the application which the attempts to access the URLs for the specified domain names must either be blocked or allowed.

A rule can represent all applications instead of a particular one, in this case, the package name must be set to FIREWALL_ALL_PACKAGES. This rule will be applied only for applications which do not have specific rules on database.

Deny List

A list of URLs for specified domain names to block DNS resolution. The format of the URL must be compliant with RFC's standards and must also match one of the following rules:

  • Full URL: "www.google.com"
  • Partial URL: "*android.com"; "www.samsung*"; "*google*". The character "*" (wildcard) must be at the beginning and/or at the end of the URL otherwise the URL is invalid.
  • Special case, matches any URL : "*"

  • NOTE: Previously accessed websites may be accessible for some time even after applying DomainFilterRule(s) rules. To avoid this behavior it is necessary to clear the browser history and cache.

    Allow List

    A list of URLs for specified domain names to allow DNS resolution. It will have precedence over deny list, so any URL matching a URL in this list will always be allowed, even if it also matches the deny list. Please note all URLs can be accessed if deny list is empty but allow list is populated. The format of the URL must be compliant with RFC's standards and must also match one of the following rules:

  • Full URL: "www.google.com"
  • Partial URL: "*android.com"; "www.samsung*"; "*google*". The character "*" (wildcard) must be at the beginning and/or at the end of the URL otherwise the URL is invalid.
  • Special case, represents any URL : "*"

  • DNS server 1

    The primary DNS server, in the format of IP address v4(8.8.8.8) or v6(2001:4860:4860::8888), which will resolve domain names for a given application.

    Since there is no interdependence between DNS and allow/deny domains list, rule objects can be created with different combinations: only DNS servers; only allow/deny lists; DNS servers and allow/deny list.

    The DNS server will only be effectively applied if no VPN or Proxy is enabled for the given application.

    DNS server 2

    The secondary DNS server, in the format of IP address v4(8.8.8.8) or v6(2001:4860:4860::8888), which will resolve domain names for a given application.

    This is the backup DNS server to be provided along with primary DNS server.

    Since there is no interdependence between DNS and allow/deny domains list, rule objects can be created with different combinations: only DNS servers; only allow/deny lists; DNS servers and allow/deny list.

    The DNS server will only be effectively applied if no VPN or Proxy is enabled for the given application.

    Since
    API level 19
    MDM 5.6

    Summary

    [Expand]
    Inherited Constants
    From interface android.os.Parcelable
    Fields
    public static final List<DomainFilterRule> CLEAR_ALL Used by removeDomainFilterRules(List) to clear all Domain Filter Rules of the current user from the database.
    Public Constructors
    DomainFilterRule(AppIdentity appIdentity, List<String> denyDomainFilter, List<String> allowDomainFilter)
    Creates a DomainFilterRule instance.
    DomainFilterRule(AppIdentity appIdentity, List<String> denyDomainFilter, List<String> allowDomainFilter, String dns1, String dns2)
    Creates a DomainFilterRule instance.
    DomainFilterRule(AppIdentity appIdentity)
    Creates a DomainFilterRule instance.
    Public Methods
    List<String> getAllowDomains()
    Retrieve the URLs in allow list.
    AppIdentity getApplication()
    Retrieve the AppIdentity of the application this rule applies to.
    List<String> getDenyDomains()
    Retrieve the URLs in deny list.
    String getDns1()
    Retrieve the primary DNS server set or null otherwise.
    String getDns2()
    Retrieve the secondary DNS server set or null otherwise.
    void setAllowDomains(List<String> allowDomains)
    Set the allow list of URLs.
    void setApplication(AppIdentity appIdentity)
    Set the AppIdentity of the application this rule must be applied to.
    void setDenyDomains(List<String> denyDomains)
    Set the deny list of URLs.
    void setDns1(String dns1)
    Set the primary DNS server to be used in DNS resolutions for the given application.
    void setDns2(String dns2)
    Set the secondary DNS server to be used in DNS resolutions for the given application.
    [Expand]
    Inherited Methods
    From class java.lang.Object
    From interface android.os.Parcelable

    Fields

    public static final List<DomainFilterRule> CLEAR_ALL

    Since: API level 19

    Used by removeDomainFilterRules(List) to clear all Domain Filter Rules of the current user from the database.

