Samsung Telecommunications America Knox Premium SDK Release Notes Version2.2
Samsung Telecommunications America
Knox Premium SDK
Release Notes
Version2.2
ii
Copyright notice
Copyright © 2013, Samsung Electronics. All rights reserved.
Document information
This document was last modified on Sept 25, 2014.
The current document version is 2.2
Contact information
Samsung B2B R&D Lab
Samsung Telecommunications America
3920 Freedom Circle, Suite 101, Santa Clara, CA 95054
Knox Premium SDK v2.2 Release Notes iii
Table of Contents
Introduction ...................................................................................................................... vi
Audience ......................................................................................................................................................... vi Notation Conventions .................................................................................................................................. vi
Notice icons .................................................................................................................................................................................. vi Text conventions ........................................................................................................................................................................ vi
Revision Information .................................................................................................................................. viii Document Organization ............................................................................................................................. viii Related Manuals ............................................................................................................................................ ix
Installation and Configuration ......................................................................................... 1
Supported Features ........................................................................................................... 2
New Feature and Enhancements .................................................................................... 11
Issues Fixed ....................................................................................................................... 12
Known Issues .................................................................................................................... 15
Knox Premium SDK v2.2 Release Notes iv
List of Figures No table of figures entries found.
Knox Premium SDK v2.2 Release Notes v
List of Tables No table of figures entries found.
Knox Premium SDK v2.2 Release Notes vi
Introduction
This release contains the policies released as part of the Enterprise Device Management KNOX
Project.
The Enterprise Device Management project is part of a broader on-going effort to make Samsung
Android Smart phones & Tablets enterprise friendly.
These policies are intended to be used by any Device Management client to enforce organization
specific policies on employee devices. MDM clients developed by Samsung Partners are intended
to make use of these policies to satisfy their and their customer’s requirements.
Audience
Enterprise Development Teams at
Samsung HQ (Suwon, South Korea)
MCL B2B (Santa Clara, USA)
SRB (Campinas, Brazil)
Samsung Partners.
Notation Conventions
Certain notation conventions are used throughout this document. These are described in the
following sections.
Notice icons
This manual uses the following notice icons.
Icon Alerts you to…
Note
Important features, instructions, or additional
relevant information.
Caution!
Information onconditions that can cause
unintended or adverse consequences.
Text conventions
This manual uses the following notation conventions.
Knox Premium SDK v2.2 Release Notes vii
Boldface emphasizes words in text such as screen or window names or commands that you
enter.
Italicsidentify new words or emphasizes phrases.
Monospace represents information as it appears on a display or in command syntax.
Knox Premium SDK v2.2 Release Notes viii
Revision Information
This document isversion 2.2of the Knox Premium SDKRelease Notes. The supported target
platform is Android KitKat.
The following table contains a summary of all the changes, amendments, and enhancements
made to this document to date.
Date Doc
Version
SDK
Version Description of changes Author
Dec 27, 2012 1.0 1.0 Base document version. SRA-Dallas
Jun 06, 2013 1.0 1.0 Review comments update SRA-Dallas
Jul 10, 2013 1.0.1 1.0.1
Added new KNOX 1.0.1 polices in Error! Reference
source not found. section
Removed KNOX Takeover APIs
MCL B2B
Oct 21, 2013 1.1.0 1.1.0 Added new KNOX 1.1.0 and 1.0.2 polices in Error!
Reference source not found. section MCL B2B
Mar 04, 2014 2.0 2.0
Added new KNOX 2.0 polices in Error! Reference source
not found. section. (Includes KNOX 1.2 APIs too)
Separated Smart Card (SC) SDK
MCL B2B
July08, 2014 2.1 2.1
Added new KNOX 2.1 polices in New Feature and
Enhancementssection.
Update on released KNOX 2.0 polices in Issues
Fixedsection.
MCL B2B
Sept 25, 2014 2.2 2.2
Updated Supported Features with all existing policies &
features till KNOX 2.1
Added new KNOX 2.2 polices in New Feature and
Enhancements section.
MCL B2B
Document Organization
This document is divided into the following chapters and appendixes.
