Version2 - Samsung Knox€¦ · Knox Premium SDK v2.2 Release Notes iii Table of Contents ... to...

Samsung Telecommunications America

Knox Premium SDK

Release Notes

Version2.2

ii

Copyright notice

Copyright © 2013, Samsung Electronics. All rights reserved.

Document information

This document was last modified on Sept 25, 2014.

The current document version is 2.2

Contact information

Samsung B2B R&D Lab

Samsung Telecommunications America

3920 Freedom Circle, Suite 101, Santa Clara, CA 95054

Knox Premium SDK v2.2 Release Notes iii

Table of Contents

Introduction ...................................................................................................................... vi

Audience ......................................................................................................................................................... vi Notation Conventions .................................................................................................................................. vi

Notice icons .................................................................................................................................................................................. vi Text conventions ........................................................................................................................................................................ vi

Revision Information .................................................................................................................................. viii Document Organization ............................................................................................................................. viii Related Manuals ............................................................................................................................................ ix

Installation and Configuration ......................................................................................... 1

Supported Features ........................................................................................................... 2

New Feature and Enhancements .................................................................................... 11

Issues Fixed ....................................................................................................................... 12

Known Issues .................................................................................................................... 15

Knox Premium SDK v2.2 Release Notes iv

List of Figures No table of figures entries found.

Knox Premium SDK v2.2 Release Notes v

List of Tables No table of figures entries found.

Knox Premium SDK v2.2 Release Notes vi

Introduction

This release contains the policies released as part of the Enterprise Device Management KNOX

Project.

The Enterprise Device Management project is part of a broader on-going effort to make Samsung

Android Smart phones & Tablets enterprise friendly.

These policies are intended to be used by any Device Management client to enforce organization

specific policies on employee devices. MDM clients developed by Samsung Partners are intended

to make use of these policies to satisfy their and their customer’s requirements.

Audience

Enterprise Development Teams at

Samsung HQ (Suwon, South Korea)

MCL B2B (Santa Clara, USA)

SRB (Campinas, Brazil)

Samsung Partners.

Notation Conventions

Certain notation conventions are used throughout this document. These are described in the

following sections.

Notice icons

This manual uses the following notice icons.

Icon Alerts you to…

Note

Important features, instructions, or additional

relevant information.

Caution!

Information onconditions that can cause

unintended or adverse consequences.

Text conventions

This manual uses the following notation conventions.

Knox Premium SDK v2.2 Release Notes vii

Boldface emphasizes words in text such as screen or window names or commands that you

enter.

Italicsidentify new words or emphasizes phrases.

Monospace represents information as it appears on a display or in command syntax.

Knox Premium SDK v2.2 Release Notes viii

Revision Information

This document isversion 2.2of the Knox Premium SDKRelease Notes. The supported target

platform is Android KitKat.

The following table contains a summary of all the changes, amendments, and enhancements

made to this document to date.

Date Doc

Version

SDK

Version Description of changes Author

Dec 27, 2012 1.0 1.0 Base document version. SRA-Dallas

Jun 06, 2013 1.0 1.0 Review comments update SRA-Dallas

Jul 10, 2013 1.0.1 1.0.1

Added new KNOX 1.0.1 polices in Error! Reference

source not found. section

Removed KNOX Takeover APIs

MCL B2B

Oct 21, 2013 1.1.0 1.1.0 Added new KNOX 1.1.0 and 1.0.2 polices in Error!

Reference source not found. section MCL B2B

Mar 04, 2014 2.0 2.0

Added new KNOX 2.0 polices in Error! Reference source

not found. section. (Includes KNOX 1.2 APIs too)

Separated Smart Card (SC) SDK

MCL B2B

July08, 2014 2.1 2.1

Added new KNOX 2.1 polices in New Feature and

Enhancementssection.

Update on released KNOX 2.0 polices in Issues

Fixedsection.

