KNOX Premium SDK - Samsung Knox€¦ · KNOX Standard and KNOX Premium SDKs: Samsung KNOX™...

Release Notes

KNOX™ Premium SDK Version 2.3 January 2015

Samsung KNOX™ Premium SDK Release Notes Copyright © 2015 Samsung Electronics Co. Ltd. ii

Copyright Notice

Copyright © 2015 Samsung Electronics Co. Ltd. All rights reserved. Samsung is a registered trademark of Samsung Electronics Co. Ltd.

Samsung KNOX is a trademark of Samsung Electronics, Co., Ltd. in the United States and other countries. Specifications and designs

are subject to change without notice. Non-metric weights and measurements are approximate. All data were deemed correct at time

of creation. Samsung is not liable for errors or omissions. Android and Google Play are trademarks of Google Inc. ARM and TrustZone

are registered trademarks of ARM Limited (or its subsidiaries) in the EU and/or elsewhere. iOS is a trademark of Apple Inc., registered

in the U.S. and other countries. Microsoft Azure and Microsoft Active Directory are either registered trademarks or trademarks of

Microsoft Corporation in the United States and/or other countries. All brand, product, service names and logos are trademarks and/or

registered trademarks of their respective owners and are hereby recognized and acknowledged.

Samsung KNOX Premium SDK Information

Version: 2.3

Supported Target Platform

Android 5.0 (Lollipop)

Document History

Date SDK

Version

Doc

Version Description of changes

12/27/12 1.0 1.0 Base document version.

7/10/13 1.0.1 1.0.1.0 Added new KNOX 1.0.1 polices. Removed KNOX Takeover APIs

10/21/13 1.1.0 1.1.0 Added new KNOX 1.1.0 and 1.0.2

3/4/14 2.0 2.0.0 Added new KNOX 2.0 (includes KNOX 1.2 APIs) Separated Smart Card (SC)

SDK

7/8/14 2.1 2.1.0 Added new KNOX 2.1 polices

Update on released KNOX 2.0 polices

9/25/14 2.2 2.2.0 Updated all existing policies & features till KNOX 2.1. Added new KNOX 2.2

polices.

1/14/15 2.3 2.3.0 Updated all existing policies & features till KNOX 2.2. Added new KNOX 2.3

polices.

Contact Information

Samsung Electronics Co., Ltd

416, Maetan-3dong,

Yeongtong-gu Suwon-City

Gyeonggi-do, 443-742

Samsung Enterprise Mobility Solutions – Santa Clara

Samsung Research America, Ltd

3920 Freedom Circle; Suite 101

Santa Clara, CA 95054

United States of America

Samsung KNOX™ Premium SDK Release Notes Copyright © 2015 Samsung Electronics Co. Ltd. iii

Contents 1 Introduction ................................................................................................................... iv

Audience ............................................................................................................................................................................................ iv Additional documentation .......................................................................................................................................................... iv

2 Installation and configuration ...................................................................................... 5

3 Supported features......................................................................................................... 6

4 New features and enhancements ............................................................................... 10

Constants ......................................................................................................................................................................................... 10 Deprecated policies ..................................................................................................................................................................... 10

5 Issues fixed ................................................................................................................. 11

Helper APIs deprecated & not supported .......................................................................................................................... 11 APIs removed in KNOX 2.0 ....................................................................................................................................................... 12 Constants deprecated and not supported in KNOX 2.0 ............................................................................................... 12 APIs description, sample code enhancement .................................................................................................................... 12

6 Known issues ................................................................................................................. 13

Samsung KNOX™ Premium SDK Release Notes Copyright © 2015 Samsung Electronics Co. Ltd. iv

1 Introduction This release contains the policies released as part of the Enterprise Device Management KNOX

Project.

The Enterprise Device Management project is part of a broader on-going effort to make Samsung

Android Smart phones & Tablets enterprise friendly.

These policies are intended to be used by any Device Management client to enforce organization

specific policies on employee devices. MDM clients developed by Samsung Partners are intended

to make use of these policies to satisfy their and their customer’s requirements.