Installation and ConfigurationError! Reference source not found.Error! Reference source
not found.Error! Reference source not found.Error! Reference source not found.explains
any details that are required to install and configure the current version of software.
Supported Features describes design features that are implemented.
Error! Reference source not found.describe features that are new to the current release and
enhancements to existing features.
Error! Reference source not found.describesissues in the current release that development
is aware of and attempting to address.
Issues Fixed lists issues that have been fixed in the current version of the software.
Knox Premium SDK v2.2 Release Notes ix
Related Manuals
Knox Premium SDK v2.2 Release Notes 1
Installation and Configuration
The Knox Premium SDK policies are currently developed on Android KitKat.
The required MDM client should be installed on this device and the new policies can be exercised.
Knox Premium SDK v2.2 Release Notes 2
Supported Features Policies
The following are the list of policies which have been developed in KNOX 2.1
Policy Group Policy KNOX
Version
Audit Log
Enable/Disable Audit Log Service KNOX 1.0
Manage/Monitor Audit Log Feature Parameters KNOX 1.0
Dump Audit Log Information KNOX 1.0
Additional Audit Log Features KNOX 1.0
Container Application Policy
group
Container Package management KNOX 1.0
Start/Stop an Application KNOX 1.0
Enable/Disable Application KNOX 1.0
Write data in application home directory. KNOX 1.0
Add/Get/Check/Remove the packages in the intall white list.
KNOX 1.0
Home shortcut KNOX 1.0
Prevent user from clear data certain application KNOX 1.0
Prevent user from clear cache certain application KNOX 1.0
Container Firewall Policy group
Application inside container based Firewall KNOX 1.0
Get active IPTABLES rules KNOX 1.0
Web Filtering / Reporting KNOX 1.0
Redirect Exceptions KNOX 1.0
Kernel routing table information KNOX 1.0
Container Allow/Disallow Camera KNOX 1.0
Knox Premium SDK v2.2 Release Notes 3
Restriction Policy Group
Allow/Disallow Share List KNOX 1.0
Allow/Disallow Use Secure Keyboard KNOX 1.0
Certificate Management
Manage trusted CA restriction list KNOX 1.0
Notify MDM admin of certificate failure events KNOX 1.0
Notify user of certificate failure events KNOX 1.0
Display to the user the identity of the entity that signed an application upon user request
KNOX 1.0
Manage untrusted certificate restriction list KNOX 1.0
Certificates Revocation Status Check KNOX 1.0
Certificate Validation at install time KNOX 1.0
Container VPN Policy group
Add/Remove Per App VPN in Container KNOX 1.0
List packages with VPN profile KNOX 1.0
Add/Remove VPN profile in Container KNOX 1.0
Enterprise Container
Management Policy group
Container Creation policy KNOX 1.0
Container removal policy KNOX 1.0
Container Information Policy KNOX 1.0
Container Activation/Deactivation policy KNOX 1.0
Container Activation/Deactivation policy KNOX 1.0
Container Password Policy
Group
Password Age IT policy rule KNOX 1.0
Maximum Password History IT policy rule KNOX 1.0
Minimum number of complex characters KNOX 1.0
Password Policy Delay KNOX 1.0
Password Change enforcement KNOX 1.0
Maximum password attempts for Container disable KNOX 1.0
Knox Premium SDK v2.2 Release Notes 4
Password Maximum Repeated Characters KNOX 1.0
Password Maximum Repeated Numerics KNOX 1.0
Password Forbidden Personal Data KNOX 1.0
Maximum Sequence of Characters KNOX 1.0
Minimum change in Password Characters KNOX 1.0
Enable / Disable Make password visible option KNOX 1.0
Password sufficient. KNOX 1.0
Enterprise Single-Sign-On
(Added late binding support)
. Get SSO error code
KNOX 1.0.1
Get EnterpriseSSOPolicy object KNOX 1.0.1
Enterprise ISL Group
Perform Prebaseline scan KNOX 1.0
