Summary: Nested Classes | Constants | Methods | Inherited Methods | [Expand All]

Since: API level 2

public class

RestrictionPolicy

extends Object

java.lang.Object
↳	com.samsung.android.knox.restriction.RestrictionPolicy

Class Overview

This class provides APIs to restrict device functions.

Since

API level 2

MDM 2.0

Summary

Nested Classes
enum	RestrictionPolicy.USBInterface	Enum of USB class Interface

Constants
String	ACTION_UPDATE_FOTA_VERSION_RESULT	Broadcast Action: To notify the administrator about result of FOTA version setting operations.
int	ERROR_UPDATE_FOTA_ENABLED_BY_OTHER_ADMIN	Another admin already set the policy.
int	ERROR_UPDATE_FOTA_INVALID_PARAMETER	Admin provided invalid parameter.
int	ERROR_UPDATE_FOTA_NONE	Success.
int	ERROR_UPDATE_FOTA_UNKNOWN	Unknown/internal error.
int	ERROR_UPDATE_FOTA_UNKNOWN_SERVER	Unknown FOTA server error.
String	EXTRA_UPDATE_FOTA_VERSION_STATUS	Used as an integer extra field with `ACTION_UPDATE_FOTA_VERSION_RESULT`.
int	LOCKSCREEN_MULTIPLE_WIDGET_VIEW	LockScreen multiple widgets
int	LOCKSCREEN_SHORTCUTS_VIEW	LockScreen shortcuts
int	STATUS_UPDATE_FOTA_ALREADY_LATEST_VERSION	Current FOTA binary is latest.
int	STATUS_UPDATE_FOTA_FAILURE	FOTA binary update failure.
int	STATUS_UPDATE_FOTA_PROCESSING	FOTA binary update is progressing.
int	STATUS_UPDATE_FOTA_SUCCESS	FOTA binary update success.
String	UPDATE_FOTA_CORPID	Corporation Id key defined in bundle of `setAllowedFOTAVersion(String, Bundle)` API call.
int	WEARABLE_GEAR_DEVICE	Deprecated in API level 27

Public Methods
boolean	allowAirplaneMode(boolean allow) Deprecated in API level 35
boolean	allowAndroidBeam(boolean allow) Deprecated in API level 35
boolean	allowAudioRecord(boolean allow) Deprecated in API level 35
boolean	allowBackgroundProcessLimit(boolean allow) API to allow or disallow setting a background process limit.
boolean	allowBluetooth(boolean enable) API to enable or disable Bluetooth access.
boolean	allowClipboardShare(boolean allow) API to allow or disallow sharing the clipboard between applications.
boolean	allowDataSaving(boolean allow) API to allow or disallow Data Saving.
boolean	allowDeveloperMode(boolean allow) Deprecated in API level 35
boolean	allowFactoryReset(boolean allow) Deprecated in API level 35
boolean	allowFastEncryption(boolean enable) Deprecated in API level 35
boolean	allowFirmwareRecovery(boolean allow) API to allow or disallow firmware update.
boolean	allowGoogleAccountsAutoSync(boolean allow) API to allow or disallow auto sync for Google accounts.
boolean	allowGoogleCrashReport(boolean allow) Deprecated in API level 35
boolean	allowKillingActivitiesOnLeave(boolean allow) API to allow or disallow killing an activity when the user leaves it
boolean	allowLockScreenView(int view, boolean allow) Deprecated in API level 37
boolean	allowOTAUpgrade(boolean allow) API to allow or disallow upgrading the operating system (OS) over-the-air (OTA).
boolean	allowPowerOff(boolean allow) API to allow or disallow the user to power off the device by pressing the power button.
boolean	allowPowerSavingMode(boolean allow) API to allow or disallow Power Saving Mode.
boolean	allowSBeam(boolean allow) Deprecated in API level 35
boolean	allowSDCardMove(boolean enable) API to allow or disallow SDCard Move options in the device Settings.
boolean	allowSDCardWrite(boolean allow) API to enable or disable writing to the Secure Digital (SD) card.
boolean	allowSVoice(boolean allow) Deprecated in API level 33 NOTE: This API is not available since Android 12.
boolean	allowSafeMode(boolean allow) Deprecated in API level 35
boolean	allowScreenPinning(boolean allow) Deprecated in API level 35
boolean	allowSettingsChanges(boolean allow) API to allow or deny access to Settings application.
boolean	allowShareList(boolean allow) API to allow or disallow display of Share Via List.
boolean	allowSmartClipMode(boolean allow) API to allow or deny Smart Clip on device.
boolean	allowStatusBarExpansion(boolean allow) Deprecated in API level 35
boolean	allowStopSystemApp(boolean allow) Deprecated in API level 35
boolean	allowUWB(boolean allow) Deprecated in API level 37 NOTE: This API is not available since Android 14.
boolean	allowUsbHostStorage(boolean allow) Deprecated in API level 35
boolean	allowUserMobileDataLimit(boolean allow) API to allow or disallow the user to set the mobile data limit.
boolean	allowVideoRecord(boolean allow) Deprecated in API level 35
boolean	allowVpn(boolean allow) API to allow or disallow the user to use the native virtual private network (VPN) functionality.
boolean	allowWallpaperChange(boolean allow) Deprecated in API level 35
boolean	allowWiFi(boolean enable) Deprecated in API level 35
boolean	allowWifiDirect(boolean allow) Deprecated in API level 35
boolean	enableWearablePolicy(int device, boolean enable) Deprecated in API level 27
String	getAllowedFOTAVersion() API to get allowed FOTA version on device.
int	getUsbExceptionList() API to get USB class exception list.
boolean	isAirplaneModeAllowed() Deprecated in API level 35
boolean	isAndroidBeamAllowed() Deprecated in API level 35
boolean	isAudioRecordAllowed() Deprecated in API level 35
boolean	isBackgroundDataEnabled() API to check whether background data usage is enabled.
boolean	isBackgroundProcessLimitAllowed() API to check whether a limit on background processes is allowed.
boolean	isBackupAllowed(boolean showMsg) Deprecated in API level 35
boolean	isBluetoothEnabled(boolean showMsg) API to check whether Bluetooth is enabled.
boolean	isBluetoothTetheringEnabled() Deprecated in API level 35
boolean	isCameraEnabled(boolean showMsg) Deprecated in API level 35
boolean	isCellularDataAllowed() API to check whether cellular data connection is enabled.
boolean	isClipboardAllowed(boolean showMsg) API to check whether access to clipboard is enabled.
boolean	isClipboardShareAllowed() API to check whether sharing the clipboard between applications is allowed
boolean	isDataSavingAllowed() API to check whether Data Saving is allowed or not.
boolean	isDeveloperModeAllowed() Deprecated in API level 35
boolean	isFactoryResetAllowed() Deprecated in API level 35
boolean	isFastEncryptionAllowed(boolean showMsg) Deprecated in API level 35
boolean	isFirmwareRecoveryAllowed(boolean showMsg) API to check whether or not firmware recovery are allowed.
boolean	isGoogleAccountsAutoSyncAllowed() API to check whether or not Google accounts are allowed to sync automatically.
boolean	isGoogleCrashReportAllowed() Deprecated in API level 35
boolean	isHeadphoneEnabled(boolean showMsg) API to check whether or not Headphone is enabled.
boolean	isHomeKeyEnabled() API to check whether home key functionality is enabled.
boolean	isKillingActivitiesOnLeaveAllowed() API to check whether killing an activity when the user leaves it is allowed.
boolean	isLockScreenEnabled(boolean showMsg) API to check whether or not lockscreen is enabled.
boolean	isLockScreenViewAllowed(int view) Deprecated in API level 37
boolean	isMicrophoneEnabled(boolean showMsg) Deprecated in API level 35
boolean	isMockLocationEnabled() Deprecated in API level 35
boolean	isNonMarketAppAllowed() Deprecated in API level 35
boolean	isOTAUpgradeAllowed() API to check whether upgrading the operating system (OS) over-the-air (OTA) is enabled.
boolean	isPowerOffAllowed() API to check whether the user is allowed to power off the device by pressing the power button.
boolean	isPowerSavingModeAllowed() API to check whether Power Saving Mode is allowed or not.
boolean	isSBeamAllowed() Deprecated in API level 35
boolean	isSDCardMoveAllowed(boolean showMsg) API to check whether or not SDCard Move is allowed.
boolean	isSDCardWriteAllowed() API to check whether writing to the Secure Digital (SD) card is enabled.
boolean	isSVoiceAllowed() Deprecated in API level 33
boolean	isSafeModeAllowed() Deprecated in API level 35
boolean	isScreenCaptureEnabled(boolean showMsg) Deprecated in API level 35
boolean	isScreenPinningAllowed() Deprecated in API level 35
boolean	isSdCardEnabled() Deprecated in API level 35
boolean	isSettingsChangesAllowed(boolean showMsg) API to check whether the user is allowed to access device settings through Settings application.
boolean	isShareListAllowed() API to check whether display of Share Via List is allowed or not.
boolean	isSmartClipModeAllowed() API to check whether Smart Clip is allowed.
boolean	isStatusBarExpansionAllowed() Deprecated in API level 35
boolean	isStopSystemAppAllowed() Deprecated in API level 35
boolean	isTetheringEnabled() Deprecated in API level 35
boolean	isUWBAllowed() Deprecated in API level 37 NOTE: This API is not available since Android 14.
boolean	isUsbDebuggingEnabled() Deprecated in API level 35
boolean	isUsbHostStorageAllowed() Deprecated in API level 35
boolean	isUsbMediaPlayerAvailable(boolean showMsg) Deprecated in API level 35
boolean	isUsbTetheringEnabled() Deprecated in API level 35
boolean	isUserMobileDataLimitAllowed() API to check whether the user is allowed to set the mobile data limit.
boolean	isVideoRecordAllowed() Deprecated in API level 35
boolean	isVpnAllowed() API to check whether native virtual private network (VPN) functionality is allowed.
boolean	isWallpaperChangeAllowed() Deprecated in API level 35
boolean	isWearablePolicyEnabled(int device) Deprecated in API level 27
boolean	isWiFiEnabled(boolean showMsg) Deprecated in API level 35
boolean	isWifiDirectAllowed() Deprecated in API level 35
boolean	isWifiTetheringEnabled() Deprecated in API level 35
boolean	setAllowNonMarketApps(boolean allow) Deprecated in API level 35
boolean	setAllowedFOTAVersion(String version, Bundle bundle) API to set allowed FOTA version on device.
boolean	setBackgroundData(boolean enable) API to enable or disable access to manage background data usage.
boolean	setBackup(boolean enable) Deprecated in API level 35
boolean	setBluetoothTethering(boolean enable) Deprecated in API level 35
boolean	setCameraState(boolean enable) Deprecated in API level 35
boolean	setCellularData(boolean enable) API to enable or disable cellular data connection.
boolean	setClipboardEnabled(boolean enable) API to enable or disable access to the clipboard.
boolean	setHeadphoneState(boolean enable) API to set Headphone state.
boolean	setHomeKeyState(boolean enable) API to enable or disable home key functionality.
boolean	setLockScreenState(boolean enable) API to allow or disallow lockscreen menu in the device Settings.
boolean	setMicrophoneState(boolean enable) Deprecated in API level 35
boolean	setMockLocation(boolean enable) Deprecated in API level 35
boolean	setScreenCapture(boolean enable) Deprecated in API level 35
boolean	setSdCardState(boolean enable) Deprecated in API level 35
boolean	setTethering(boolean enable) Deprecated in API level 35
boolean	setUsbDebuggingEnabled(boolean enable) Deprecated in API level 35
boolean	setUsbExceptionList(int exceptionList) API to set USB class exception list.
boolean	setUsbMediaPlayerAvailability(boolean enable) Deprecated in API level 35
boolean	setUsbTethering(boolean enable) Deprecated in API level 35
boolean	setWifiTethering(boolean enable) Deprecated in API level 35

[Expand]

Inherited Methods

From class java.lang.Object

Constants

public static final String ACTION_UPDATE_FOTA_VERSION_RESULT

Since: API level 20

Broadcast Action: To notify the administrator about result of FOTA version setting operations.

The intent has the following extra values:

EXTRA_UPDATE_FOTA_VERSION_STATUS:

Permission

The use of this intent requires the user to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission which has a protection level of signature.