Audience

Enterprise Development Teams at:

o Samsung HQ (Suwon, South Korea)

o MCL B2B (Santa Clara, USA)

o SIDI (Campinas, Brazil)

o Samsung Partners

Additional documentation

The following documentation is also available for additional information regarding the Samsung

KNOX Standard and KNOX Premium SDKs:

Samsung KNOX™ Premium SDK Developer Guide—Describes the Samsung KNOX

Premium and Standard SDK APIs and explains how to use them to develop Android™ app

containers and other mobile enterprise features that can be implemented in Enterprise-

managed Samsung KNOX-enabled mobile devices. This guide includes Java device and

container use case examples.

You should consult this guide if you want to implement an agent APK that calls KNOX

SDK APIs and communicates with the partner’s management server. The partner agent

APK must be installed on the device by the user or IT admin, typically through Google

Play or side loading. The advantage of this approach is that this is the traditional model

that supports pre-KNOX 2.0 versions of the SDK.

Samsung KNOX™ Quality Criteria for MDM Solutions—Describes the quality criteria for

Samsung KNOX that each MDM partner should implement with their mobile device

management solution.

Samsung KNOX™ Premium SDK Release Notes Copyright © 2015 Samsung Electronics Co. Ltd. 5

2 Installation and configuration The KNOX Premium SDK policies are currently developed on Android KitKat.

The required MDM client should be installed on this device and the new policies can be exercised.


3 Supported features

Policies

The following are the list of policies which have been developed till KNOX 2.2

Policy Group Policy KNOX

Version

Audit Log

Enable/Disable Audit Log Service KNOX 1.0

Manage/Monitor Audit Log Feature Parameters KNOX 1.0

Dump Audit Log Information KNOX 1.0

Additional Audit Log Features KNOX 1.0

Container Application Policy

group

Container Package management KNOX 1.0

Start/Stop an Application KNOX 1.0

Enable/Disable Application KNOX 1.0

Write data in application home directory. KNOX 1.0

Add/Get/Check/Remove the packages in the intall white list. KNOX 1.0

Home shortcut KNOX 1.0

Prevent user from clear data certain application KNOX 1.0

Prevent user from clear cache certain application KNOX 1.0

Container Firewall Policy

group

Application inside container based Firewall KNOX 1.0

Get active IPTABLES rules KNOX 1.0

Web Filtering / Reporting KNOX 1.0

Redirect Exceptions KNOX 1.0

Kernel routing table information KNOX 1.0

Container Restriction Policy

Group

Allow/Disallow Camera KNOX 1.0

Allow/Disallow Share List KNOX 1.0

Allow/Disallow Use Secure Keyboard KNOX 1.0

Certificate Management

Manage trusted CA restriction list KNOX 1.0

Notify MDM admin of certificate failure events KNOX 1.0

Notify user of certificate failure events KNOX 1.0

Display to the user the identity of the entity that signed an

application upon user request

KNOX 1.0

Manage untrusted certificate restriction list KNOX 1.0

Certificates Revocation Status Check KNOX 1.0

Certificate Validation at install time KNOX 1.0

Container VPN Policy group Add/Remove Per App VPN in Container KNOX 1.0

List packages with VPN profile KNOX 1.0

Add/Remove VPN profile in Container KNOX 1.0

Enterprise Container Container Creation policy KNOX 1.0

Container removal policy KNOX 1.0


Management Policy group Container Information Policy KNOX 1.0

Container Activation/Deactivation policy KNOX 1.0


Container Password Policy

Group

Password Age IT policy rule KNOX 1.0

Maximum Password History IT policy rule KNOX 1.0

Minimum number of complex characters KNOX 1.0

Password Policy Delay KNOX 1.0

Password Change enforcement KNOX 1.0

Maximum password attempts for Container disable KNOX 1.0

Password Maximum Repeated Characters KNOX 1.0

Password Maximum Repeated Numerics KNOX 1.0

Password Forbidden Personal Data KNOX 1.0

Maximum Sequence of Characters KNOX 1.0

Minimum change in Password Characters KNOX 1.0

Enable / Disable Make password visible option KNOX 1.0

Password sufficient. KNOX 1.0

Enterprise Single-Sign-On

(Added late binding

support)