MCL B2B

Sept 25, 2014 2.2 2.2

Updated Supported Features with all existing policies &

features till KNOX 2.1

Added new KNOX 2.2 polices in New Feature and

Enhancements section.

MCL B2B

Document Organization

This document is divided into the following chapters and appendixes.

Installation and ConfigurationError! Reference source not found.Error! Reference source

not found.Error! Reference source not found.Error! Reference source not found.explains

any details that are required to install and configure the current version of software.

Supported Features describes design features that are implemented.

Error! Reference source not found.describe features that are new to the current release and

enhancements to existing features.

Error! Reference source not found.describesissues in the current release that development

is aware of and attempting to address.

Issues Fixed lists issues that have been fixed in the current version of the software.

Knox Premium SDK v2.2 Release Notes ix

Related Manuals

Knox Premium SDK v2.2 Release Notes 1

Installation and Configuration

The Knox Premium SDK policies are currently developed on Android KitKat.

The required MDM client should be installed on this device and the new policies can be exercised.


Supported Features Policies

The following are the list of policies which have been developed in KNOX 2.1

Policy Group Policy KNOX

Version

Audit Log

Enable/Disable Audit Log Service KNOX 1.0

Manage/Monitor Audit Log Feature Parameters KNOX 1.0

Dump Audit Log Information KNOX 1.0

Additional Audit Log Features KNOX 1.0

Container Application Policy

group

Container Package management KNOX 1.0

Start/Stop an Application KNOX 1.0

Enable/Disable Application KNOX 1.0

Write data in application home directory. KNOX 1.0

Add/Get/Check/Remove the packages in the intall white list.

KNOX 1.0

Home shortcut KNOX 1.0

Prevent user from clear data certain application KNOX 1.0

Prevent user from clear cache certain application KNOX 1.0

Container Firewall Policy group

Application inside container based Firewall KNOX 1.0

Get active IPTABLES rules KNOX 1.0

Web Filtering / Reporting KNOX 1.0

Redirect Exceptions KNOX 1.0

Kernel routing table information KNOX 1.0

Container Allow/Disallow Camera KNOX 1.0


Restriction Policy Group

Allow/Disallow Share List KNOX 1.0

Allow/Disallow Use Secure Keyboard KNOX 1.0

Certificate Management

Manage trusted CA restriction list KNOX 1.0

Notify MDM admin of certificate failure events KNOX 1.0

Notify user of certificate failure events KNOX 1.0

Display to the user the identity of the entity that signed an application upon user request

KNOX 1.0

Manage untrusted certificate restriction list KNOX 1.0

Certificates Revocation Status Check KNOX 1.0

Certificate Validation at install time KNOX 1.0

Container VPN Policy group

Add/Remove Per App VPN in Container KNOX 1.0

List packages with VPN profile KNOX 1.0

Add/Remove VPN profile in Container KNOX 1.0

Enterprise Container

Management Policy group

Container Creation policy KNOX 1.0

Container removal policy KNOX 1.0

Container Information Policy KNOX 1.0

Container Activation/Deactivation policy KNOX 1.0

Container Activation/Deactivation policy KNOX 1.0

Container Password Policy

Group

Password Age IT policy rule KNOX 1.0

Maximum Password History IT policy rule KNOX 1.0

Minimum number of complex characters KNOX 1.0

Password Policy Delay KNOX 1.0

Password Change enforcement KNOX 1.0

Maximum password attempts for Container disable KNOX 1.0


Password Maximum Repeated Characters KNOX 1.0

Password Maximum Repeated Numerics KNOX 1.0

Password Forbidden Personal Data KNOX 1.0

Maximum Sequence of Characters KNOX 1.0

Minimum change in Password Characters KNOX 1.0

Enable / Disable Make password visible option KNOX 1.0

Password sufficient. KNOX 1.0

Enterprise Single-Sign-On

(Added late binding support)