Since

API level 20

MDM 5.7

Constant Value: "com.samsung.android.knox.intent.action.UPDATE_FOTA_VERSION_RESULT"

public static final int ERROR_UPDATE_FOTA_ENABLED_BY_OTHER_ADMIN

Since: API level 20

Another admin already set the policy.

Since

API level 20

MDM 5.7

Constant Value: 2 (0x00000002)

public static final int ERROR_UPDATE_FOTA_INVALID_PARAMETER

Since: API level 32

Admin provided invalid parameter.

Since

API level 20

MDM 5.7

Constant Value: 3 (0x00000003)

public static final int ERROR_UPDATE_FOTA_NONE

Since: API level 20

Success.

Since

API level 20

MDM 5.7

Constant Value: 0 (0x00000000)

public static final int ERROR_UPDATE_FOTA_UNKNOWN

Since: API level 20

Unknown/internal error.

Since

API level 20

MDM 5.7

Constant Value: 4 (0x00000004)

public static final int ERROR_UPDATE_FOTA_UNKNOWN_SERVER

Since: API level 20

Unknown FOTA server error. This can only occur if the CorpID is changed.

Since

API level 20

MDM 5.7

Constant Value: 1 (0x00000001)

public static final String EXTRA_UPDATE_FOTA_VERSION_STATUS

Since: API level 20

Used as an integer extra field with ACTION_UPDATE_FOTA_VERSION_RESULT. Contains the error code during update FOTA API set and status code during actual FOTA result.
ERROR_UPDATE_FOTA_NONE

ERROR_UPDATE_FOTA_UNKNOWN_SERVER

ERROR_UPDATE_FOTA_ENABLED_BY_OTHER_ADMIN

ERROR_UPDATE_FOTA_INVALID_PARAMETER

ERROR_UPDATE_FOTA_UNKNOWN

STATUS_UPDATE_FOTA_SUCCESS

STATUS_UPDATE_FOTA_ALREADY_LATEST_VERSION

STATUS_UPDATE_FOTA_PROCESSING

STATUS_UPDATE_FOTA_FAILURE

Since

API level 20

MDM 5.7

Constant Value: "com.samsung.android.knox.intent.extra.UPDATE_FOTA_VERSION_STATUS"

public static final int LOCKSCREEN_MULTIPLE_WIDGET_VIEW

Since: API level 6

LockScreen multiple widgets

Since

API level 6

MDM 4.0

Constant Value: 1 (0x00000001)

public static final int LOCKSCREEN_SHORTCUTS_VIEW

Since: API level 6

LockScreen shortcuts

Since

API level 6

MDM 4.0

Constant Value: 2 (0x00000002)

public static final int STATUS_UPDATE_FOTA_ALREADY_LATEST_VERSION

Since: API level 21

Current FOTA binary is latest. This can only occur if a binary update is attempted.

Since

API level 21

MDM 5.7.1

Constant Value: 6 (0x00000006)

public static final int STATUS_UPDATE_FOTA_FAILURE

Since: API level 21

FOTA binary update failure. This can only occur if a binary update is attempted.

Since

API level 21

MDM 5.7.1

Constant Value: 8 (0x00000008)

public static final int STATUS_UPDATE_FOTA_PROCESSING

Since: API level 21

FOTA binary update is progressing. This can only occur if a binary update is attempted.

Since

API level 21

MDM 5.7.1

Constant Value: 7 (0x00000007)

public static final int STATUS_UPDATE_FOTA_SUCCESS

Since: API level 21

FOTA binary update success. This can only occur if a binary update is attempted.

Since

API level 21

MDM 5.7.1

Constant Value: 5 (0x00000005)

public static final String UPDATE_FOTA_CORPID

Since: API level 21

Corporation Id key defined in bundle of setAllowedFOTAVersion(String, Bundle) API call. It will only permit Corporation Id issued by SEAP portal and the random value will be failed

Since

API level 21

MDM 5.7.1

Constant Value: "update_fota_corpid"

public static final int WEARABLE_GEAR_DEVICE

Since: API level 19

Deprecated in API level 27

Gear Wearable device

Since

API level 19

MDM 5.6

Constant Value: 1 (0x00000001)

Public Methods

public boolean allowAirplaneMode (boolean allow)

Since: API level 11

Deprecated in API level 35

API to allow or disallow Airplane Mode.

Parameters

allow	`true` to allow, `false` to disallow

Returns

true if successful, else false

Throws

SecurityException	If caller does not have required permissions

Usage

Administrator can use this API to allow or disallow Airplane Mode. If administrator disallows Airplane Mode when it is already on, Airplane Mode will be turned off.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     if (restrictionPolicy.allowAirplaneMode(false)) {
         // Airplane Mode is disallowed.
     } else {
         // failure to disallow
     }
     // allow
     if (restrictionPolicy.allowAirplaneMode(true)) {
         // Airplane Mode is allowed.
     } else {
         // failure to allow
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to add the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 11

MDM 5.0

Multiuser Environment

Global Scope

public boolean allowAndroidBeam (boolean allow)

Since: API level 6

Deprecated in API level 35

API to allow or disallow Android Beam on device.

Parameters

allow	`true` to allow, `false` to disallow.

Returns

true in case of success, false otherwise.

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can set this policy to block the use of Android Beam on the device. When Android Beam is disabled, the user is not able to send information (contacts, e-mails, Web addresses, etc.) using Android Beam. S Beam is also disabled when Android Beam is disabled.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean enableAndroidBeam = false;
     if (restrictionPolicy.allowAndroidBeam(enableAndroidBeam)) {
         Log.d(TAG, "Android Beam blocked.");
     } else {
         Log.d(TAG, "Failed blocking Android Beam.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 6

MDM 4.0

Multiuser Environment

Global Scope

public boolean allowAudioRecord (boolean allow)

Since: API level 6

Deprecated in API level 35

API to allow or disallow audio recording.

Parameters

allow	`true` to allow, `false` to disallow.

Returns

true if successful, false otherwise.

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to disable audio recording. The device microphone is still available after disabling audio recording so that the user can make calls and use audio streaming. This API relies on declared use of the audio, allowing only calls, voice recognition, and voice over IP (VoIP). If the application declares a use type and does something else, then this API is not able to block it. When audio recording is disabled, any ongoing audio recording is interrupted. Video recording is still allowed if no audio recording is attempted.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean enableAudioRecording = false;
     if (restrictionPolicy.allowAudioRecord(enableAudioRecording)) {
         Log.w(TAG, "Audio record blocked.");
     } else {
         Log.w(TAG, "Failed to block audio record.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

For Container:

 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     boolean enableAudioRecording = false;
     if (restrictionPolicy.allowAudioRecord(enableAudioRecording)) {
         Log.w(TAG, "Audio record blocked.");
     } else {
         Log.w(TAG, "Failed to block audio record.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_HW_CONTROL" permission which has a protection level of signature.

Since

API level 6

MDM 4.0

Multiuser Environment

User Scope

public boolean allowBackgroundProcessLimit (boolean allow)

Since: API level 6

API to allow or disallow setting a background process limit.

Parameters

allow	`true` to allow, `false` to disallow.

Returns

true if successful, false otherwise.

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to allow or disallow setting a background process limit by the user. When disabled, the background process limit is set to the maximum.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean enableLimitBackgroundProcess = false;
     if (restrictionPolicy.allowBackgroundProcessLimit(enableLimitBackgroundProcess)) {
         Log.w(TAG, "Limit on background process blocked.");
     } else {
         Log.w(TAG, "Failed to block limit on background process.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 6

MDM 4.0

Multiuser Environment

Global Scope

public boolean allowBluetooth (boolean enable)

Since: API level 2

API to enable or disable Bluetooth access.

Parameters

enable	`true` to enable, `false` to disable

Returns

true if operation is successful, else false

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to disable Bluetooth access without user interaction. User or third-party applications cannot enable Bluetooth access once it is disabled. Bluetooth is turned off and disabled if it is turned on when this API is called. When set to true, Bluetooth UI access is enabled but not Bluetooth functionality. Even with disabled Bluetooth access, BLE scanning is still possible.

NOTE:

This api always returns false when isBLEAllowed() returns false

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     // disable Bluetooth
     boolean result = restrictionPolicy.allowBluetooth(false);

     if (true == result) {
         // Bluetooth is disabled and cannot be enabled by user.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 // enable Bluetooth UI control
 try {
     boolean result = restrictionPolicy.allowBluetooth(true);
     if (true == result) {
         // Bluetooth UI control is enabled and user can change it.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_BLUETOOTH" permission with a protection level of signature.

Since

API level 2

MDM 2.0

Multiuser Environment

Global Scope

public boolean allowClipboardShare (boolean allow)

Since: API level 6

API to allow or disallow sharing the clipboard between applications.

Parameters

allow	`true` to allow, `false` to disallow.

Returns

true if successful, else false.

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to allow or disallow sharing a global clipboard between applications. If the administrator disallows clipboard sharing, each application has an individual clipboard.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean allow = false;
     if (restrictionPolicy.allowClipboardShare(allow)) {
         Log.w(TAG, "allowClipboardShare() success");
     } else {
         Log.w(TAG, "allowClipboardShare() failed");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

For Container:

 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     boolean allow = false;
     if (restrictionPolicy.allowClipboardShare(allow)) {
         Log.w(TAG, "allowClipboardShare() success");
     } else {
         Log.w(TAG, "allowClipboardShare() failed");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 6

MDM 4.0

Multiuser Environment

User Scope

public boolean allowDataSaving (boolean allow)

Since: API level 21

API to allow or disallow Data Saving.

Parameters

allow	`true` to allow, `false` to disallow

Returns

true if operation was successful, else false

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to allow/disallow "Data Saver" feature in the device. When turned on, this feature restricts background data usage by applications, which may prevent them from working properly. When set to false, this API will turn "Data Saver" off and prevent user from turn it back on, also it will turn on background data usage for all applications.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     // disallow Data Saving
     boolean result = restrictionPolicy.allowDataSaving(false);

     if (true == result) {
         // Data Saving is disabled and cannot be enabled by user.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 // enable Data Saver UI control
 try {
     boolean result = restrictionPolicy.allowDataSaving(true);
     if (true == result) {
         // Data Saver UI control is enabled and user can change it.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 21

MDM 5.7.1

Multiuser Environment

Global Scope

Dependency

This API is more restrictive than setBackgroundData(boolean), so if set to false it will prevail over setBackgroundData(boolean).

public boolean allowDeveloperMode (boolean allow)

Since: API level 11

Deprecated in API level 35

API to allow or disallow Developer Mode options in the device Settings.

Parameters

allow	`true` to allow, `false` to disallow Developer Mode option in device Settings

Returns

true if Developer Mode option is successfully allowed or disallowed, false otherwise

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to allow or disallow the user of changing any Developer Mode option in Settings application. Once this policy is applied, every developer option is reset to its default state. Some specific developer options managed by policies such as setMockLocation(boolean), setUsbDebuggingEnabled(boolean), allowKillingActivitiesOnLeave(boolean), allowBackgroundProcessLimit(boolean) will have the same block behavior when Developer Mode policy is applied (set to false). Besides that, whenever the administrator try to allow one of these policies, the return state might be true, but the user will only be able to change a setting state if Developer Mode is also allowed.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 // disallow
 try {
  if (restrictionPolicy.allowDeveloperMode(false)) {
      // Developer Mode in Settings application is disallowed and cannot be
      // changed by user.
  } else {
      // failure to disallow
  }
  // allow
  if (restrictionPolicy.allowDeveloperMode(true)) {
      // user is allowed to set any Developer Mode option in Settings
      // application.
  } else {
      // failure to allow
  }
 } catch (SecurityException e) {
  Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to add the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 11

MDM 5.0

Multiuser Environment

Global Scope

public boolean allowFactoryReset (boolean allow)

Since: API level 2

Deprecated in API level 35

API to enable or disable the user from performing a factory reset.

Parameters

allow	`true` to allow user to perform factory reset, `false` to disallow user from performing factory reset

Returns

true if operation is successful, else false

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to enable or disable the user performing a factory reset. If set to false (disable), the user cannot change the option through the Settings application. This will also disable factory reset via recovery mode and adb command. In other case that involve the factory reset, it does not affect. For example, firmware upgrade or binary download and etc.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean result = restrictionPolicy.allowFactoryReset(false);
     if (true == result) {
         // factory reset is disabled and cannot be enabled by user.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 2

MDM 2.0

Multiuser Environment

Global Scope

public boolean allowFastEncryption (boolean enable)

Since: API level 11

Deprecated in API level 35

API to enforce Fast Encryption options in the device Settings.