Get SSO error code

KNOX 1.0.1

Get EnterpriseSSOPolicy object KNOX 1.0.1

Enterprise ISL Group

Perform Prebaseline scan KNOX 1.0

First time device approval using MDM KNOX 1.0

Perform Integrity scan KNOX 1.0

Clear integrity baseline KNOX 1.0

Add 3rd party package to baseline KNOX 1.0

Remove3rd party package from baseline KNOX 1.0

Update the current baseline KNOX 1.0

Register callback with integrity service KNOX 1.0

Request binding to integrity service agent KNOX 1.0

Check if integrity service agent is ready KNOX 1.0

start the runtime Integrity monitoring KNOX 1.0

stop the runtime Integrity monitoring KNOX 1.0

get the List of ISA KNOX 2.0

Attestation

Start attestation KNOX 1.0.1

Start attestation with nonce KNOX 1.0.1

Set the attestation server URL KNOX 1.0.1

Get device KNOX id KNOX 1.0.1

KNOX Enterprise License

Management

Activate KNOX Enterprise License KNOX 1.0.1

Enterprise Premium VPN

Policy Group

Connect/Disconnect Per app VPN KNOX 1.0

Set/Get certificates for authentication KNOX 1.0

Set/Get VPN Connections KNOX 1.0

Set/Get VPN mode KNOX 1.0

Enable/Disable Route and setting. KNOX 1.0

Remove VPN Connection KNOX 1.0

SEAndroid Policy

Enforcement

Update SEAndroid Policy KNOX 1.0

Update Mapping of File Paths to Security Labels KNOX 1.0

Update Mapping of Android Properties to Security Labels KNOX 1.0


Update Mapping of Java Applications to Security Contexts KNOX 1.0

Revoke SEAndroid policies KNOX 1.0

Get the SEAndroid Agent owner KNOX 1.0

Get the status of the SELinux property KNOX 1.0

Get AMS Enforce State KNOX 1.0

Get AMS Log Level KNOX 1.0

Set SELinux Enforcing KNOX 1.0

SmartCard Policy group Enable/Disable SmartCard credentials for Email KNOX 1.0

Enable/Disable SmartCard Authentication for Browser KNOX 1.0

Enterprise Single-Sign-On

Set/get customer ID KNOX 1.0

Set Application whitelist KNOX 1.0

Delete Application whitelist KNOX 1.0

Delete Application whitelist state KNOX 1.0

Set Customer Information KNOX 1.0

Force user to re-authenticate KNOX 1.0

Unenroll user from SSO service KNOX 1.0

Enterprise KNOX Manager Get KNOX Version KNOX 1.0

Get KNOXified State KNOX 1.0

Enterprise Container

Management Policy group

Container Activation/Deactivation Policy KNOX 1.0.2

Container Activation/Deactivation Policy KNOX 1.0.2

Generic VPN Policy Group

Connect/Disconnect Per app VPN

KNOX 1.1.0

Set/Get Certificates for authentication KNOX 1.1.0

Set/Get VPN Connections KNOX 1.1.0

Set/Get VPN mode KNOX 1.1.0

Enhanced VPN Functionality KNOX 1.1.0

Remove VPN Connection KNOX 1.1.0

Get state/Error-status of the profile KNOX 1.1.0

SEAndroid Policy

Enforcement

Get SELinux Mode KNOX 1.0.2

Get the SEInfo from PackageName KNOX 1.0.2

Get the SEInfo from Certificate KNOX 1.0.2

Get Domain from PackageName KNOX 1.0.2

Get Domain from SEInfo, PackageName KNOX 1.0.2

Get DataType from PackageName KNOX 1.0.2

Get DataType from SEInfo, PackageName KNOX 1.0.2

Update MAC Permission KNOX 1.0.2


Manager

De-Activate license KNOX 1.2

Container Remote content

provider policy group

Data sync management policy KNOX 2.0



File moving policy KNOX 2.0



Application moving policy KNOX 2.0

Certificate Management Prevent removal of certificates / resetingkeystore KNOX 2.0