. Get SSO error code

KNOX 1.0.1

Get EnterpriseSSOPolicy object KNOX 1.0.1

Enterprise ISL Group

Perform Prebaseline scan KNOX 1.0

First time device approval using MDM KNOX 1.0

Perform Integrity scan KNOX 1.0

Clear integrity baseline KNOX 1.0

Add 3rd party package to baseline KNOX 1.0

Remove3rd party package from baseline KNOX 1.0

Update the current baseline KNOX 1.0

Register callback with integrity service KNOX 1.0

Request binding to integrity service agent KNOX 1.0

Check if integrity service agent is ready KNOX 1.0

start the runtime Integrity monitoring KNOX 1.0

stop the runtime Integrity monitoring KNOX 1.0

get the List of ISA KNOX 2.0

Attestation

Start attestation KNOX 1.0.1

Start attestation with nonce KNOX 1.0.1


Set the attestation server URL KNOX 1.0.1

Get device KNOX id KNOX 1.0.1

KNOX Enterprise License

Management Activate KNOX Enterprise License

KNOX 1.0.1

Enterprise Premium VPN Policy Group

Connect/Disconnect Per app VPN KNOX 1.0

Set/Get certificates for authentication KNOX 1.0

Set/Get VPN Connections KNOX 1.0

Set/Get VPN mode KNOX 1.0

Enable/Disable Route and setting. KNOX 1.0

Remove VPN Connection KNOX 1.0

SEAndroid Policy Enforcement

Update SEAndroid Policy KNOX 1.0

Update Mapping of File Paths to Security Labels KNOX 1.0

Update Mapping of Android Properties to Security Labels KNOX 1.0

Update Mapping of Java Applications to Security Contexts

KNOX 1.0

Revoke SEAndroid policies KNOX 1.0

Get the SEAndroid Agent owner KNOX 1.0

Get the status of the SELinux property KNOX 1.0

Get AMS Enforce State KNOX 1.0

Get AMS Log Level KNOX 1.0

Set SELinux Enforcing KNOX 1.0

SmartCard Policy group

Enable/Disable SmartCard credentials for Email KNOX 1.0

Enable/Disable SmartCard Authentication for Browser KNOX 1.0



Set/get customer ID KNOX 1.0

Set Application whitelist KNOX 1.0

Delete Application whitelist KNOX 1.0

Delete Application whitelist state KNOX 1.0

Set Customer Information KNOX 1.0

Force user to re-authenticate KNOX 1.0

Unenroll user from SSO service KNOX 1.0

Enterprise Knox

Manager Get KNOX Version KNOX 1.0

Get Knoxified State KNOX 1.0

Enterprise Container Management Policy group

Container Activation/Deactivation Policy KNOX 1.0.2

Container Activation/Deactivation Policy KNOX 1.0.2

Generic VPN Policy Group

. Connect/Disconnect Per app VPN

KNOX 1.1.0

Set/Get Certificates for authentication KNOX 1.1.0

Set/Get VPN Connections KNOX 1.1.0

Set/Get VPN mode KNOX 1.1.0

Enhanced VPN Functionality KNOX 1.1.0

Remove VPN Connection KNOX 1.1.0

Get state/Error-status of the profile KNOX 1.1.0

SEAndroid

Policy

Enforcement

Get SELinux Mode KNOX 1.0.2

Get the SEInfo from PackageName KNOX 1.0.2

Get the SEInfo from Certificate KNOX 1.0.2

Get Domain from PackageName KNOX 1.0.2

Get Domain from SEInfo, PackageName KNOX 1.0.2

Get DataType from PackageName KNOX 1.0.2


Get DataType from SEInfo, PackageName KNOX 1.0.2

Update MAC Permission KNOX 1.0.2

Knox Enterprise

License Manager De-Activate license

KNOX 1.2

Container

Remote content

provider policy

group

Data sync management policy

KNOX 2.0

Container

Remote content

provider policy

group

File moving policy

KNOX 2.0

Container

Remote content

provider policy

group

Application moving policy

KNOX 2.0

Certificate

Management Prevent removal of certificates / resetingkeystore

KNOX 2.0

Certificate

Management Permit an application to read private keys

KNOX 2.0

Knox

Container

Management

Policy group

Container Creation policy

KNOX 2.0

Knox

Container

Management

Policy group

Container removal policy

KNOX 2.0

Knox

Container

Management

Policy group

Container Information Policy

KNOX 2.0

Knox

Container

Management

Container configuration policy KNOX 2.0


Policy group

Knox Container

Management

Policy group

Container Activation/Deactivation policy.