First time device approval using MDM KNOX 1.0
Perform Integrity scan KNOX 1.0
Clear integrity baseline KNOX 1.0
Add 3rd party package to baseline KNOX 1.0
Remove3rd party package from baseline KNOX 1.0
Update the current baseline KNOX 1.0
Register callback with integrity service KNOX 1.0
Request binding to integrity service agent KNOX 1.0
Check if integrity service agent is ready KNOX 1.0
start the runtime Integrity monitoring KNOX 1.0
stop the runtime Integrity monitoring KNOX 1.0
get the List of ISA KNOX 2.0
Attestation
Start attestation KNOX 1.0.1
Start attestation with nonce KNOX 1.0.1
Knox Premium SDK v2.2 Release Notes 5
Set the attestation server URL KNOX 1.0.1
Get device KNOX id KNOX 1.0.1
KNOX Enterprise License
Management Activate KNOX Enterprise License
KNOX 1.0.1
Enterprise Premium VPN Policy Group
Connect/Disconnect Per app VPN KNOX 1.0
Set/Get certificates for authentication KNOX 1.0
Set/Get VPN Connections KNOX 1.0
Set/Get VPN mode KNOX 1.0
Enable/Disable Route and setting. KNOX 1.0
Remove VPN Connection KNOX 1.0
SEAndroid Policy Enforcement
Update SEAndroid Policy KNOX 1.0
Update Mapping of File Paths to Security Labels KNOX 1.0
Update Mapping of Android Properties to Security Labels KNOX 1.0
Update Mapping of Java Applications to Security Contexts
KNOX 1.0
Revoke SEAndroid policies KNOX 1.0
Get the SEAndroid Agent owner KNOX 1.0
Get the status of the SELinux property KNOX 1.0
Get AMS Enforce State KNOX 1.0
Get AMS Log Level KNOX 1.0
Set SELinux Enforcing KNOX 1.0
SmartCard Policy group
Enable/Disable SmartCard credentials for Email KNOX 1.0
Enable/Disable SmartCard Authentication for Browser KNOX 1.0
Knox Premium SDK v2.2 Release Notes 6
Enterprise Single-Sign-On
Set/get customer ID KNOX 1.0
Set Application whitelist KNOX 1.0
Delete Application whitelist KNOX 1.0
Delete Application whitelist state KNOX 1.0
Set Customer Information KNOX 1.0
Force user to re-authenticate KNOX 1.0
Unenroll user from SSO service KNOX 1.0
Enterprise Knox
Manager Get KNOX Version KNOX 1.0
Get Knoxified State KNOX 1.0
Enterprise Container Management Policy group
Container Activation/Deactivation Policy KNOX 1.0.2
Container Activation/Deactivation Policy KNOX 1.0.2
Generic VPN Policy Group
. Connect/Disconnect Per app VPN
KNOX 1.1.0
Set/Get Certificates for authentication KNOX 1.1.0
Set/Get VPN Connections KNOX 1.1.0
Set/Get VPN mode KNOX 1.1.0
Enhanced VPN Functionality KNOX 1.1.0
Remove VPN Connection KNOX 1.1.0
Get state/Error-status of the profile KNOX 1.1.0
SEAndroid
Policy
Enforcement
Get SELinux Mode KNOX 1.0.2
Get the SEInfo from PackageName KNOX 1.0.2
Get the SEInfo from Certificate KNOX 1.0.2
Get Domain from PackageName KNOX 1.0.2
Get Domain from SEInfo, PackageName KNOX 1.0.2
Get DataType from PackageName KNOX 1.0.2
Knox Premium SDK v2.2 Release Notes 7
Get DataType from SEInfo, PackageName KNOX 1.0.2
Update MAC Permission KNOX 1.0.2
Knox Enterprise
License Manager De-Activate license
KNOX 1.2
Container
Remote content
provider policy
group
Data sync management policy
KNOX 2.0
Container
Remote content
provider policy
group
File moving policy
KNOX 2.0
Container
Remote content
provider policy
group
Application moving policy
KNOX 2.0
Certificate
Management Prevent removal of certificates / resetingkeystore
KNOX 2.0
Certificate
Management Permit an application to read private keys
KNOX 2.0
Knox
Container
Management
Policy group
Container Creation policy
KNOX 2.0
Knox
Container
Management
Policy group
Container removal policy
KNOX 2.0
Knox
Container
Management
Policy group
Container Information Policy
KNOX 2.0
Knox
Container
Management
Container configuration policy KNOX 2.0
Knox Premium SDK v2.2 Release Notes 8
Policy group
Knox Container
Management
Policy group
Container Activation/Deactivation policy.