Certificate Management Permit an application to read private keys KNOX 2.0

KNOX Container


Container Creation policy KNOX 2.0

KNOX Container


Container removal policy KNOX 2.0

KNOX Container


Container Information Policy KNOX 2.0

KNOX Container


Container configuration policy KNOX 2.0


KNOX Container


Container Activation/Deactivation policy. KNOX 2.0

KNOX Container


Self Uninstall Policy KNOX 2.0


Manager

Activate license(non-admin) KNOX 2.0


Manager

De-Activate license (non-admin) KNOX 2.0

SmartCard Policy group Enforce certificate alias name used for SmartCard credentials

for S/MIME Email

KNOX 2.0

SmartCard Policy group Bluetooth Secure Access to Card reader KNOX 2.0

SmartCard Policy group Select certificate alias name for SmartCard Authentication

with Browser

KNOX 2.0

KNOX VPN Management

Group

Connect/Disconnect Per app Vpn. KNOX 2.0

Enterprise KNOX Client

Certificate Manager Policy

Group

Manage Client Certificates KNOX 2.0

Enterprise KNOX TIMA

Keystore Policy Group

Manage TIMA Keystore KNOX 2.0

SEAMS Manage SEAMs APIs KNOX 2.0

Advanced Restriction Policy Manage Firmware Auto update KNOX 2.0

Advanced Restriction Policy Manage CC Mode KNOX 2.0

Advanced Restriction Policy Exclusive admin support KNOX 2.0

Advanced Restriction Policy ODE Trusted Boot verification KNOX 2.0

Container Smartcard Access

policy

Enable smartcard access policies inside container KNOX 2.0

Container Configuration

policy

Add/Get/Check/Remove the packages in the install white

list.

KNOX 2.0


policy

Allow/Disallow secure keypad usage IT policy rule KNOX 2.0


policy



policy

Resetting container password KNOX 2.0

Enterprise Single-Sign-On Push data to SSO service KNOX 2.0

Enterprise Single-Sign-On Request setup SSO service KNOX 2.0

Enterprise Single-Sign-On Check if EnterpriseSSOPolicy service is ready KNOX 2.0

Enterprise KNOX Client

Certificate Manager Policy

Group

Manage Client Certificates

KNOX 2.1

Enterprise KNOX Certificate

Enroll Policy Group

Certificate enrollment, renewal and deletion operations with

different protocols like SCEP, CMC, CMP

KNOX 2.1

SEAMs Manage SEAMs APIs KNOX 2.1

Advanced Restriction Policy API whether CC mode supported or not KNOX 2.1


policy

Reset container on reboot KNOX 2.1

Container Configuraton

Management Policy Group

Password pattern restriction KNOX 2.1



Light Weight Container (LWC) configuration KNOX 2.1



Container Only Mode (COM) configuration KNOX 2.1

Certificate Policy Group Allow/Block installation of self signed applications KNOX 2.2

Enterprise Billing Policy

Group

APN based Enterprise split billing KNOX 2.2

Container Management

Policy Group

Remove Configuration Type KNOX 2.2

Container Management

Policy Group

Create Container(Creation Param) KNOX 2.2


policy group.

Reset container password KNOX 2.2


Policy Group

Manage Hibernation Timeout KNOX 2.2


Policy Group

Manage Wi-Fi network SSID KNOX 2.2


Policy Group

Enable external sdcard. KNOX 2.2


Policy Group

Manage External Storage White and Black List KNOX 2.2


Policy Group

Manage Remote Control KNOX 2.2

KNOX Configuration Type MultiFactor Authentication KNOX 2.2


4 New features and enhancements

Policies

The following are the list of policies which have been developed in KNOX 2.3.

Policy Group Policy KNOX

Version

KNOX Container

Configuration Policy

group

Container Configuration:

KNOXConfigurationType.setBiometricAuthenticationEnabled(int

bioAuth, boolean enable)

KNOXConfigurationType.isBiometricAuthenticationEnabled(int bioAuth)

KNOX 2.3

KNOX Container

Management

Container Management:

ContainerConfigurationPolicy.setSettingsOptionEnabled(String option,

boolean enable)

ContainerConfigurationPolicy.isSettingsOptionEnabled(String option)

KNOX 2.3

Constants

The following are the list of constants which have been developed in KNOX 2.3

Class Constant

KNOX

Version

ContainerConfigurationPolicy OPTION_CALLER_INFO KNOX 2.3

Deprecated policies

The following are the list of policies which have been deprecated in KNOX 2.3

Policy Group Policy

KNOX

Version

Enterprise ISL Group EnterpriseISLPolicy class

IntegrityResultSubscriber class

EnterpriseKNOXManager.getEnterpriseISLPolicy()