KNOX 2.0

Knox Container

Management

Policy group

Self Uninstall Policy

KNOX 2.0

Knox Enterprise

License Manager Activate license(non-admin)

KNOX 2.0

Knox Enterprise

License Manager De-Activate license (non-admin)

KNOX 2.0

SmartCard

Policy group

Enforce certificate alias name used for SmartCard credentials for S/MIME Email

KNOX 2.0

SmartCard

Policy group Bluetooth Secure Access to Card reader

KNOX 2.0

SmartCard

Policy group

Select certificate alias name for SmartCard Authentication with Browser

KNOX 2.0

Knox VPN

Management

Group

Connect/Disconnect Per app Vpn.

KNOX 2.0

Enterprise Knox Client Certificate Manager Policy Group

Manage Client Certificates

KNOX 2.0

Enterprise Knox

TIMA Keystore

Policy Group

Manage TIMA Keystore KNOX 2.0

SEAMS Manage SEAMs APIs KNOX 2.0

Advanced

Restriction

Policy

Manage Firmware Auto update KNOX 2.0

Advanced

Restriction

Policy

Manage CC Mode KNOX 2.0

Advanced

Restriction

Policy

Exclusive admin support KNOX 2.0


Advanced

Restriction

Policy

ODE Trusted Boot verification KNOX 2.0

Container

Smartcard

Access policy

Enable smartcard access policies inside container KNOX 2.0

Container

Configuration

policy

Add/Get/Check/Remove the packages in the install white list.

KNOX 2.0

Container

Configuration

policy

Allow/Disallow secure keypad usage IT policy rule

KNOX 2.0

Container

Configuration

policy

Container Activation/Deactivation policy

KNOX 2.0

Container

Configuration

policy

Resetting container password

KNOX 2.0


Push data to SSO service KNOX 2.0


Request setup SSO service KNOX 2.0


Check if EnterpriseSSOPolicy service is ready KNOX 2.0



KNOX 2.1

Enterprise Knox Certificate Enroll Policy Group

Certificate enrollment, renewal and deletion operations with different protocols like SCEP, CMC, CMP

KNOX 2.1

SEAMs Manage SEAMs APIs KNOX 2.1

Advanced

Restriction

Policy

API whether CC mode supported or not KNOX 2.1

Container

Configuration

policy

Reset container on reboot

KNOX 2.1


Container

Configuraton

Management

Policy Group

Password pattern restriction

KNOX 2.1

Container

Configuraton

Management

Policy Group

Light Weight Container (LWC) configuration

KNOX 2.1

Container

Configuraton

Management

Policy Group

Container Only Mode (COM) configuration

KNOX 2.1


New Feature and Enhancements Policies

The following are the list of policies which have been developed in KNOX 2.2


Version

Certificate Policy Group

Allow/Block installation of self signed applications KNOX 2.2

Enterprise Billing Policy Group

APN based Enterprise split billing KNOX 2.2

Container Management Policy Group

Remove Configuration Type KNOX 2.2

Container Management Policy Group

Create Container(Creation Param) KNOX 2.2

Container Configuration policy group.