Returns

true if operation is successful, else false.

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to enforce Fast Encryption mode only.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean allow = true; // enforce fast encryption mode only
     if (restrictionPolicy.allowFastEncryption(allow)) {
         Log.w(TAG, "Succeeded to set the policy");
     } else {
         Log.w(TAG, "Failed to set the policy.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

For Container:

 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     boolean allow = true; // enforce fast encryption mode only
     if (restrictionPolicy.allowFastEncryption(allow)) {
         Log.w(TAG, "Succeeded to set the policy");
     } else {
         Log.w(TAG, "Failed to set the policy.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 11

MDM 5.0

Multiuser Environment

Global Scope

public boolean allowFirmwareRecovery (boolean allow)

Since: API level 11

API to allow or disallow firmware update.

Parameters

allow	`true` to allow, `false` to disallow.

Returns

true if operation is successful, else false.

Throws

SecurityException	If caller does not have required permissions

Usage

Device administrator can use this API to block device firmware update from download mode.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean allow = false; // disallow firmware recovery
     if (restrictionPolicy.allowFirmwareRecovery(allow)) {
         Log.w(TAG, "firmware recovery is not allowed");
     } else {
         Log.w(TAG, "Failed to set the policy.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 11

MDM 5.0

Multiuser Environment

Global Scope

public boolean allowGoogleAccountsAutoSync (boolean allow)

Since: API level 11

API to allow or disallow auto sync for Google accounts.

Parameters

allow	`true` to allow, `false` to disallow.

Returns

true if operation is successful, else false.

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to allow or disallow google accounts to sync automatically. This policy will not block play store from update installed apps because it doesn't rely on google account auto sync for that. Also, user will still be able to perform manual sync from inside some applications like Gmail.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean allow = false; // disallow auto sync
     if (restrictionPolicy.allowGoogleAccountsAutoSync(allow)) {
         Log.w(TAG, "Auto sync for google accounts is not allowed");
     } else {
         Log.w(TAG, "Failed to set the policy.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

For Container:

 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     boolean allow = false; // disallow auto sync
     if (restrictionPolicy.allowGoogleAccountsAutoSync(allow)) {
         Log.w(TAG, "Auto sync for google accounts is not allowed");
     } else {
         Log.w(TAG, "Failed to set the policy.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 11

MDM 5.0

Multiuser Environment

User Scope

public boolean allowGoogleCrashReport (boolean allow)

Since: API level 5

Deprecated in API level 35

API to enable or disable sending a crash report to Google.

Parameters

allow	`true` to enable, `false` to disable

Returns

true if successful, else false

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to enable or disable sending a crash report to Google. If disabled, all possible Google crash reports are blocked.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean enableGoogleCrashReport = true;
     restrictionPolicy.allowGoogleCrashReport(enableGoogleCrashReport);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

For Container:

 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     boolean enableGoogleCrashReport = true;
     restrictionPolicy.allowGoogleCrashReport(enableGoogleCrashReport);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 5

MDM 3.0

Multiuser Environment

User Scope

public boolean allowKillingActivitiesOnLeave (boolean allow)

Since: API level 6

API to allow or disallow killing an activity when the user leaves it

Parameters

allow	`true` to allow, `false` to disallow.

Returns

true if successful, false otherwise.

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to allow or disallow killing an activity when the user leaves it without user interaction. When disabled, the preference "Do not keep activities" in Developer Options of Settings application is unchecked, and the user cannot edit it. When enabled, the user can edit the preference.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean enableKillActivitiesOnLeave = false;
     if (restrictionPolicy.allowKillingActivitiesOnLeave(enableKillActivitiesOnLeave)) {
         Log.w(TAG, "Kill activities on leave blocked.");
     } else {
         Log.w(TAG, "Failed blocking kill activities on leave.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 6

MDM 4.0

Multiuser Environment

Global Scope

public boolean allowLockScreenView (int view, boolean allow)

Since: API level 6

Deprecated in API level 37

API to allow or disallow lock screen views in device, like widgets and shortcuts.

Parameters

view	`LOCKSCREEN_MULTIPLE_WIDGET_VIEW` to manage lock screen widget or `LOCKSCREEN_SHORTCUTS_VIEW` to manage lock screen shortcuts.
allow	`true` to allow, `false` to disallow lock screen views.

Returns

true if operation is successful, else false.

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to allow or disallow the usage of widgets and shortcuts in device's lock screen.

NOTE:

Since Android 5.0, this functionality can't be verified from Settings application.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     // disallow multiple widgets on Lock screen.
     if (restrictionPolicy.allowLockScreenView(LOCKSCREEN_MULTIPLE_WIDGET_VIEW, false)) {
         Log.w(TAG, "Success.");
     } else {
         Log.w(TAG, "Failed.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 6

MDM 4.0

Multiuser Environment

Global Scope

public boolean allowOTAUpgrade (boolean allow)

Since: API level 5

API to allow or disallow upgrading the operating system (OS) over-the-air (OTA).

Parameters

allow	`true` to allow, `false` to disallow

Returns

true if successful, else false

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to allow or disallow upgrading the OS via a firmware-over-the-air (FOTA) client (for example, Samsung DM or WebSync DM). If disabled, all possible OTA upgrade requests (user initiated, server initiated, and system initiated) are blocked; the user may see server messages related to new firmware updates but any attempt to upgrade fails. Note : This API works independently regardless of allowFirmwareRecovery(boolean) API.

NOTE:

Since MDM 5.0, this API is supported on Verizon and Sprint North American devices too.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean blockOTAUpdate = true;
     // disable visible pattern
     restrictionPolicy.allowOTAUpgrade(blockOTAUpdate);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 5

MDM 3.0

Multiuser Environment

Global Scope

public boolean allowPowerOff (boolean allow)

Since: API level 5

API to allow or disallow the user to power off the device by pressing the power button. For a device managed by multiple administrators, each administrator can apply a different status. Powering off using the power button is disabled if at least one administrator disables it. Powering off is enabled only if all administrators enable it. If powering off is disabled, a toast with the message "Security policy prevents power off" appears when the user tries to power off the device.

Parameters

allow	`true` to allow, `false` to disallow

Returns

true if allowing or disallowing power off was successful, else false.

Throws

SecurityException	If caller does not have required permissions

NOTE: Since MDM 5.3, only owner (User 0) administrator can call this API. For guest users, API will return false.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean result = restrictionPolicy.allowPowerOff(false);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException");
 }

For Container:

NOTE: Since MDM 5.3, only COM (Kiosk) container administrator can call this API. For other container types, API will return false.

 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     boolean result = restrictionPolicy.allowPowerOff(false);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException");
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_HW_CONTROL" permission which has a protection level of signature.

Since

API level 5

MDM 3.0

Multiuser Environment

Global Scope

public boolean allowPowerSavingMode (boolean allow)

Since: API level 22

API to allow or disallow Power Saving Mode.

Parameters

allow	`true` to allow, `false` to disallow

Returns

true if operation was successful, else false.

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to allow or disallow "Power Saving Mode" feature in the device. When set to false, device can't enter the Power Saving Mode.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     // disallow Power Saving Mode
     boolean result = restrictionPolicy.allowPowerSavingMode(false);

     if (true == result) {
         // Power Saving Mode disallowed and cannot be enabled by user.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 22

MDM 5.8

Multiuser Environment

Global Scope

public boolean allowSBeam (boolean allow)

Since: API level 6

Deprecated in API level 35

API to allow or disallow S Beam on device.

Parameters

allow	`true` to allow, `false` to disallow.

Returns

true in case of success, false otherwise.

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can set this policy to block the use of S Beam on the device. S Beam allows users to share content using near field communication (NFC) or Wi-Fi Direct. When S Beam is disabled, the user cannot send or receive files using S Beam.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean enableSBeam = false;
     if (restrictionPolicy.allowSBeam(enableSBeam)) {
         Log.d(TAG, "S Beam blocked.");
     } else {
         Log.d(TAG, "Failed blocking S Beam.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 6

MDM 4.0

Multiuser Environment

Global Scope

public boolean allowSDCardMove (boolean enable)

Since: API level 11

API to allow or disallow SDCard Move options in the device Settings.

Returns

true if operation is successful, else false.

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to allow or disallow SDCard Move options.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
 	boolean allow = false; // disallow SDCardMove
 	if (restrictionPolicy.allowSDCardMove(allow)) {
 		Log.w(TAG, "SDCardMove is not allowed");
 	} else {
 		Log.w(TAG, "Failed to set the policy.");
 	}
 } catch (SecurityException e) {
 	Log.w(TAG, "SecurityException: " + e);
 }

For Container:

NOTE: Only Android users (Owner/Guest user) administrator can call this API. For container, API will return false.

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 11

MDM 5.0

Multiuser Environment

User Scope

public boolean allowSDCardWrite (boolean allow)

Since: API level 5

API to enable or disable writing to the Secure Digital (SD) card.

Parameters

allow	`true` to enable, `false` to disable

Returns

true if successful, else false

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to enable or disable writing to the SD card. If disabled, all possible writes to the SD card are blocked.

NOTE:

Until knox api level 20, This policy is not applicable when the SD card is encrypted.

If SD card is encrypted, the files in the SD card cannot be read by other devices or PCs except for the device that encrypted it. Hence SD card encryption takes priority over this policy.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean enableSDCardWrite = true;
     restrictionPolicy.allowSDCardWrite(enableSDCardWrite);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 5

MDM 3.0

Multiuser Environment

Global Scope

public boolean allowSVoice (boolean allow)

Since: API level 6

Deprecated in API level 33
NOTE: This API is not available since Android 12.

API to allow or disallow the S Voice application on the device.

Parameters

allow	`true` to allow, `false` to disallow S Voice

Returns

true if S Voice is successfully allowed or disallowed, false otherwise

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to allow or disallow launching the S Voice application (Samsung personal assistant). When S Voice is disabled, the user can neither set a new wake-up command nor unlock the device by using a wake-up command set prior to disallowing S Voice. In addition, once disallowed, the administrator can no longer set a new face and voice lock screen. However, the device can still be unlocked if the lock screen had already been set prior to disallowing S Voice.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 // disallow
 try {
     if (restrictionPolicy.allowSVoice(false)) {
         // S Voice application is disallowed and cannot be changed by user.
     } else {
         // failure to disallow
     }
     // allow
     if (restrictionPolicy.allowSVoice(true)) {
         // user is allowed to launch S Voice.
     } else {
         // failure to allow
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

For Container:

 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 // disallow
 try {
     if (restrictionPolicy.allowSVoice(false)) {
         // S Voice application is disallowed and cannot be changed by user.
     } else {
         // failure to disallow
     }
     // allow
     if (restrictionPolicy.allowSVoice(true)) {
         // user is allowed to launch S Voice.
     } else {
         // failure to allow
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to add the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 6

MDM 4.0

Multiuser Environment

User Scope

public boolean allowSafeMode (boolean allow)

Since: API level 6

Deprecated in API level 35

API to allow or disallow Safe Mode boot.

Parameters

allow	`true` to allow, `false` to disallow

Returns

true if successful, else false

Throws

SecurityException	If caller does not have required permissions

Usage

Administrator can use this API to allow or disallow Safe Mode boot.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     // Disallow Safe Mode boot
     restrictionPolicy.allowSafeMode(false);
 } catch (SecurityException e) {
     Log.e(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to add the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 6

MDM 4.0

Multiuser Environment

Global Scope

public boolean allowScreenPinning (boolean allow)

Since: API level 17

Deprecated in API level 35

API to allow or deny Screen Pinning on device.

Parameters

allow	`true` to allow Screen Pinning on user space, `false` to block

Returns

true if successful, false if failed

Throws

SecurityException	If caller does not have required permissions

Usage

Screen Pinning is an Android feature that allows the user to screen pin any application. A pinned application will never lose focus to any other activity, until it is cancelled by the user. Administrator could use this policy to block Screen Pinning feature on device. If it is set to false, user will not be able to pin any application and any current pinning will be cancelled. Otherwise, if it is set to true, this feature will be allowed again.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     // Administrator wishes to block Screen Pinning functionality
     restrictionPolicy.allowScreenPinning(false);
 } catch (RemoteException e) {
     Log.e(TAG, "Remote exception : " + e);
 }

For Container:

NOTE: Only Android users (Owner/Guest user) administrator can call this API. For container, API will return false.