KNOX 2.0
Knox Container
Management
Policy group
Self Uninstall Policy
KNOX 2.0
Knox Enterprise
License Manager Activate license(non-admin)
KNOX 2.0
Knox Enterprise
License Manager De-Activate license (non-admin)
KNOX 2.0
SmartCard
Policy group
Enforce certificate alias name used for SmartCard credentials for S/MIME Email
KNOX 2.0
SmartCard
Policy group Bluetooth Secure Access to Card reader
KNOX 2.0
SmartCard
Policy group
Select certificate alias name for SmartCard Authentication with Browser
KNOX 2.0
Knox VPN
Management
Group
Connect/Disconnect Per app Vpn.
KNOX 2.0
Enterprise Knox Client Certificate Manager Policy Group
Manage Client Certificates
KNOX 2.0
Enterprise Knox
TIMA Keystore
Policy Group
Manage TIMA Keystore KNOX 2.0
SEAMS Manage SEAMs APIs KNOX 2.0
Advanced
Restriction
Policy
Manage Firmware Auto update KNOX 2.0
Advanced
Restriction
Policy
Manage CC Mode KNOX 2.0
Advanced
Restriction
Policy
Exclusive admin support KNOX 2.0
Knox Premium SDK v2.2 Release Notes 9
Advanced
Restriction
Policy
ODE Trusted Boot verification KNOX 2.0
Container
Smartcard
Access policy
Enable smartcard access policies inside container KNOX 2.0
Container
Configuration
policy
Add/Get/Check/Remove the packages in the install white list.
KNOX 2.0
Container
Configuration
policy
Allow/Disallow secure keypad usage IT policy rule
KNOX 2.0
Container
Configuration
policy
Container Activation/Deactivation policy
KNOX 2.0
Container
Configuration
policy
Resetting container password
KNOX 2.0
Enterprise Single-Sign-On
Push data to SSO service KNOX 2.0
Enterprise Single-Sign-On
Request setup SSO service KNOX 2.0
Enterprise Single-Sign-On
Check if EnterpriseSSOPolicy service is ready KNOX 2.0
Enterprise Knox Client Certificate Manager Policy Group
Manage Client Certificates
KNOX 2.1
Enterprise Knox Certificate Enroll Policy Group
Certificate enrollment, renewal and deletion operations with different protocols like SCEP, CMC, CMP
KNOX 2.1
SEAMs Manage SEAMs APIs KNOX 2.1
Advanced
Restriction
Policy
API whether CC mode supported or not KNOX 2.1
Container
Configuration
policy
Reset container on reboot
KNOX 2.1
Knox Premium SDK v2.2 Release Notes 10
Container
Configuraton
Management
Policy Group
Password pattern restriction
KNOX 2.1
Container
Configuraton
Management
Policy Group
Light Weight Container (LWC) configuration
KNOX 2.1
Container
Configuraton
Management
Policy Group
Container Only Mode (COM) configuration
KNOX 2.1
Knox Premium SDK v2.2 Release Notes 11
New Feature and Enhancements Policies
The following are the list of policies which have been developed in KNOX 2.2
Policy Group Policy KNOX
Version
Certificate Policy Group
Allow/Block installation of self signed applications KNOX 2.2
Enterprise Billing Policy Group
APN based Enterprise split billing KNOX 2.2
Container Management Policy Group
Remove Configuration Type KNOX 2.2
Container Management Policy Group
Create Container(Creation Param) KNOX 2.2
Container Configuration policy group.
