public final class

MAMFileProtectionManager

extends Object
java.lang.Object
   ↳ com.microsoft.intune.mam.client.identity.MAMFileProtectionManager

Class Overview

File protection management facilities.

Summary

Public Methods
static MAMFileProtectionInfo getProtectionInfo(ParcelFileDescriptor file)
Get the protection info on a file descriptor.
static MAMFileProtectionInfo getProtectionInfo(Uri uri)
Get the protection info on a file accessed via a content URI.
static MAMFileProtectionInfo getProtectionInfo(File file)
Get the protection info on a file.
static boolean isBackupAllowed(File file)
Determines whether a file is allowed to be backed up or not.
static void protect(ParcelFileDescriptor file, String identity)
This method is deprecated. Use protectForOID(ParcelFileDescriptor, String).
static void protect(File file, String identity)
This method is deprecated. Use protectForOID(File, String).
static void protectForOID(File file, String oid)
Protect a file or directory.
static void protectForOID(ParcelFileDescriptor file, String oid)
Protect a file, generally one obtained from a content provider.
[Expand]
Inherited Methods
From class java.lang.Object

Public Methods

public static MAMFileProtectionInfo getProtectionInfo (ParcelFileDescriptor file)

Get the protection info on a file descriptor. If opening a file through a ContentResolver, prefer the overload taking a Uri, below.

Parameters
file Handle of file or directory to get information on.
Returns
  • File protection info, or null if there is no protection info.
Throws
IOException If the file cannot be read or opened.

public static MAMFileProtectionInfo getProtectionInfo (Uri uri)

Get the protection info on a file accessed via a content URI. This call will always be able to retrieve the identity (if there is one), even if opening a file descriptor or InputStream on the content URI would be blocked by policy. It should therefore be preferred when checking the identity of a file that will be read from a ContentResolver.

Parameters
uri Content URI.
Returns
  • File protection info, or null if there is no protection info.
Throws
IOException If the content provider file cannot be read or opened.

public static MAMFileProtectionInfo getProtectionInfo (File file)

Get the protection info on a file. This method should only be used if the file is located in the calling application's private storage or the device's shared storage. If opening a file with a content resolver, use the overload which takes a ParcelFileDescriptor instead.

Parameters
file File or directory to get information on.
Returns
  • File protection info or null if there was no protection info available on the file.
Throws
IOException If the file cannot be read or opened.

public static boolean isBackupAllowed (File file)

Determines whether a file is allowed to be backed up or not.

Parameters
file the file to check.
Returns
  • true if the file can be backed up, false if not.
Throws
IOException if there is an issue getting the protection info for the file.

public static void protect (ParcelFileDescriptor file, String identity)

This method is deprecated.
Use protectForOID(ParcelFileDescriptor, String).

Protect a file, generally one obtained from a content provider. This is intended to be used for sdcard (whether internal or removable) files accessed through the Storage Access Framework. It may also be used with descriptors referring to private files owned by this app. It is not intended to be used for files owned by other apps and such usage will fail. If creating a new file via a content provider exposed by another MAM-integrated app, the new file identity will automatically be set correctly if the ContentResolver in use was obtained via a Context with an identity or if the thread identity is set.

This will synchronously trigger whatever protection is required for the file, and will tag the file for future protection changes. If an identity is set on a directory, it is set recursively on all files and subdirectories. If MAM is operating in offline mode, this method will silently do nothing.

Parameters
file File to protect. This descriptor must be open for both read and write. Additionally, due to limitations in the encrypted filesystem view if the identity is one for which policy may be present, then the app should not be holding any other file descriptors on the same file which are open for write-only. If such descriptors are found, MAM will attempt to reopen them for read-write, but this will not be possible for descriptors obtained over a content provider or where the name in the filesystem has been unlinked.
identity UPN of identity to set.
Throws
IOException If the file cannot be protected.

public static void protect (File file, String identity)

This method is deprecated.
Use protectForOID(File, String).

Protect a file or directory. This will synchronously trigger whatever protection is required for the file, and will tag the file for future protection changes. If an identity is set on a directory, it is set recursively on all files and subdirectories. New files or directories will inherit their parent directory's identity. This method will silently do nothing (neither change an identity nor throw) in the following conditions:

  • MAM is operating in offline mode
  • The file is exempted from MAM file protection (such as .so and .apk files)

Parameters
file File to protect.
identity UPN of the identity to set.
Throws
IOException If the file cannot be protected.

public static void protectForOID (File file, String oid)

Protect a file or directory. This will synchronously trigger whatever protection is required for the file, and will tag the file for future protection changes. If an identity is set on a directory, it is set recursively on all files and subdirectories. New files or directories will inherit their parent directory's identity. This method will silently do nothing (neither change an identity nor throw) in the following conditions:

  • MAM is operating in offline mode
  • The file is exempted from MAM file protection (such as .so and .apk files)

Parameters
file File to protect.
oid AAD OID of the identity to set.
Throws
IOException If the file cannot be protected.

public static void protectForOID (ParcelFileDescriptor file, String oid)

Protect a file, generally one obtained from a content provider. This is intended to be used for sdcard (whether internal or removable) files accessed through the Storage Access Framework. It may also be used with descriptors referring to private files owned by this app. It is not intended to be used for files owned by other apps and such usage will fail. If creating a new file via a content provider exposed by another MAM-integrated app, the new file identity will automatically be set correctly if the ContentResolver in use was obtained via a Context with an identity or if the thread identity is set.

This will synchronously trigger whatever protection is required for the file, and will tag the file for future protection changes. If an identity is set on a directory, it is set recursively on all files and subdirectories. If MAM is operating in offline mode, this method will silently do nothing.

Parameters
file File to protect. This descriptor must be open for both read and write. Additionally, due to limitations in the encrypted filesystem view if the identity is one for which policy may be present, then the app should not be holding any other file descriptors on the same file which are open for write-only. If such descriptors are found, MAM will attempt to reopen them for read-write, but this will not be possible for descriptors obtained over a content provider or where the name in the filesystem has been unlinked.
oid AAD OID of identity to set.
Throws
IOException If the file cannot be protected.