Permission

The API usage requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 17

MDM 5.5

Multiuser Environment

User Scope

public boolean allowSettingsChanges (boolean allow)

Since: API level 2

API to allow or deny access to Settings application.

Parameters

allow	`true` to allow settings access, `false` to deny settings access.

Returns

true if allow setting access is successful, else false

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to allow or prevent access to Settings application. After disabling Settings, several changes to system preferences cannot be made.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     if (restrictionPolicy.allowSettingsChanges(false)) {
         // Settings application is disabled.
     } else {
         // Failure to restrict Settings app.
     }
     if (restrictionPolicy.allowSettingsChanges(true)) {
         // Settings application is enabled.
     } else {
         // Failure to remove restriction on Settings app.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

For Container:

NOTE: Since MDM 5.3, only Android users (Owner/Guest user) administrator can call this API. For container, API will return false.

 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     if (restrictionPolicy.allowSettingsChanges(false)) {
         // Settings application is disabled.
     } else {
         // Failure to restrict Settings app.
     }
     if (restrictionPolicy.allowSettingsChanges(true)) {
         // Settings application is enabled.
     } else {
         // Failure to remove restriction on Settings app.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 2

MDM 2.0

Multiuser Environment

User Scope

public boolean allowShareList (boolean allow)

Since: API level 6

API to allow or disallow display of Share Via List.

Parameters

allow	`true` to allow, `false` to disallow.

Returns

true if success, false otherwise.

Usage

Administrator can disable the display of the Share Via List, the Share Via List is displayed in certain applications that share data with other applications.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     if(restrictionPolicy.allowShareList(allowShareList)) {
        Log.w(TAG, "Share List display is disabled.");
     } else {
        Log.w(TAG, "Failed to disable Share List display.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

For Container:

 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     if(restrictionPolicy.allowShareList(allowShareList)) {
        Log.w(TAG, "Share List display is disabled.");
     } else {
        Log.w(TAG, "Failed to disable Share List display.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 6

MDM 4.0

Multiuser Environment

User Scope

public boolean allowSmartClipMode (boolean allow)

Since: API level 13

API to allow or deny Smart Clip on device.

Parameters

allow	`true` to allow smart clip on user space, `false` to block

Returns

true if successful, false if failed

Throws

SecurityException	If caller does not have required permissions

Usage

Administrator could use this policy to block Smart Clip feature on device. If it is set to false, user will not be able use the stylus pen smart clip copy/paste. Otherwise, if it is set to true, this mode will be allowed again.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     // Administrator wishes to block smart clip functionality
     restrictionPolicy.allowSmartClipMode(false);
 } catch (RemoteException e) {
     Log.e(TAG, "Remote exception : " + e);
 }

For Container:

 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     // Administrator wishes to block smart clip functionality.
     restrictionPolicy.allowSmartClipMode(false);
 } catch (RemoteException e) {
     Log.e(TAG, "Remote exception : " + e);
 }

Permission

The API usage requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 13

MDM 5.2

Multiuser Environment

User Scope

public boolean allowStatusBarExpansion (boolean allow)

Since: API level 5

Deprecated in API level 35

API to allow or disallow status bar expansion.

Parameters

allow	`true` to enable status bar expansion, `false` to disallow status bar expansion.

Returns

true if allowing/disallowing status bar expansion was successful, else false.

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to allow or disallow expansion of the status bar. If set to false (disallow), status bar expansion is disabled, and the user cannot access controls on the status bar until the administrator enables expansion again. If set to true (allow), status bar expansion is enabled. All notifications are still visible on the status bar even when expansion is disabled. This API also disables expansion of the recent applications panel on tablets.

NOTE: Since MDM 5.3, only owner (User 0) administrator can call this API. For guest users, API will return false.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     if (restrictionPolicy.allowStatusBarExpansion(false)) {
         // status bar expansion is disabled and cannot be accessed by user.
     } else {
         // failure to enable
     }
     // enable
     if (restrictionPolicy.allowStatusBarExpansion(true)) {
         // status bar expansion is enabled.
     } else {
         // failure to disable
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

For Container:

NOTE: Since MDM 5.3, only COM (Kiosk) container administrator can call this API. For other container types, API will return false.

 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     if (restrictionPolicy.allowStatusBarExpansion(false)) {
         // status bar expansion is disabled and cannot be accessed by user.
     } else {
         // failure to enable
     }
     // enable
     if (restrictionPolicy.allowStatusBarExpansion(true)) {
         // status bar expansion is enabled.
     } else {
         // failure to disable
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 5

MDM 3.0

Multiuser Environment

User Scope

public boolean allowStopSystemApp (boolean allow)

Since: API level 6

Deprecated in API level 35

API to allow or disallow user to stop system-signed applications.

Parameters

allow	`true` to allow, `false` to disallow.

Returns

true if successful, false otherwise.

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to disable a force stop button for system-signed applications on the application Info UI in Settings and the stop button for the system application process on the Running application UI in Settings.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean enableSystemAppButtons = true;
     if (restrictionPolicy.allowStopSystemApp(enableSystemAppButtons)) {
         Log.w(TAG, "System application buttons are enabled for user.");
     } else {
         Log.w(TAG, "Failed to enable system application button.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

For Container:

 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     boolean enableSystemAppButtons = true;
     if (restrictionPolicy.allowStopSystemApp(enableSystemAppButtons)) {
         Log.w(TAG, "System application buttons are enabled for user.");
     } else {
         Log.w(TAG, "Failed to enable system application button.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission which has a protection level of signature.

Since

API level 6

MDM 4.0

Multiuser Environment

User Scope

public boolean allowUWB (boolean allow)

Since: API level 33

Deprecated in API level 37
NOTE: This API is not available since Android 14.

API to allow or disallow UWB.

Parameters

allow	`true` to allow, `false` to disallow

Returns

true if operation was successful, else false.

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to allow or disallow UWB. If set to false (disallow), the UWB will be turned off and disallowed.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     // disallow UWB
     boolean result = restrictionPolicy.allowUWB(false);

     if (true == result) {
         // UWB disallowed
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 33

Multiuser Environment

Global Scope

public boolean allowUsbHostStorage (boolean allow)

Since: API level 6

Deprecated in API level 35

API to enable or disable usage of USB host storage.

NOTE:

setUsbExceptionList(int) is not affected by the deprecation of this API. This API has the default value of true, and setUsbExceptionList(int) works with that set to true.

Returns

true if allowing or disallowing USB host storage was successful, else false.

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to enable or disable the usage of USB host storage via USB OTG. If enabled, a user can connect any pen drive (portable USB storage), external HD, or Secure Digital (SD) card reader, and it is mounted as a storage drive on the device. If disabled, external storage devices are disallowed from being mounted.

NOTE:

Since MDM 5.7, This API will block All USB Host functionality.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();

 try {
     if (restrictionPolicy.allowUsbHostStorage(false)) {
         Log.d(TAG, "Usb host storage is now blocked.");
     } else {
         Log.d(TAG, "Failed to block USB host storage");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission which has a protection level of signature.

Since

API level 6

MDM 4.0

Multiuser Environment

Global Scope

public boolean allowUserMobileDataLimit (boolean allow)

Since: API level 6

API to allow or disallow the user to set the mobile data limit.

Parameters

allow	`true` to allow, `false` to disallow.

Returns

true if successful, false otherwise.

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to allow or disallow the user to set the mobile data limit. Even when disallowed user still be able to manipulate android "Warning" message.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean enableMobileDataLimit = false;
     if (restrictionPolicy.allowUserMobileDataLimit(enableMobileDataLimit)) {
         Log.d(TAG, "Successfully blocked user from setting mobile data limit.");
     } else {
         Log.d(TAG, "Failed to block user from setting mobile data limit.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 6

MDM 4.0

Multiuser Environment

Global Scope

public boolean allowVideoRecord (boolean allow)

Since: API level 6

Deprecated in API level 35

API to allow or disallow video recording.

Parameters

allow	`true` to allow, `false` to disallow.

Returns

true if successful, false otherwise.

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to enable or disable video recording without user interaction. Tne device camera is still available after disabling video recording so that user can take pictures and use video streaming. When video recording is disabled, any ongoing video recording is interrupted.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean enableVideoRecording = false;
     if (restrictionPolicy.allowVideoRecord(enableVideoRecording)) {
         Log.w(TAG, "Video recording blocked.");
     } else {
         Log.w(TAG, "Failed to block video recording.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

For Container:

 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     boolean enableVideoRecording = false;
     if (restrictionPolicy.allowVideoRecord(enableVideoRecording)) {
         Log.w(TAG, "Video recording blocked.");
     } else {
         Log.w(TAG, "Failed to block video recording.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_HW_CONTROL" permission which has a protection level of signature.

Since

API level 6

MDM 4.0

Multiuser Environment

User Scope

public boolean allowVpn (boolean allow)

Since: API level 4

API to allow or disallow the user to use the native virtual private network (VPN) functionality.

Parameters

allow	`true` to allow user to use native VPN, `false` to disallow user from using native VPN

Returns

true if operation is successful, false for failure

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to allow or disallow use of the native VPN functionality. If set to false, the user cannot establish a VPN session, and the UI for using VPN through the Settings application is inaccessible.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean result = restrictionPolicy.allowVpn(false);
     if (true == result) {
         // Native VPN functionality is disabled and cannot be enabled by user.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 4

MDM 2.2

Multiuser Environment

Global Scope

public boolean allowWallpaperChange (boolean allow)

Since: API level 5

Deprecated in API level 35

API to allow or deny changing the device wallpaper.

Parameters

allow	`true` to allow user to change wallpaper, `false` to disallow user to change wallpaper.

Returns

true if allowing or disallowing wallpaper change was successful, else false.

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to allow or deny the user to change the device wallpaper. If set to false, changing wallpaper is disabled, and the user cannot change it until the administrator enables the change again; A toast with the message "Security policy restricts changing wallpaper" is shown when the user tries to change the wallpaper. If set to true, the wallpaper change UI control is enabled. Enabling wallpaper change has no effect until the user attempts again to change the wallpaper.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     if (restrictionPolicy.allowWallpaperChange(false)) {
         // Wallpaper change is disabled and cannot be changed by user.
     } else {
         // failure to enable
     }
     // enable
     if (restrictionPolicy.allowWallpaperChange(true)) {
         // user allowed to change wallpaper.
     } else {
         // failure to disable
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

For Container:

NOTE: Since MDM 5.3, only Android users (Owner/Guest user) administrator can call this API. For container, API will return false.

 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     if (restrictionPolicy.allowWallpaperChange(false)) {
         // Wallpaper change is disabled and cannot be changed by user.
     } else {
         // failure to enable
     }
     // enable
     if (restrictionPolicy.allowWallpaperChange(true)) {
         // user allowed to change wallpaper.
     } else {
         // failure to disable
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 5

MDM 3.0

Multiuser Environment

User Scope

public boolean allowWiFi (boolean enable)

Since: API level 2

Deprecated in API level 35

API to enable or disable Wi-Fi access.

Parameters

enable	`true` to enable, `false` to disable

Returns

true if operation is successful, else false

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can disable or enabled Wi-Fi access without user interaction. User or third-party applications cannot enable Wi-Fi access once it is disabled. Wi-Fi is turned off and disabled if it is turned on when this API is called. If set to true, the Wi-Fi UI setting is enabled for user access but Wi-Fi functionality is not enabled. Wi-Fi Direct and S-Beam features which depend on this policy will also be affected by this setting. Even with disabled Wifi access, Wifi scanning is still possible.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 // disable wi-fi UI control
 try {

     boolean result = restrictionPolicy.allowWiFi(false);
     if (true == result) {
         // Wi-Fi is disabled and cannot be enabled by user.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 // enable Wi-Fi UI control
 try {

     boolean result = restrictionPolicy.allowWiFi(true);
     if (true == result) {
         // Wi-Fi UI control is enabled and user can change settings.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_WIFI" permission with a protection level of signature.

Since

API level 2

MDM 2.0

Multiuser Environment

Global Scope

public boolean allowWifiDirect (boolean allow)

Since: API level 6

Deprecated in API level 35

API to allow or disallow Wi-Fi Direct.

Parameters

allow	`true` to allow, `false` to disallow.

Returns

true if successful, false otherwise.

