MAMFileProtectionManager
extends Object| java.lang.Object | |
| ↳ | com.microsoft.intune.mam.client.identity.MAMFileProtectionManager |
Class Overview
File protection management facilities.
Summary
| Public Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| static MAMFileProtectionInfo |
getProtectionInfo(ParcelFileDescriptor file)
Get the protection info on a file descriptor.
| ||||||||||
| static MAMFileProtectionInfo |
getProtectionInfo(Uri uri)
Get the protection info on a file accessed via a content URI.
| ||||||||||
| static MAMFileProtectionInfo |
getProtectionInfo(File file)
Get the protection info on a file.
| ||||||||||
| static boolean |
isBackupAllowed(File file)
Determines whether a file is allowed to be backed up or not.
| ||||||||||
| static void |
protect(ParcelFileDescriptor file, String identity)
This method is deprecated.
Use
protectForOID(ParcelFileDescriptor, String).
| ||||||||||
| static void |
protect(File file, String identity)
This method is deprecated.
Use
protectForOID(File, String).
| ||||||||||
| static void |
protectForOID(File file, String oid)
Protect a file or directory.
| ||||||||||
| static void |
protectForOID(ParcelFileDescriptor file, String oid)
Protect a file, generally one obtained from a content provider.
| ||||||||||
|
[Expand]
Inherited Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
From class
java.lang.Object
| |||||||||||
Public Methods
public static MAMFileProtectionInfo getProtectionInfo (ParcelFileDescriptor file)
Get the protection info on a file descriptor. If opening a file through a ContentResolver, prefer the overload taking a Uri, below.
Parameters
| file | Handle of file or directory to get information on. |
|---|
Returns
- File protection info, or null if there is no protection info.
Throws
| IOException | If the file cannot be read or opened. |
|---|
public static MAMFileProtectionInfo getProtectionInfo (Uri uri)
Get the protection info on a file accessed via a content URI. This call will always be able to retrieve the identity (if there is one), even if opening a file descriptor or InputStream on the content URI would be blocked by policy. It should therefore be preferred when checking the identity of a file that will be read from a ContentResolver.
Parameters
| uri | Content URI. |
|---|
Returns
- File protection info, or null if there is no protection info.
Throws
| IOException | If the content provider file cannot be read or opened. |
|---|
public static MAMFileProtectionInfo getProtectionInfo (File file)
Get the protection info on a file. This method should only be used if the file is located in the calling application's private storage or the device's shared storage. If opening a file with a content resolver, use the overload which takes a ParcelFileDescriptor instead.
Parameters
| file | File or directory to get information on. |
|---|
Returns
- File protection info or null if there was no protection info available on the file.
Throws
| IOException | If the file cannot be read or opened. |
|---|
public static boolean isBackupAllowed (File file)
Determines whether a file is allowed to be backed up or not.
Parameters
| file | the file to check. |
|---|
Returns
- true if the file can be backed up, false if not.
Throws
| IOException | if there is an issue getting the protection info for the file. |
|---|
public static void protect (ParcelFileDescriptor file, String identity)
This method is deprecated.
Use protectForOID(ParcelFileDescriptor, String).
Protect a file, generally one obtained from a content provider. This is intended to be used for sdcard (whether internal or removable) files accessed through the Storage Access Framework. It may also be used with descriptors referring to private files owned by this app. It is not intended to be used for files owned by other apps and such usage will fail. If creating a new file via a content provider exposed by another MAM-integrated app, the new file identity will automatically be set correctly if the ContentResolver in use was obtained via a Context with an identity or if the thread identity is set.
This will synchronously trigger whatever protection is required for the file, and will tag the file for future protection changes. If an identity is set on a directory, it is set recursively on all files and subdirectories. If MAM is operating in offline mode, this method will silently do nothing.
Parameters
| file | File to protect. This descriptor must be open for both read and write. Additionally, due to limitations in the encrypted filesystem view if the identity is one for which policy may be present, then the app should not be holding any other file descriptors on the same file which are open for write-only. If such descriptors are found, MAM will attempt to reopen them for read-write, but this will not be possible for descriptors obtained over a content provider or where the name in the filesystem has been unlinked. |
|---|---|
| identity | UPN of identity to set. |
Throws
| IOException | If the file cannot be protected. |
|---|
public static void protect (File file, String identity)
This method is deprecated.
Use protectForOID(File, String).
Protect a file or directory. This will synchronously trigger whatever protection is required for the file, and will tag the file for future protection changes. If an identity is set on a directory, it is set recursively on all files and subdirectories. New files or directories will inherit their parent directory's identity. This method will silently do nothing (neither change an identity nor throw) in the following conditions:
- MAM is operating in offline mode
- The file is exempted from MAM file protection (such as .so and .apk files)
Parameters
| file | File to protect. |
|---|---|
| identity | UPN of the identity to set. |
Throws
| IOException | If the file cannot be protected. |
|---|
public static void protectForOID (File file, String oid)
Protect a file or directory. This will synchronously trigger whatever protection is required for the file, and will tag the file for future protection changes. If an identity is set on a directory, it is set recursively on all files and subdirectories. New files or directories will inherit their parent directory's identity. This method will silently do nothing (neither change an identity nor throw) in the following conditions:
- MAM is operating in offline mode
- The file is exempted from MAM file protection (such as .so and .apk files)
Parameters
| file | File to protect. |
|---|---|
| oid | AAD OID of the identity to set. |
Throws
| IOException | If the file cannot be protected. |
|---|
public static void protectForOID (ParcelFileDescriptor file, String oid)
Protect a file, generally one obtained from a content provider. This is intended to be used for sdcard (whether internal or removable) files accessed through the Storage Access Framework. It may also be used with descriptors referring to private files owned by this app. It is not intended to be used for files owned by other apps and such usage will fail. If creating a new file via a content provider exposed by another MAM-integrated app, the new file identity will automatically be set correctly if the ContentResolver in use was obtained via a Context with an identity or if the thread identity is set.
This will synchronously trigger whatever protection is required for the file, and will tag the file for future protection changes. If an identity is set on a directory, it is set recursively on all files and subdirectories. If MAM is operating in offline mode, this method will silently do nothing.
Parameters
| file | File to protect. This descriptor must be open for both read and write. Additionally, due to limitations in the encrypted filesystem view if the identity is one for which policy may be present, then the app should not be holding any other file descriptors on the same file which are open for write-only. If such descriptors are found, MAM will attempt to reopen them for read-write, but this will not be possible for descriptors obtained over a content provider or where the name in the filesystem has been unlinked. |
|---|---|
| oid | AAD OID of identity to set. |
Throws
| IOException | If the file cannot be protected. |
|---|