Reset container password KNOX 2.2

Container

Configuration

Policy Group

Manage Hibernation Timeout KNOX 2.2

Container

Configuration

Policy Group

Manage Wi-Fi network SSID KNOX 2.2

Container

Configuration

Policy Group

Enable external sdcard. KNOX 2.2

Container

Configuration

Policy Group

Manage External Storage White and Black List KNOX 2.2

Container

Configuration

Policy Group

Manage Remote Control KNOX 2.2

Knox

Configuration

Type

MultiFactor Authentication

KNOX 2.2


Issues Fixed

1. The following are the list of helper APIs which have been deprecated and not supported in

KNOX 2.0


Version

Knox

Container

Configuration

Policy group

Container configuration policy

KnoxConfigurationType.setAirCommandEnabled()

KnoxConfigurationType.setAllowAllShare()

KnoxConfigurationType.setAllowCustomColorIdentification()

KnoxConfigurationType.setAllowDLNADataTransfer()

KnoxConfigurationType.setAllowExportAndDeleteFiles()

KnoxConfigurationType.setAllowExportFiles()

KnoxConfigurationType.setAllowImportFiles()

KnoxConfigurationType.setAllowPrint()

KnoxConfigurationType.setAllowShortCutCreation()

KnoxConfigurationType.setAllowUniversalCallerId()

KnoxConfigurationType.setCameraModeChangeEnabled()

KnoxConfigurationType.setGearSupportEnabled()

KnoxConfigurationType.setModifyLockScreenTimeout()

KnoxConfigurationType.setPenWindowEnabled()

KnoxConfigurationType.getAirCommandEnabled()

KnoxConfigurationType.getAllowAllShare()

KnoxConfigurationType.getAllowCustomColorIdentification()

KnoxConfigurationType.getAllowDLNADataTransfer()

KnoxConfigurationType.getAllowExportAndDeleteFiles()

KnoxConfigurationType.getAllowExportFiles()

KnoxConfigurationType.getAllowImportFiles()

KNOX 2.0


KnoxConfigurationType.getAllowPrint()

KnoxConfigurationType.getAllowShortCutCreation()

KnoxConfigurationType.getAllowUniversalCallerId()

KnoxConfigurationType.getCameraModeChangeEnabled()

KnoxConfigurationType.getGearSupportEnabled()

KnoxConfigurationType.getModifyLockScreenTimeout()

KnoxConfigurationType.getPenWindowEnabled()

2. The following are the list of APIs which have been removed in KNOX 2.0


Version



ClientCertificateManager.generateCSR()

ClientCertificateManager.installObject()

ClientCertificateManager.registerForDefaultCertificate()

KNOX 2.0

SEAMs Manage SEAMs APIs

SEAMS.getMDMOwnPolicyStatus()

SEAMS.revokeSELinuxPolicy()

SEAMS.setAllPolicyConfig(FileInputStreamfis, booleanreloadPolicy)

SEAMS.setFileContexts(byte[] fileContexts, booleanreloadPolicy)

SEAMS.setMDMOwnPolicyStatus()

SEAMS.setMacPermission(byte[] macPerm, booleanreloadPolicy)

SEAMS.setPropertyContexts(byte[] propertyContexts, booleanreloadPolicy)

SEAMS.setSEAppContexts(byte[] seAppContexts, booleanreloadPolicy)

SEAMS.setSELinuxPolicy(byte[] sePolicy,

KNOX 2.0


booleanreloadPolicy)

3. The following are the list of constants which have been deprecated and not supported in

KNOX 2.0

Class Constant KNOX

Version

RCPPolicy RCPPolicy.BOOKMARKS

RCPPolicy.CALL_LOG

RCPPolicy.CLIPBOARD

RCPPolicy.SHORTCUTS

RCPPolicy.SMS

KNOX 2.0

4. APIs description, sample code enhancement


Known Issues

Not applicable at time of release.

Version2 - Samsung Knox€¦ · Knox Premium SDK v2.2 Release Notes iii Table of Contents ... to...

Documents

Transcript of Version2 - Samsung Knox€¦ · Knox Premium SDK v2.2 Release Notes iii Table of Contents ... to...