    Since
    API level 19
    MDM 5.6

    Public Constructors

    public DomainFilterRule (AppIdentity appIdentity, List<String> denyDomainFilter, List<String> allowDomainFilter)

    Since: API level 19

    Creates a DomainFilterRule instance.

    Parameters
    appIdentity The AppIdentity of the application this rule must be applied to.
    denyDomainFilter The deny list of URLs for the given application.
    allowDomainFilter The allow list of URLs for the given application.
    Since
    API level 19
    MDM 5.6

    public DomainFilterRule (AppIdentity appIdentity, List<String> denyDomainFilter, List<String> allowDomainFilter, String dns1, String dns2)

    Since: API level 19

    Creates a DomainFilterRule instance.

    Parameters
    appIdentity The AppIdentity of the application this rule must be applied to.
    denyDomainFilter The deny list of URLs for the given application.
    allowDomainFilter The allow list of URLs for the given application.
    dns1 The primary DNS server to be used by the given application.
    dns2 The secondary DNS server to be used by the given application.
    Since
    API level 20
    MDM 5.7

    public DomainFilterRule (AppIdentity appIdentity)

    Since: API level 19

    Creates a DomainFilterRule instance. Use the setters for needed fields: domain lists and/or DNS(s).

    Parameters
    appIdentity The AppIdentity of the application this rule must be applied to.
    Since
    API level 20
    MDM 5.7

    Public Methods

    public List<String> getAllowDomains ()

    Since: API level 19

    Retrieve the URLs in allow list.

    Returns
    • The URLs in allow list.
    Since
    API level 19
    MDM 5.6

    public AppIdentity getApplication ()

    Since: API level 19

    Retrieve the AppIdentity of the application this rule applies to.

    Returns
    • The App Identity this rule applies to.
    Since
    API level 19
    MDM 5.6

    public List<String> getDenyDomains ()

    Since: API level 19

    Retrieve the URLs in deny list.

    Returns
    • The URLs in deny list.
    Since
    API level 19
    MDM 5.6

    public String getDns1 ()

    Since: API level 20

    Retrieve the primary DNS server set or null otherwise.

    Returns
    • The primary DNS server.
    Since
    API level 20
    MDM 5.7
    See Also

    public String getDns2 ()

    Since: API level 20

    Retrieve the secondary DNS server set or null otherwise.

    Returns
    • The secondary DNS server.
    Since
    API level 20
    MDM 5.7
    See Also

    public void setAllowDomains (List<String> allowDomains)

    Since: API level 19

    Set the allow list of URLs. Please note all URLs can be accessed if allow list is populated but deny list is empty.

    Parameters
    allowDomains The list of URLs to allow (allow list).
    Since
    API level 19
    MDM 5.6

    public void setApplication (AppIdentity appIdentity)

    Since: API level 19

    Set the AppIdentity of the application this rule must be applied to.

    Parameters
    appIdentity The App Identity of the application this rule must be applied to.
    Since
    API level 19
    MDM 5.6
    See Also

    public void setDenyDomains (List<String> denyDomains)

    Since: API level 19

    Set the deny list of URLs.

    Parameters
    denyDomains The list of URLs to block (deny list).
    Since
    API level 19
    MDM 5.6
    See Also

    public void setDns1 (String dns1)

    Since: API level 20

    Set the primary DNS server to be used in DNS resolutions for the given application. The DNS server must be in the format of IP address v4(8.8.8.8) or v6(2001:4860:4860::8888).

    Parameters
    dns1 The primary DNS server.
    Since
    API level 20
    MDM 5.7
    See Also

    public void setDns2 (String dns2)

    Since: API level 20

    Set the secondary DNS server to be used in DNS resolutions for the given application. This is optional and must only be provided along with primary DNS. The DNS server must be in the format of IP address v4(8.8.8.8) or v6(2001:4860:4860::8888).

    Parameters
    dns2 The secondary DNS server.
    Since
    API level 20
    MDM 5.7
    See Also