KNOX 1.0


5Issues fixed

Helper APIs deprecated & not supported

The following are the list of helper APIs which have been deprecated and not supported in

KNOX 2.0

Policy Group Policy

KNOX

Version

KNOX Container

Configuration

Policy group

Container configuration policy

KNOXConfigurationType.setAirCommandEnabled()

KNOXConfigurationType.setAllowAllShare()

KNOXConfigurationType.setAllowCustomColorIdentification()

KNOXConfigurationType.setAllowDLNADataTransfer()

KNOXConfigurationType.setAllowExportAndDeleteFiles()

KNOXConfigurationType.setAllowExportFiles()

KNOXConfigurationType.setAllowImportFiles()

KNOXConfigurationType.setAllowPrint()

KNOXConfigurationType.setAllowShortCutCreation()

KNOXConfigurationType.setAllowUniversalCallerId()

KNOXConfigurationType.setCameraModeChangeEnabled()

KNOXConfigurationType.setGearSupportEnabled()

KNOXConfigurationType.setModifyLockScreenTimeout()

KNOXConfigurationType.setPenWindowEnabled()

KNOXConfigurationType.getAirCommandEnabled()

KNOXConfigurationType.getAllowAllShare()

KNOXConfigurationType.getAllowCustomColorIdentification()

KNOXConfigurationType.getAllowDLNADataTransfer()

KNOXConfigurationType.getAllowExportAndDeleteFiles()

KNOXConfigurationType.getAllowExportFiles()

KNOXConfigurationType.getAllowImportFiles()

KNOXConfigurationType.getAllowPrint()

KNOXConfigurationType.getAllowShortCutCreation()

KNOXConfigurationType.getAllowUniversalCallerId()

KNOXConfigurationType.getCameraModeChangeEnabled()

KNOXConfigurationType.getGearSupportEnabled()

KNOXConfigurationType.getModifyLockScreenTimeout()

KNOXConfigurationType.getPenWindowEnabled()

KNOX 2.0


APIs removed in KNOX 2.0

The following are the list of APIs which have been removed in KNOX 2.0

Policy Group Policy

KNOX

Version

Enterprise KNOX

Client Certificate

Manager Policy Group

Manage Client Certificates

ClientCertificateManager.generateCSR()

ClientCertificateManager.installObject()

ClientCertificateManager.registerForDefaultCertificate()

KNOX

2.0

SEAMs Manage SEAMs APIs

SEAMS.getMDMOwnPolicyStatus()

SEAMS.revokeSELinuxPolicy()

SEAMS.setAllPolicyConfig(FileInputStreamfis, booleanreloadPolicy)

SEAMS.setFileContexts(byte[] fileContexts, booleanreloadPolicy)

SEAMS.setMDMOwnPolicyStatus()

SEAMS.setMacPermission(byte[] macPerm, booleanreloadPolicy)

SEAMS.setPropertyContexts(byte[] propertyContexts,

booleanreloadPolicy)

SEAMS.setSEAppContexts(byte[] seAppContexts,

booleanreloadPolicy)

SEAMS.setSELinuxPolicy(byte[] sePolicy, booleanreloadPolicy)

KNOX

2.0

Constants deprecated and not supported in KNOX 2.0

The following are the list of constants which have been deprecated and not supported in KNOX

2.0

Class Constant KNOX

Version

RCPPolicy RCPPolicy.BOOKMARKS

RCPPolicy.CALL_LOG

RCPPolicy.CLIPBOARD

RCPPolicy.SHORTCUTS

RCPPolicy.SMS

KNOX

2.0

APIs description, sample code enhancement

Not applicable at time of release.


6 Known issues Not applicable at time of release.

KNOX Premium SDK - Samsung Knox€¦ · KNOX Standard and KNOX Premium SDKs: Samsung KNOX™...

Documents

Transcript of KNOX Premium SDK - Samsung Knox€¦ · KNOX Standard and KNOX Premium SDKs: Samsung KNOX™...