Reset container password KNOX 2.2
Container
Configuration
Policy Group
Manage Hibernation Timeout KNOX 2.2
Container
Configuration
Policy Group
Manage Wi-Fi network SSID KNOX 2.2
Container
Configuration
Policy Group
Enable external sdcard. KNOX 2.2
Container
Configuration
Policy Group
Manage External Storage White and Black List KNOX 2.2
Container
Configuration
Policy Group
Manage Remote Control KNOX 2.2
Knox
Configuration
Type
MultiFactor Authentication
KNOX 2.2
Knox Premium SDK v2.2 Release Notes 12
Issues Fixed
1. The following are the list of helper APIs which have been deprecated and not supported in
KNOX 2.0
Policy Group Policy KNOX
Version
Knox
Container
Configuration
Policy group
Container configuration policy
KnoxConfigurationType.setAirCommandEnabled()
KnoxConfigurationType.setAllowAllShare()
KnoxConfigurationType.setAllowCustomColorIdentification()
KnoxConfigurationType.setAllowDLNADataTransfer()
KnoxConfigurationType.setAllowExportAndDeleteFiles()
KnoxConfigurationType.setAllowExportFiles()
KnoxConfigurationType.setAllowImportFiles()
KnoxConfigurationType.setAllowPrint()
KnoxConfigurationType.setAllowShortCutCreation()
KnoxConfigurationType.setAllowUniversalCallerId()
KnoxConfigurationType.setCameraModeChangeEnabled()
KnoxConfigurationType.setGearSupportEnabled()
KnoxConfigurationType.setModifyLockScreenTimeout()
KnoxConfigurationType.setPenWindowEnabled()
KnoxConfigurationType.getAirCommandEnabled()
KnoxConfigurationType.getAllowAllShare()
KnoxConfigurationType.getAllowCustomColorIdentification()
KnoxConfigurationType.getAllowDLNADataTransfer()
KnoxConfigurationType.getAllowExportAndDeleteFiles()
KnoxConfigurationType.getAllowExportFiles()
KnoxConfigurationType.getAllowImportFiles()
KNOX 2.0
Knox Premium SDK v2.2 Release Notes 13
KnoxConfigurationType.getAllowPrint()
KnoxConfigurationType.getAllowShortCutCreation()
KnoxConfigurationType.getAllowUniversalCallerId()
KnoxConfigurationType.getCameraModeChangeEnabled()
KnoxConfigurationType.getGearSupportEnabled()
KnoxConfigurationType.getModifyLockScreenTimeout()
KnoxConfigurationType.getPenWindowEnabled()
2. The following are the list of APIs which have been removed in KNOX 2.0
Policy Group Policy KNOX
Version
Enterprise Knox Client Certificate Manager Policy Group
Manage Client Certificates
ClientCertificateManager.generateCSR()
ClientCertificateManager.installObject()
ClientCertificateManager.registerForDefaultCertificate()
KNOX 2.0
SEAMs Manage SEAMs APIs
SEAMS.getMDMOwnPolicyStatus()
SEAMS.revokeSELinuxPolicy()
SEAMS.setAllPolicyConfig(FileInputStreamfis, booleanreloadPolicy)
SEAMS.setFileContexts(byte[] fileContexts, booleanreloadPolicy)
SEAMS.setMDMOwnPolicyStatus()
SEAMS.setMacPermission(byte[] macPerm, booleanreloadPolicy)
SEAMS.setPropertyContexts(byte[] propertyContexts, booleanreloadPolicy)
SEAMS.setSEAppContexts(byte[] seAppContexts, booleanreloadPolicy)
SEAMS.setSELinuxPolicy(byte[] sePolicy,
KNOX 2.0
Knox Premium SDK v2.2 Release Notes 14
booleanreloadPolicy)
3. The following are the list of constants which have been deprecated and not supported in
KNOX 2.0
Class Constant KNOX
Version
RCPPolicy RCPPolicy.BOOKMARKS
RCPPolicy.CALL_LOG
RCPPolicy.CLIPBOARD
RCPPolicy.SHORTCUTS
RCPPolicy.SMS
KNOX 2.0
4. APIs description, sample code enhancement
Knox Premium SDK v2.2 Release Notes 15
Known Issues
Not applicable at time of release.