Throws

	SecurityException
SecurityException	If caller does not have required permissions

Usage

An administrator can enable or disable Wi-Fi Direct without user interaction. When Wi-Fi Direct is disabled, any ongoing Wi-Fi Direct connection is interrupted, and the user cannot turn on Wi-Fi Direct. S-Beam feature which depend on this policy will also be affected by this setting.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean enableWifiDirect = false;
     if (restrictionPolicy.allowWifiDirect(enableWifiDirect)) {
         Log.w(TAG, "Wi-Fi Direct blocked.");
     } else {
         Log.w(TAG, "Failed to block Wi-Fi Direct.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 6

MDM 4.0

Multiuser Environment

Global Scope

public boolean enableWearablePolicy (int device, boolean enable)

Since: API level 19

Deprecated in API level 27

API to enable or disable wearable policy for given wearable device type.

Parameters

device	wearable device type. `WEARABLE_GEAR_DEVICE`
enable	`true` to enable, `false` to disable

Returns

true if successful, else false

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to enable or disable wearable policy for given wearable device type. Once enabled, enforced Application and Restriction policies on phone will be enforced to wearable device.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 // enable wearable policy for Gear device.
 try {
     boolean result = restrictionPolicy.enableWearablePolicy(RestrictionPolicy.WEARABLE_GEAR_DEVICE, true);
     if (true == result) {
         // wearable policy is enabled and Gear device will be managed by IT Policy.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission which has a protection level of signature.

Since

API level 19

MDM 5.6

Multiuser Environment

Global Scope

public String getAllowedFOTAVersion ()

Since: API level 20

API to get allowed FOTA version on device.

Returns

String Allowed FOTA version

Usage

An administrator can use this API to get allowed FOTA version that allows for updating.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 // set final version that allows for updating
 try {
     String result = restrictionPolicy.getAllowedFOTAVersion();
     if (result == null) {
         // this policy not set by any admin
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Since

API level 20

MDM 5.7

Multiuser Environment

Global Scope

public int getUsbExceptionList ()

Since: API level 29

API to get USB class exception list.

Returns

an integer ranging from -1 to 131071 if success, else -1000.
-1 for defualt case
0 for USBInterface#ABL case
1 to 131071 for exception masks (Check binary value. 1 for USB exception, 0 for block)

Usage

An administrator can use this API to get USB class exception list (Device wide).

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 int usbExceptionMask = restrictionPolicy.getUsbExceptionList();

Since

API level 23

MDM 5.9

Multiuser Environment

Global Scope

public boolean isAirplaneModeAllowed ()

Since: API level 11

Deprecated in API level 35

API to check whether the Airplane Mode is allowed or not.

Returns

true if Airplane Mode is allowed, else false

Usage

Administrator can check whether the Airplane Mode is allowed or not. The default value will be true.

Since

API level 11

MDM 5.0

Multiuser Environment

Global Scope

public boolean isAndroidBeamAllowed ()

Since: API level 6

Deprecated in API level 35

API to check whether Android Beam is allowed on the device.

Returns

true if Android Beam is allowed, false otherwise

Usage

An administrator can check whether Android Beam is allowed on device. The default value is true.

Since

API level 6

MDM 4.0

Multiuser Environment

Global Scope

public boolean isAudioRecordAllowed ()

Since: API level 6

Deprecated in API level 35

API to check whether audio recording is allowed.

Returns

true if audio recording is allowed, false if audio recording is disallowed

Usage

An administrator can use this API to check whether audio recording is allowed and take appropriate action based on enterprise policy.

Since

API level 6

MDM 4.0

Multiuser Environment

User Scope

public boolean isBackgroundDataEnabled ()

Since: API level 2

API to check whether background data usage is enabled.

Returns

true if background data is enabled, false if background data is disabled

Usage

An administrator can use this API to check whether background data usage is allowed. The default value is true (enabled).

Since

API level 2

MDM 2.0

Multiuser Environment

Global Scope

public boolean isBackgroundProcessLimitAllowed ()

Since: API level 6

API to check whether a limit on background processes is allowed.

Returns

true if limit on background processes is allowed, false otherwise

Usage

An administrator can use this API to check whether a limit on background processes is allowed and take appropriate action based on enterprise policy.

Since

API level 6

MDM 4.0

Multiuser Environment

Global Scope

public boolean isBackupAllowed (boolean showMsg)

Since: API level 2

Deprecated in API level 35

API to check whether Google backup is enabled.

For a device managed by multiple administrators, Google backup is disabled if at least one administrator has disabled it.

Parameters

showMsg	Flag to show a warning toast when Google backup is disabled

Returns

true if Google backup is enabled, false if Google backup is disabled

Usage

An administrator can use this API to check whether Google backup is enabled. The default value is true (enabled).

Since

API level 2

MDM 2.0

Multiuser Environment

Global Scope

public boolean isBluetoothEnabled (boolean showMsg)

Since: API level 2

API to check whether Bluetooth is enabled.

Parameters

showMsg	Flag to show a warning toast when Bluetooth is disabled

Returns

true if Bluetooth is enabled, false if Bluetooth is disabled

Usage

An administrator can use this API to check whether Bluetooth is enabled and take appropriate action based on enterprise policy. The default value is true (enabled).

Since

API level 2

MDM 2.0

Multiuser Environment

Global Scope

public boolean isBluetoothTetheringEnabled ()

Since: API level 2

Deprecated in API level 35

API to check whether Bluetooth tethering is enabled.

Returns

true if enabled, false if not enabled or fail.

Usage

An administrator can use this API to check whether the device can share its network data through Bluetooth. The default value is true (enabled).

For a device managed by multiple administrators, Bluetooth tethering is disabled if at least one administrator has disabled it.

Since

API level 2

MDM 2.0

Multiuser Environment

Global Scope

public boolean isCameraEnabled (boolean showMsg)

Since: API level 2

Deprecated in API level 35

API to check whether the camera is enabled.

Parameters

showMsg	Flag to show a warning toast when camera is disabled

Returns

true if camera is enabled, false if camera is disabled

Usage

An administrator can check whether the camera is enabled and take appropriate action based on enterprise policy. The default value is true (enabled).

Since

API level 2

MDM 2.0

Multiuser Environment

User Scope

public boolean isCellularDataAllowed ()

Since: API level 2

API to check whether cellular data connection is enabled.

Returns

true if cellular data is enabled, false if cellular data is disabled.

Usage

An administrator can use this API to check whether a data connection through the SIM is allowed.

For a device managed by multiple administrators, cellular data is disabled if at least one administrator has disabled it.

Since

API level 2

MDM 2.0

Multiuser Environment

Global Scope

public boolean isClipboardAllowed (boolean showMsg)

Since: API level 2

API to check whether access to clipboard is enabled.

Parameters

showMsg	Flag to show a warning toast when clipboard operation is disabled.

Returns

true if access to clipboard is enabled, false if access to clipboard is disabled.

Usage

An administrator can use this API to check whether cut, copy, and paste operations that access the clipboard are allowed. The default value is true (enabled).

For a device managed by multiple administrators, access to the clipboard is disabled if at least one administrator has disabled it.

Since

API level 2

MDM 2.0

Multiuser Environment

User Scope

public boolean isClipboardShareAllowed ()

Since: API level 6

API to check whether sharing the clipboard between applications is allowed

Returns

true if successful, else false

Usage

An administrator can use this API to check whether a global clipboard is shared between applications.

Since

API level 6

MDM 4.0

Multiuser Environment

User Scope

public boolean isDataSavingAllowed ()

Since: API level 21

API to check whether Data Saving is allowed or not.

Returns

true if allowed, false if disallowed

Usage

An administrator can use this API to check whether "Data Saver" feature is allowed or not in the device.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 boolean result = false;
 try {
     // Check Data Saver is allowed
     result = restrictionPolicy.isDataSavingAllowed();
 } catch (RemoteException e) {
     Log.e(TAG, "Remote exception : " + e);
 }

Since

API level 21

MDM 5.7.1

Multiuser Environment

Global Scope

public boolean isDeveloperModeAllowed ()

Since: API level 11

Deprecated in API level 35

API to check whether Developer Mode option in Settings application is allowed to be turned on along with the inner settings.

Returns

true if Developer Mode option is allowed, false otherwise

Usage

An administrator can use this API to check whether the Developer Mode option in Settings application is allowed to be set. The default value is false (disallowed).

Since

API level 11

MDM 5.0

Multiuser Environment

Global Scope

public boolean isFactoryResetAllowed ()

Since: API level 2

Deprecated in API level 35

API to check whether the user is allowed to perform a factory reset.

Returns

true if allowed, false if not allowed

Usage

An administrator can use this API to check whether a user is allowed to perform a factory reset. The default value is true (allowed).

Since

API level 2

MDM 2.0

Multiuser Environment

Global Scope

public boolean isFastEncryptionAllowed (boolean showMsg)

Since: API level 11

Deprecated in API level 35

API to check whether or not Fast Encryption is enforced.

Returns

true if Fast Encryption is enforced, false if Fast Encryption is not enforced.

Usage

An administrator can use this API to check whether Fast Encryption is enforced.

Since

API level 11

MDM 5.0

Multiuser Environment

Global Scope

public boolean isFirmwareRecoveryAllowed (boolean showMsg)

Since: API level 11

API to check whether or not firmware recovery are allowed.

Returns

true if firmware recovery is allowed , false if disallowed.

Usage

An administrator can use this API to check whether firmware update is allowed or not.

Since

API level 11

MDM 5.0

Multiuser Environment

Global Scope

public boolean isGoogleAccountsAutoSyncAllowed ()

Since: API level 11

API to check whether or not Google accounts are allowed to sync automatically.

Returns

true if auto sync is allowed for google accounts, false if disallowed.

Usage

An administrator can use this API to check whether google accounts are allowed to automatically sync.

Since

API level 11

MDM 5.0

Multiuser Environment

User Scope

public boolean isGoogleCrashReportAllowed ()

Since: API level 5

Deprecated in API level 35

API to check whether sending a crash report to Google is enabled.

Returns

true if Google crash report is enabled, else false

Usage

An administrator can use this API to check whether sending a crash report to Google is enabled. The default value is true (enabled).

Since

API level 5

MDM 3.0

Multiuser Environment

User Scope

public boolean isHeadphoneEnabled (boolean showMsg)

Since: API level 11

API to check whether or not Headphone is enabled.

Returns

true Headphone is enabled, false if disabled.

Usage

An administrator can use this API to check whether Headphone is enabled.

Since

API level 11

MDM 5.0

Multiuser Environment

Global Scope

public boolean isHomeKeyEnabled ()

Since: API level 2

API to check whether home key functionality is enabled.

For a device managed by multiple administrators, the home key is non-functional if at least one administrator has disabled it.

Returns

true if home key is enabled, false if home key is disabled

Usage

An administrator can use this API to check whether home key functionality is enabled. The default value is true (enabled).

Since

API level 2

MDM 2.0

Multiuser Environment

User Scope

public boolean isKillingActivitiesOnLeaveAllowed ()

Since: API level 6

API to check whether killing an activity when the user leaves it is allowed.

Returns

true if killing activities on leave is allowed, false otherwise

Usage

An administrator can use this API to check whether killing an activity when the user leaves it is allowed and take appropriate action based on enterprise policy.

Since

API level 6

MDM 4.0

Multiuser Environment

Global Scope

public boolean isLockScreenEnabled (boolean showMsg)

Since: API level 11

API to check whether or not lockscreen is enabled.

Returns

true if lockscreen is enabled, false if disabled.

Usage

An administrator can use this API to check whether lockscreen is enabled.

Since

API level 11

MDM 5.0

Multiuser Environment

User Scope

public boolean isLockScreenViewAllowed (int view)

Since: API level 6

Deprecated in API level 37

API to check whether the usage of lock screen views is allowed or not.

Returns

true if allowed, else false.

Since

API level 6

MDM 4.0

Multiuser Environment

Global Scope

public boolean isMicrophoneEnabled (boolean showMsg)

Since: API level 2

Deprecated in API level 35

API to check whether the microphone is enabled.

Parameters

showMsg	Flag to show a warning toast when microphone is disabled

Returns

true if microphone is enabled, false if microphone is disabled

Usage

An administrator can use this API to check whether the microphone is enabled and take appropriate action based on enterprise policy. The default value is true (enabled).

Since

API level 2

MDM 2.0

Multiuser Environment

User Scope

public boolean isMockLocationEnabled ()

Since: API level 2

Deprecated in API level 35

API to check whether mock GPS location is enabled.

