Friday, 3 May 2024
blog

Enterprise Roaming

5 0

Enterprise Roaming

Using the Knox SDK APIS, you can control app data usage while roaming.

Check network state change

You must listen for network state change to block personal apps over a roaming network and to unblock them when switching to a non-roaming network. Use the isRoaming() API from the android.net.NetworkInfo class to check if the device is currently roaming or not.

To listen for network state change:

  1. Register a BroadcastReceiver to listen to connectivity changes. On receiving the broadcast, add/remove blocking rules to/from the IPtable.
  2. Register a BroadcastReceiver to listen to BOOT_COMPLETED broadcast. This action checks the current network state on device boot. On receiving the broadcast, if the network state has changed on device boot, blocking rules must be added/removed from the IPtable.

Add or remove rules

You must add or remove rules to block mobile data access for personal apps, based on the current network state of the device. To do this, use the APIs in com.samsung.android.knox.net.firewall.

When the device is roaming use addIptablesDenyRules(List<String> rulesList) , to block mobile data access for personal apps. Add the following deny rule:

  • To block mobile data access for all apps outside the container: rulesList.add("*:*;*;*;data");
  • To block mobile data access for specific app: rulesList.add("*:*;*;<package name>;data");

When the device switches to a non-roaming network, to remove the deny rules (that were added previously) use the removeIptablesDenyRules(List<String> rulesList) API.

Enable or disable rules

Use the setIptablesOption(boolean status) API to enable or disable all allow, deny, reroute, and redirect exception rules on iptables. To use this API, you must have added rules earlier, otherwise this API returns a failure.

To use the firewall policy APIs, you must have the "com.samsung.android.knox.permission.KNOX_FIREWALL" permission.

Implementing Enterprise Roaming into an app

The following examples illustrate how to enable enterprise-only roaming

//Blocking single personal app
private void blockPersonalApp(String packageName) {          
EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
Firewall firewall = edm.getFirewall();
FirewallRule[] rules = new FirewallRule[1];

// To Add a Deny Rule for the Whole Personal Space
        rules[0] = new FirewallRule(RuleType.DENY, AddressType.IPV4);
        rules[0].setIpAddress("*");
        rules[0].setPortNumber("*");
        rules[0].setPackageName(packageName);
        rules[0].setNetworkInterface(NetworkInterface.MOBILE_DATA_ONLY);
        firewall.addRules(rules);
        firewall.enableFirewall(true);
    }
    
//Unblocking a single personal app
    private void unblockPersonalApp(String packageName) {
        EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
        Firewall firewall = edm.getFirewall();
        FirewallRule[] rules = new FirewallRule[1];

// To Remove a Deny Rule for a Specific Application
        rules[0] = new FirewallRule(RuleType.DENY, AddressType.IPV4);
        rules[0].setIpAddress("*");
        rules[0].setPortNumber("*");
        rules[0].setPackageName(packageName);
        rules[0].setNetworkInterface(NetworkInterface.MOBILE_DATA_ONLY);
        firewall.removeRules(rules);
        firewall.enableFirewall(true);
    }
 
   //Blocking the complete personal space apps
    private void blockPersonalSpace() {
        EnterpriseDeviceManager edm = (EnterpriseDeviceManager) Context.getSystemService(EnterpriseDeviceManager.
                ENTERPRISE_POLICY_SERVICE);
        Firewall firewall = edm.getFirewall();
        FirewallRule[] rules = new FirewallRule[1];
// To Add a Deny Rule for the Whole Personal Space
        rules[0] = new FirewallRule(RuleType.DENY, AddressType.IPV4);
        rules[0].setIpAddress("*");
        rules[0].setPortNumber("*");
        rules[0].setPackageName("*");
        rules[0].setNetworkInterface(NetworkInterface.MOBILE_DATA_ONLY);
        firewall.addRules(rules);
        firewall.enableFirewall(true);
    }
 
   //Unblocking the complete personal space apps
    private void unblockPersonalSpace() 
    EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
    Firewall firewall = edm.getFirewall();
    FirewallRule[] rules = new FirewallRule[1];


// To Remove a Deny Rule for the Whole Personal Space
        rules[0] = new FirewallRule(RuleType.DENY, AddressType.IPV4);
        rules[0].setIpAddress("*");
        rules[0].setPortNumber("*");
        rules[0].setPackageName("*");
        rules[0].setNetworkInterface(NetworkInterface.MOBILE_DATA_ONLY);
        firewall.removeRules(rules);
        firewall.enableFirewall(true);
    }

Post Comment

CFDs are complex instruments and come with a high risk of losing money rapidly due to leverage. 81% of retail investor accounts lose money when trading CFDs with this provider. You should consider whether you understand how CFDs work and whether you can afford to take the high risk of losing your money.