Returns

true if mock location is enabled, false if mock location is disabled

Usage

An administrator can use this API to check whether the function to show a fake GPS location is enabled. The default value is true (enabled).

Since

API level 2

MDM 2.0

Multiuser Environment

Global Scope

public boolean isNonMarketAppAllowed ()

Since: API level 2

Deprecated in API level 35

API to check whether non-Google-Play application installation is allowed.

Returns

true if non-Google-Play application installation is allowed, false if non-Google-Play application installation is disallowed.

Usage

An administrator can use this API to check whether non-Google-Play application installation is allowed. The default value is true (enabled).

For a device managed by multiple administrators, enabling access for application installation is disabled if at least one administrator has disabled it.

Since

API level 2

MDM 2.0

Multiuser Environment

Global Scope

public boolean isOTAUpgradeAllowed ()

Since: API level 5

API to check whether upgrading the operating system (OS) over-the-air (OTA) is enabled.

Returns

true if OTA upgrade is enabled, else false

Usage

An administrator can use this API to check whether upgrading the OS OTA is enabled. The default value is true (enabled).

Since

API level 5

MDM 3.0

Multiuser Environment

Global Scope

public boolean isPowerOffAllowed ()

Since: API level 5

API to check whether the user is allowed to power off the device by pressing the power button. For a device managed by multiple administrators, each administrator can apply a different status. Powering off using the power button is disabled if at least one administrator disables it. Powering off is enabled only if all administrators enable it.

Returns

true if power off is allowed, else false.

Since

API level 5

MDM 3.0

Multiuser Environment

Global Scope

public boolean isPowerSavingModeAllowed ()

Since: API level 22

API to check whether Power Saving Mode is allowed or not.

Returns

true if allowed, false if disallowed.

Usage

An administrator can use this API to check whether "Power Saving Mode" feature is allowed or not in the device.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 boolean result = false;
 try {
     // Check Power Saving Mode is allowed
     result = restrictionPolicy.isPowerSavingModeAllowed();
 } catch (RemoteException e) {
     Log.e(TAG, "Remote exception : " + e);
 }

Since

API level 22

MDM 5.8

Multiuser Environment

Global Scope

public boolean isSBeamAllowed ()

Since: API level 6

Deprecated in API level 35

API to check whether S Beam is allowed on the device.

Returns

true if S Beam is allowed, false otherwise

Usage

An administrator can check whether S Beam is allowed on the device. The default value is true.

Since

API level 6

MDM 4.0

Multiuser Environment

Global Scope

public boolean isSDCardMoveAllowed (boolean showMsg)

Since: API level 11

API to check whether or not SDCard Move is allowed.

Returns

true if SDCard Move is allowed, false if disallowed.

Usage

An administrator can use this API to check whether SDCard Move is allowed.

Since

API level 11

MDM 5.0

Multiuser Environment

User Scope

public boolean isSDCardWriteAllowed ()

Since: API level 5

API to check whether writing to the Secure Digital (SD) card is enabled.

Returns

true if writing to SD card is enabled, else false

Usage

An administrator can use this API to check whether writing to the SD card is enabled. The default value is true (enabled).

Since

API level 5

MDM 3.0

Multiuser Environment

Global Scope

public boolean isSVoiceAllowed ()

Since: API level 6

Deprecated in API level 33

API to check whether S Voice application is allowed to be launched.

Returns

true if S Voice is allowed, false otherwise

Usage

An administrator can use this API to check whether the S Voice application is allowed to be launched. The default value is true (allowed).

Since

API level 6

MDM 4.0

Multiuser Environment

User Scope

public boolean isSafeModeAllowed ()

Since: API level 6

Deprecated in API level 35

API to check whether the Safe Mode boot is allowed or not.

Returns

true if Safe Mode boot is allowed, else false

Usage

Administrator can check whether the Safe Mode boot is allowed or not to user. The default value will be true.

Since

API level 6

MDM 4.0

Multiuser Environment

Global Scope

public boolean isScreenCaptureEnabled (boolean showMsg)

Since: API level 2

Deprecated in API level 35

API to check whether screen capture setting is enabled.

Parameters

showMsg	Flag to show a warning toast when screen capture is disabled

Returns

true if enabled, false if disabled or fail

Usage

An administrator can use this API to check whether the user can take a screenshot of the device screen. The default value is true (enabled).

Since

API level 2

MDM 2.0

Multiuser Environment

User Scope

public boolean isScreenPinningAllowed ()

Since: API level 17

Deprecated in API level 35

API to check whether Screen Pinning is allowed.

Returns

true if Screen Pinning is allowed, false otherwise.

Usage

An administrator can use this API to check whether Screen Pinning is allowed. The default value is true (allowed).

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 boolean result = true;
 try {
     // Administrator wants to check if Screen Pinning functionality
     // is allowed or not at user space
     result = restrictionPolicy.isScreenPinningAllowed();
 } catch (RemoteException e) {
     Log.e(TAG, "Remote exception : " + e);
 }

For Container:

NOTE: Only Android users (Owner/Guest user) administrator can call this API. For container, API will return false.

Since

API level 17

MDM 5.5

Multiuser Environment

User Scope

public boolean isSdCardEnabled ()

Since: API level 2

Deprecated in API level 35

API to check whether Secure Digital (SD) card access is enabled.

Returns

true if access to SD card is enabled, false if access to SD card is disabled.

Usage

An administrator can use this API to check whether data transfer to the SD card is allowed. The default value is true (enabled).

For a device managed by multiple administrators, access to the SD card is disabled if at least one administrator has disabled it.

Since

API level 2

MDM 2.0

Multiuser Environment

Global Scope

public boolean isSettingsChangesAllowed (boolean showMsg)

Since: API level 2

API to check whether the user is allowed to access device settings through Settings application.

Parameters

showMsg	`true` to show a message to the user, `false` to not show

Returns

true if access to settings are allowed, false if access to settings are disallowed.

Usage

An administrator can use this API to check whether a user can access device settings through the Setting application. The default value is true (enabled).

For a device managed by multiple administrators, a user cannot access settings if at least one administrator has disallowed it.

Since

API level 2

MDM 2.0

Multiuser Environment

User Scope

public boolean isShareListAllowed ()

Since: API level 6

API to check whether display of Share Via List is allowed or not.

Administrator can check whether display of Share Via List is allowed or not, and take appropriate action based on enterprise policy.

Returns

true - display of Share Via List is allowed, false - display is disallowed

Since

API level 6

MDM 4.0

Multiuser Environment

User Scope

public boolean isSmartClipModeAllowed ()

Since: API level 13

API to check whether Smart Clip is allowed.

Returns

true if smart clip is allowed, false otherwise.

Usage

An administrator can use this API to check whether Smart Clip is allowed. The default value is true (allowed).

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 boolean result = true;
 try {
     // Administrator wants to check if Smart Clip functionality
     // is allowed or not at user space
     result = restrictionPolicy.isSmartClipModeAllowed();
 } catch (RemoteException e) {
     Log.e(TAG, "Remote exception : " + e);
 }

For Container:

 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 boolean result = true;
 try {
     // Administrator wants to check if Smart Clip functionality
     // is allowed or not at user space
     result = restrictionPolicy.isSmartClipModeAllowed();
 } catch (RemoteException e) {
     Log.e(TAG, "Remote exception : " + e);
 }

Since

API level 13

MDM 5.2

Multiuser Environment

User Scope

public boolean isStatusBarExpansionAllowed ()

Since: API level 5

Deprecated in API level 35

API to check whether status bar expansion is allowed.

Returns

true if status bar expansion is allowed, else false.

Usage

An administrator can use this API to check whether status bar expansion is allowed. The default value is true (allowed).

Since

API level 5

MDM 3.0

Multiuser Environment

User Scope

public boolean isStopSystemAppAllowed ()

Since: API level 6

Deprecated in API level 35

API to check whether the user is allowed to stop system-signed applications.

Returns

true if stopping system sign application is allowed, false if disallowed

Usage

An administrator can use this API to check whether a user is allowed to stop system-signed applications and take appropriate action based on enterprise policy.

Since

API level 6

MDM 4.0

Multiuser Environment

User Scope

public boolean isTetheringEnabled ()

Since: API level 2

Deprecated in API level 35

API to check whether tethering is enabled for all interfaces.

Returns

true if enabled, false if disabled

Usage

An administrator can use this API to check whether the device can share its internet connection with other devices over all interfaces (USB, WiFi, bluetooth). The default value is true (enabled).

For a device managed by multiple administrators, all interfaces are disabled if at least one administrator has disabled each one.

Since

API level 2

MDM 2.0

Multiuser Environment

Global Scope

public boolean isUWBAllowed ()

Since: API level 33

Deprecated in API level 37
NOTE: This API is not available since Android 14.

API to check whether UWB is allowed.

Returns

true if UWB is allowed, false if UWB is disallowed.

Usage

An administrator can use this API to check if the UWB is allowed or disallowed. The default value is true (allowed).

For a device managed by multiple administrators, the UWB is disallowed if at least one administrator has disallowed it.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 boolean result = false;
 try {
     // Check UWB is allowed
     result = restrictionPolicy.isUWBAllowed();
 } catch (RemoteException e) {
     Log.e(TAG, "Remote exception : " + e);
 }

Since

API level 33

Multiuser Environment

Global Scope

public boolean isUsbDebuggingEnabled ()

Since: API level 2

Deprecated in API level 35

API to check whether USB debugging is enabled.

Returns

true if USB debugging is enabled, false if USB debugging is disabled.

Usage

An administrator can use this API to check whether USB debugging is enabled.

For a device managed by multiple administrators, USB debugging is disabled if at least one administrator has disabled it.

Since

API level 2

MDM 2.0

Multiuser Environment

Global Scope

public boolean isUsbHostStorageAllowed ()

Since: API level 6

Deprecated in API level 35

API to check whether USB host storage is allowed.

Returns

true if USB host storage is allowed, false if USB host storage is blocked

Usage

An administrator can use this API to check whether USB host storage devices are allowed to be mounted. Through USB OTG, a user can connect any pen drive (portable USB storage), external HD, or SD card reader, and it is mounted as a storage drive on the device.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();

 try {
     if (restrictionPolicy.isUsbHostStorageAllowed()) {
         Log.d(TAG, "USB host storage is allowed");
     } else {
         Log.w(TAG, "USB host storage is disallowed");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Since

API level 6

MDM 4.0

Multiuser Environment

Global Scope

public boolean isUsbMediaPlayerAvailable (boolean showMsg)

Since: API level 2

Deprecated in API level 35

API to check whether MTP (media transfer protocol) is allowed or not.

Parameters

showMsg	Flag to show a warning toast.

Returns

true if MTP is allowed on the device, false if MTP is disallowed.

Usage

An administrator can use this API to check whether MTP (media transfer protocol) is allowed or not. The default value is true (allowed).

For a device managed by multiple administrators, MTP is disallowed if at least one administrator has disabled it.

Since

API level 2

MDM 2.0

Multiuser Environment

Global Scope

public boolean isUsbTetheringEnabled ()

Since: API level 2

Deprecated in API level 35

API to check whether USB tethering is enabled.

Returns

true if enabled, false if disabled.

Usage

An administrator can use this API to check whether the device can share its network data through a USB connection. The default value is true (enabled).

For a device managed by multiple administrators, this method returns disabled if at least one administrator has disabled USB tethering.

Since

API level 2

MDM 2.0

Multiuser Environment

Global Scope

public boolean isUserMobileDataLimitAllowed ()

Since: API level 6

API to check whether the user is allowed to set the mobile data limit.

Returns

true if user is allowed to set mobile data limit, false otherwise

Usage

An administrator can use this API to check whether the user is allowed to set the mobile data limit and take appropriate action based on enterprise policy.

Since

API level 6

MDM 4.0

Multiuser Environment

Global Scope

public boolean isVideoRecordAllowed ()

Since: API level 6

Deprecated in API level 35

API to check whether video recording is allowed.

Returns

true if video recording is allowed, false if video recording is disallowed

Usage

An administrator can use this API to check whether video recording is allowed and take appropriate action based on enterprise policy.

Since

API level 6

MDM 4.0

Multiuser Environment

User Scope

public boolean isVpnAllowed ()

Since: API level 4

API to check whether native virtual private network (VPN) functionality is allowed.

Returns

true if allowed, false if disallowed

Usage

An administrator can use this API to check whether a user can use the native VPN functionality. The default value is true (allowed).

Since

API level 4

MDM 2.2

Multiuser Environment

Global Scope

public boolean isWallpaperChangeAllowed ()

Since: API level 5

Deprecated in API level 35

API to check whether the user is allowed to change the wallpaper.

Returns

true if wallpaper change is allowed, else false.

Usage

An administrator can use this API to check whether the user is allowed to change the device wallpaper. The default value is true (allowed).

*

Since

API level 5

MDM 3.0

Multiuser Environment

User Scope

public boolean isWearablePolicyEnabled (int device)

Since: API level 19

Deprecated in API level 27

API to check whether wearable policy is enabled for given wearable device type.

Parameters

device	wearable device type. `WEARABLE_GEAR_DEVICE`

Returns

true if wearable policy is enabled, false if wearable policy is disabled

Usage

An administrator can use this API to check whether wearable policy is enabled or not.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 boolean result = false;
 try {
     // Check whether wearable policy is enabled or not
     result = restrictionPolicy.isWearablePolicyEnabled(RestrictionPolicy.WEARABLE_GEAR_DEVICE);
 } catch (RemoteException e) {
     Log.e(TAG, "Remote exception : " + e);
 }

Since

API level 19

MDM 5.6

Multiuser Environment

Global Scope

public boolean isWiFiEnabled (boolean showMsg)

Since: API level 2

Deprecated in API level 35

API to check whether Wi-Fi is enabled.

Parameters

showMsg	Flag to show a warning toast when Wi-Fi is disabled

Returns

true if Wi-Fi is enabled, false if Wi-Fi is disabled

Usage

An administrator can use this API to check whether Wi-Fi is enabled and take appropriate action based on enterprise policy. The default value is true (enabled).

Since

API level 2

MDM 2.0

Multiuser Environment

Global Scope

public boolean isWifiDirectAllowed ()

Since: API level 6

Deprecated in API level 35

API to check whether Wi-Fi Direct is allowed.

Returns

true if Wi-Fi Direct is allowed, false if Wi-Fi Direct is disallowed

Usage

An administrator can use this API to check whether Wi-Fi Direct is allowed and take appropriate action based on enterprise policy.

Since

API level 6

MDM 4.0

Multiuser Environment

Global Scope

public boolean isWifiTetheringEnabled ()

Since: API level 2

Deprecated in API level 35

API to check whether Wi-Fi tethering is enabled.

Returns

true if enabled, false if disabled or fail

Usage

An administrator can use this API to check whether the device can share its network data through a Wi-Fi connection. The default value is true (enabled).

For a device managed by multiple administrators, the Wi-Fi connection is disabled if at least one administrator has disabled it.

Since

API level 2

MDM 2.0

Multiuser Environment

Global Scope

public boolean setAllowNonMarketApps (boolean allow)

Since: API level 2

Deprecated in API level 35

API to allow or disallow installation of non-Google-Play applications.

Parameters

allow	`true` to allow installation of non-Google-Play application, `false` to disallow installation of non-Google-Play application.

Returns

true if setting access to installation of non-Google-Play application is successful, else false

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to allow or disallow installation of non-Google-Play applications. If set to false, installation of non-Google-Play applications is disabled, and the user cannot access the UI until the administrator enables access again. If set to true, UI access to enabling installation of non-Google-Play applications is enabled. Enabling UI access does not enable the actual functionality.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 // disable
 try {
     if (restrictionPolicy.setAllowNonMarketApps(false)) {
         // Non-Google-Play application installation is disabled and cannot be enabled
         // by user.
     } else {
         // failure to enable UI access
     }
     // enable
     if (restrictionPolicy.setAllowNonMarketApps(true)) {
         // user allowed to change non-Google-Play application installation.
     } else {
         // failure to disable UI access
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 2

MDM 2.0

Multiuser Environment

Global Scope

public boolean setAllowedFOTAVersion (String version, Bundle bundle)

Since: API level 20

API to set allowed FOTA version on device.

Parameters

version	Allowed FOTA version. Pass this value in format "ap_version/csc_version/cp_version" or "ap_version/csc_version/" if device do not support cp. Passing `null` will reset previous set version.
bundle	Bundle for extra to pass Corporation Id key `UPDATE_FOTA_CORPID`. Pass this value in format "mdm_id/customer_id/group_id". Passing `null` will fail. NOTE: This parameter is supported from MDM 5.7.1. If both version and bundle are `null`, reset previous set value.

Returns

true if successfully API call, else false. Actual results are passed by intent

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to set allowed FOTA version (Enterprise FOTA) that allows for updating. User can not update device to the higher version of administrator set version. If this API returns true, system will broadcast intent with action ACTION_UPDATE_FOTA_VERSION_RESULT with string EXTRA_UPDATE_FOTA_VERSION_STATUS.
For details about how to deploy EFOTA, including information about using the REST API calls and getting authorization tokens, see the EFOTA Developer Guide.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 // set final version that allows for updating
 try {
     Bundle bundle = new Bundle();
     String str_corpId = "MDM_ID/Customer_ID/Group_ID";
     bundle.putString(RestrictionPolicy.UPDATE_FOTA_CORPID, str_corpId);
     boolean result = restrictionPolicy.setAllowedFOTAVersion("G920FXXU3DPDO/G920FXXU3DPA1/G920FOXA3DPD2", bundle);
     if (true == result) {
         // IT admin will be received the result by intent
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission which has a protection level of signature.

Since

API level 20

MDM 5.7

Multiuser Environment

Global Scope

public boolean setBackgroundData (boolean enable)

Since: API level 2

API to enable or disable access to manage background data usage.

Parameters

enable	`true` to enable, `false` to disable

Returns

true if successful, else false

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to enable or disable access to manage background data usage. If set to false, disabling access blocks the user from syncing with a server when the application is in the background. The user cannot access background data usage until the administrator enables access again. If set to true, background data control is enabled. Enabling access does not enable the background data usage functionality.

NOTE:

For Android 4.0 onward, disabling background data works only when a mobile data limit is set. When the policy is enabled, the mobile data limit is set to 100GB; the user cannot disable the mobile data limit but can change the actual limit.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 // disable
 try {
     boolean result = restrictionPolicy.setBackgroundData(false);
     if (true == result) {
         // background data transfer is disabled and cannot be enabled
         // by user.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 // enable
 try {
     boolean result = restrictionPolicy.setBackgroundData(true);
     if (true == result) {
         // background data UI control is enabled and user can change it
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 2

MDM 2.0

Multiuser Environment

Global Scope

Dependency

This API will be applied only if allowDataSaving(boolean) is not set to false.

public boolean setBackup (boolean enable)

Since: API level 2

Deprecated in API level 35

API to enable or disable Google backup.

Parameters

enable	`true` to enable, `false` to disable

Returns

true if successful, else false.

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to enable or disable backing up to Google servers. If disabled, the user cannot back up data onto Google servers.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean result = restrictionPolicy.setBackup(false);
     if (true == result) {
         // Data backup is disabled and cannot be enabled by user.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission which has a protection level of signature.

Since

API level 2

MDM 2.0

Multiuser Environment

Global Scope

public boolean setBluetoothTethering (boolean enable)

Since: API level 2

Deprecated in API level 35

API to enable or disable Bluetooth tethering.

Parameters

enable	`true` to enable, `false` to disable.

Returns

true if operation is successful, else false.

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to allow or disallow the device sharing its carrier data connection with other devices through a Bluetooth connection. If set to false, access to Bluetooth tethering functionality is disabled, and the user cannot turn it on until the administrator enables it again. If it set to true, access to Bluetooth tethering is enabled. Enabling access to Bluetooth tethering does not enable Bluetooth tethering.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 // disable
 try {
     boolean result = restrictionPolicy.setBluetoothTethering(false);
     if (true == result) {
         // UI access to Bluetooth tethering is disabled and cannot be enabled by user.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 // enable
 try {
     boolean result = restrictionPolicy.setBluetoothTethering(true);
     if (true == result) {
         // Bluetooth tethering UI control is enabled.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 2

MDM 2.0

Multiuser Environment

Global Scope

public boolean setCameraState (boolean enable)

Since: API level 2

Deprecated in API level 35

API to enable or disable the camera.

Parameters

enable	`true` to enable, `false` to disable.

Returns

true if successful, else false.

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to disable the camera without user interaction. User or third-party applications cannot enable the camera once it is disabled. The camera is turned off and disabled if it is turned on when this API is called. The API disables the photo camera, video camera, and video telephony functionality.

NOTE:

If the policy has been applied at user 0, then camera will be disabled for user 0 as well as all the containers and users created on the device.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     // Disable camera. Other applications that use the camera cannot
     // use it.
     boolean result = restrictionPolicy.setCameraState(false);

     if (true == result) {
         // Camera is disabled and cannot be enabled by user.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

For Container:

 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     // Disable camera. Other applications that use the camera cannot
     // use it.
     boolean result = restrictionPolicy.setCameraState(false);

     if (true == result) {
         // Camera is disabled and cannot be enabled by user.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_HW_CONTROL" permission which has a protection level of signature.

Since

API level 2

MDM 2.0

Multiuser Environment

User Scope

public boolean setCellularData (boolean enable)

Since: API level 2

API to enable or disable cellular data connection.

Parameters

enable	`true` to enable cellular data connection, `false` to disable cellular data connection.

Returns

true if setting cellular data is successful, else false

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to allow or disallow mobile data connections. If disallowed, the user cannot use its data connection through the SIM.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     if (restrictionPolicy.setCellularData(false)) {
         // cellular data is disabled and cannot be enabled by user.
     } else {
         // failure to restrict cellular data.
     }
     if (restrictionPolicy.setCellularData(true)) {
         // cellular data can be enabled by user.
     } else {
         // failure to remove restriction on cellular data.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 2

MDM 2.0

Multiuser Environment

Global Scope

public boolean setClipboardEnabled (boolean enable)

Since: API level 2

API to enable or disable access to the clipboard.

Parameters

enable	`true` to enable the clipboard, `false` to disable the clipboard.

Returns

true if setting access to clipboard is successful, else false

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to enable or disable any editing functions that require access to the clipboard, including cut, copy, and paste operations.

NOTE:

This policy only take effect over native android clipboard

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     if (restrictionPolicy.setClipboardEnabled(false)) {
         // clipboard operation like cut or copy or paste is disabled
     } else {
         // failure to restrict access to clipboard.
     }
     if (restrictionPolicy.setClipboardEnabled(true)) {
         // clipboard enabled.
     } else {
         // failure to remove restriction on access to clipboard.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

For Container:

 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     if (restrictionPolicy.setClipboardEnabled(false)) {
         // clipboard operation like cut or copy or paste is disabled
     } else {
         // failure to restrict access to clipboard.
     }
     if (restrictionPolicy.setClipboardEnabled(true)) {
         // clipboard enabled.
     } else {
         // failure to remove restriction on access to clipboard.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 2

MDM 2.0

Multiuser Environment

User Scope

public boolean setHeadphoneState (boolean enable)

Since: API level 11

API to set Headphone state.

Parameters

enable	`true` to enable, `false` to disable.

Returns

true if operation is successful, else false.

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to enable or disable Headphone usage

NOTE:

Enabling headphones while they are still plugged in will not work because headphones need to be initialized by re-plugging in.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean allow = false; // disable HeadphoneState
     if (restrictionPolicy.setHeadphoneState(allow)) {
         Log.w(TAG, "Headphone is disabled");
     } else {
         Log.w(TAG, "Failed to set the policy.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

For Container:

 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     boolean allow = false; // disable HeadphoneState
     if (restrictionPolicy.setHeadphoneState(allow)) {
         Log.w(TAG, "Headphone is disabled");
     } else {
         Log.w(TAG, "Failed to set the policy.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 11

MDM 5.0

Multiuser Environment

Global Scope

public boolean setHomeKeyState (boolean enable)

Since: API level 2

API to enable or disable home key functionality.

Parameters

enable	`true` to enable, `false` to disable

Returns

true if successful, else false

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to enable or disable home key functionality. The API also blocks display of the list of recent applications when performing a long press on the home key. The user can still use the back key to navigate to other screens.

NOTE: Since MDM 5.3, only owner (User 0) administrator can call this API. For guest users, API will return false.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean result = restrictionPolicy.setHomeKeyState(false);
     if (true == result) {
         // Home key feature is disabled and user cannot use home soft/hard key.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

For Container:

NOTE: Since MDM 5.3, only COM (Kiosk) container administrator can call this API. For other container types, API will return false.

 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     boolean result = restrictionPolicy.setHomeKeyState(false);
     if (true == result) {
         // Home key feature is disabled and user cannot use home soft/hard key.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 2

MDM 2.0

Multiuser Environment

User Scope

public boolean setLockScreenState (boolean enable)

Since: API level 11

API to allow or disallow lockscreen menu in the device Settings.

Returns

true if operation is successful, else false.

Throws

SecurityException	If caller does not have required permissions

Usage

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean allow = false; // disallow
     if (restrictionPolicy.setLockScreenState(allow)) {
         Log.w(TAG, "lockscreen menu is disabled");
     } else {
         Log.w(TAG, "Failed to set the policy.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

For Container:

NOTE: Since MDM 5.3, only Android users (Owner/Guest user) administrator can call this API. For container, API will return false.

 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     boolean allow = false; // disallow
     if (restrictionPolicy.setLockScreenState(allow)) {
         Log.w(TAG, "lockscreen menu is disabled");
     } else {
         Log.w(TAG, "Failed to set the policy.");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 11

MDM 5.0

Multiuser Environment

User Scope

public boolean setMicrophoneState (boolean enable)

Since: API level 2

Deprecated in API level 35

API to enable or disable microphone.

Parameters

enable	`true` to enable, `false` to disable

Returns

true if successful, else false

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can disable the microphone without user interaction. User or third-party applications cannot enable the microphone once it is disabled. The microphone is turned off and disabled if it is turned on when this API is called. This API disables only the microphone used for recording, not the phone application microphone.

NOTE:

If the policy has been applied at user 0, then microphone will be disabled for user 0 as well as all the containers and users created on the device.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     // Disable microphone. Other functionalities like voice recording cannot
     // be used
     boolean result = restrictionPolicy.setMicrophoneState(false);

     if (true == result) {
         // Microphone is disabled and user cannot use microphone-related
         // functions.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

For Container:

 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     // Disable microphone. Other functionalities like voice recording cannot
     // be used
     boolean result = restrictionPolicy.setMicrophoneState(false);

     if (true == result) {
         // Microphone is disabled and user cannot use microphone-related
         // functions.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_HW_CONTROL" permission which has a protection level of signature.

Since

API level 2

MDM 2.0

Multiuser Environment

User Scope

public boolean setMockLocation (boolean enable)

Since: API level 2

Deprecated in API level 35

API to enable or disable mock GPS locations.

Parameters

enable	`true` to enable, `false` to disable

Returns

true if successful, else false

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to enable or disable mocking the device's GPS location. If set to true, the device can change its actual longitude and latitude readings, and GPS applications will show the fake coordinates instead of the actual coordinates.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean result = restrictionPolicy.setMockLocation(false);
     if (true == result) {
         // mock location is disabled and cannot be enabled by user.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_LOCATION" permission with a protection level of signature.

Since

API level 2

MDM 2.0

Multiuser Environment

Global Scope

public boolean setScreenCapture (boolean enable)

Since: API level 2

Deprecated in API level 35

API to enable or disable screen capture.

Parameters

enable	`true` to enable, `false` to disable

Returns

true if operation is successful, else false.

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to prevent a user from taking screenshots of the device screen. The API also blocks the user from taking screenshots using the Dalvik Debug Monitor Server (DDMS).

NOTE: Applicable for knox 3.8 only, Samsung default apps with android.permission.INTERNAL_SYSTEM_WINDOW may not be disallowed to capture.
Default apps: Launcher, SystemUI, Setting, Reminder, Calender, Clock

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     boolean result = restrictionPolicy.setScreenCapture(false);
     if (true == result) {
         // screen capture is disabled and user cannot capture device screen
         // shot.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

For Container:

 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     boolean result = restrictionPolicy.setScreenCapture(false);
     if (true == result) {
         // screen capture is disabled and user cannot capture device screen
         // shot.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 2

MDM 2.0

Multiuser Environment

User Scope

public boolean setSdCardState (boolean enable)

Since: API level 2

Deprecated in API level 35

API to enable or disable Secure Digital (SD) card access.

Parameters

enable	`true` to enable access to SD card, `false` to disable access to SD card.

Returns

true if setting access to SD card is successful, else false

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to enable or disable data access to the SD card. If disabled, any attempt to transfer data to the SD card fails.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     if (restrictionPolicy.setSdCardState(false)) {
         // SD card is disabled and user cannot mount/use it.
     } else {
         // failure to restrict access to SD card.
     }
     if (restrictionPolicy.setSdCardState(true)) {
         // user control of SD card is enabled.
     } else {
         // failure to remove access restriction to SD card.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_HW_CONTROL" permission with a protection level of signature.

Since

API level 2

MDM 2.0

Multiuser Environment

Global Scope

public boolean setTethering (boolean enable)

Since: API level 2

Deprecated in API level 35

API to enable or disable all tethering interfaces.

Parameters

enable	`true` to enable, `false` to disable

Returns

true if operation is successful, else false.

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to block the device from sharing its carrier data with another device through USB, WiFi, and Bluetooth.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();

 try {
     if (restrictionPolicy.setTethering(false)) {
         // tethering is disabled and cannot be enabled by user.
     } else {
         // failure to restrict tethering.
     }
     if (restrictionPolicy.setTethering(true)) {
         // tethring UI control is enabled.
     } else {
         // failure to remove restriction on tethering.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 2

MDM 2.0

Multiuser Environment

Global Scope

public boolean setUsbDebuggingEnabled (boolean enable)

Since: API level 2

Deprecated in API level 35

API to enable or disable USB debugging.

Parameters

enable	`true` to enable USB debugging, `false` to disable USB debugging.

Returns

true if operation is successful, else false.

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to block USB access. This function blocks any kind of device debugging through Dalvik Debug Monitor Server (DDMS) or adb.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     if (restrictionPolicy.setUsbDebuggingEnabled(false)) {
         // USB debugging is disabled and cannot be enabled by user.
     } else {
         // failure to restrict USB debugging.
     }
     if (restrictionPolicy.setUsbDebuggingEnabled(true)) {
         // USB debugging UI control is enabled.
     } else {
         // failure to remove restriction on USB debugging.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 2

MDM 2.0

Multiuser Environment

Global Scope

public boolean setUsbExceptionList (int exceptionList)

Since: API level 29

API to set USB class exception list.

NOTE:

This API works only when allowUsbHostStorage(boolean) is true. This API only works with USB classes listed in RestrictionPolicy.USBInterface.

This API is not affected by the deprecation of allowUsbHostStorage(boolean). allowUsbHostStorage(boolean) has the default value of true, and this API works with that set to true.

Parameters

exceptionList	Using `RestrictionPolicy.USBInterface` value. If you want to handle multiple exceptions, "USBInterface.HID.getValue() \| USBInterface.MAS.getValue() \| USBInterface......".

Returns

true if success, else false.

Usage

An administrator can use this API to set the USB device class exception list.
- If set, all USB device classes will be blocked except the classes in the exception list.
- If any class is set, the HUB class will be added automatically to the exception list.
- To reset the USB exception list, pass USBInterface.OFF.getValue().

NOTE:
This API works only when allowUsbHostStorage(boolean) is true.
A USB Composite Device is a peripheral device that supports more than one device class.
if you use this API to a USB Composite Device, please add all supported classes in the exception list.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 restrictionPolicy.setUsbExceptionList(USBInterface.HID.getValue());

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 23

MDM 5.9

Multiuser Environment

Global Scope

public boolean setUsbMediaPlayerAvailability (boolean enable)

Since: API level 2

Deprecated in API level 35

API to allow or disallow MTP (media transfer protocol).

Parameters

enable	`true` to allow MTP, `false` to disallow MTP.

Returns

true if MTP is successfully allowed or disallowed, false otherwise

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to allow or disallow MTP (media transfer protocol). Since Android only supports USB file transfer through MTP, using this API will allow the administrator to block any kind of file transfer through USB. PTP (picture transfer protocol) is a subset of MTP and will also be affected by this API.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     if (restrictionPolicy.setUsbMediaPlayerAvailability(false)) {
         // MTP is disallowed and cannot be enabled by user.
     } else {
         // Failure to disallow MTP.
     }
     if (restrictionPolicy.setUsbMediaPlayerAvailability(true)) {
         // MTP is allowed
     } else {
         // Failure to allow MTP.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 2

MDM 2.0

Multiuser Environment

Global Scope

public boolean setUsbTethering (boolean enable)

Since: API level 2

Deprecated in API level 35

API to enable or disable USB tethering.

Parameters

enable	`true` to enable, `false` to disable

Returns

true if operation is successful, else false

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to allow or disallow the device sharing its carrier data connection with other devices through a USB connection. If set to false, access to USB tethering functionality is disabled, and the user cannot turn it on until the administrator enables it again. If it set to true, access to USB tethering is enabled. Enabling access to USB tethering does not enable USB tethering.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 // disable
 try {
     if (restrictionPolicy.setUsbTethering(false)) {
         // USB tethering access is disabled and cannot be enabled by user.
     } else {
         // failure restricting USB tethering.
     }
     // enable
     if (restrictionPolicy.setUsbTethering(true)) {
         // USB tethering UI control is enabled.
     } else {
         // failure removing restriction to USB tethering.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 2

MDM 2.0

Multiuser Environment

Global Scope

public boolean setWifiTethering (boolean enable)

Since: API level 2

Deprecated in API level 35

API to enable or disable Wi-Fi tethering.

Parameters

enable	`true` to enable, `false` to disable

Returns

true if operation is successful, else false

Throws

SecurityException	If caller does not have required permissions

Usage

An administrator can use this API to allow or disallow the device sharing its carrier data connection with other devices through a Wi-Fi connection. If set to false, access to Wi-Fi tethering functionality is disabled, and the user cannot turn it on until the administrator enables it again. If set to true, access to Wi-Fi tethering is enabled. Enabling access to Wi-Fi tethering does not enable Wi-Fi tethering.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 // disable
 try {
     if (restrictionPolicy.setWifiTethering(false)) {
         // Wi-Fi tethring is disabled and cannot be enabled by user.
     } else {
         // failure restricting Wi-Fi tethering.
     }
     // enable
     if (restrictionPolicy.setWifiTethering(true)) {
         // Wi-Fi tethering UI control is enabled.
     } else {
         // failure removing restriction of Wi-Fi tethering.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

Permission

The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_RESTRICTION_MGMT" permission with a protection level of signature.

Since

API level 2

MDM 2.0

Multiuser Environment

Global Scope

Knox SDK API reference

Classes

Enums

RestrictionPolicy

Class Overview

Since

Summary

Constants

public static final String ACTION_UPDATE_FOTA_VERSION_RESULT

Permission

Since

public static final int ERROR_UPDATE_FOTA_ENABLED_BY_OTHER_ADMIN

Since

public static final int ERROR_UPDATE_FOTA_INVALID_PARAMETER

Since

public static final int ERROR_UPDATE_FOTA_NONE

Since

public static final int ERROR_UPDATE_FOTA_UNKNOWN

Since

public static final int ERROR_UPDATE_FOTA_UNKNOWN_SERVER

Since

public static final String EXTRA_UPDATE_FOTA_VERSION_STATUS

Since

public static final int LOCKSCREEN_MULTIPLE_WIDGET_VIEW

Since

public static final int LOCKSCREEN_SHORTCUTS_VIEW

Since

public static final int STATUS_UPDATE_FOTA_ALREADY_LATEST_VERSION

Since

public static final int STATUS_UPDATE_FOTA_FAILURE

Since

public static final int STATUS_UPDATE_FOTA_PROCESSING

Since

public static final int STATUS_UPDATE_FOTA_SUCCESS

Since

public static final String UPDATE_FOTA_CORPID

Since

public static final int WEARABLE_GEAR_DEVICE

Since

Public Methods

public boolean allowAirplaneMode (boolean allow)

Parameters

Returns

Throws

Usage

Permission

Since

Multiuser Environment

See Also

public boolean allowAndroidBeam (boolean allow)

Parameters

Returns

Throws

Usage

Permission

Since

Multiuser Environment

See Also

public boolean allowAudioRecord (boolean allow)

Parameters

Returns

Throws

Usage

For Container:

Permission

Since

Multiuser Environment

See Also

public boolean allowBackgroundProcessLimit (boolean allow)

Parameters

Returns

Throws

Usage

Permission

Since

Multiuser Environment

See Also

public boolean allowBluetooth (boolean enable)

Parameters

Returns