IBM Support

Enhancements to cross profile intent filter policy

Release Notes


Abstract

MaaS360 supports cross-profile intent filters for Profile Owner enrollments. These intent filters allow intents from the work profile to access the personal profile or vice versa. In the previous releases, with the limited attributes (Action, Category, and Mime Type), administrators could not declare intent filters for important tasks that involve attributes such as Scheme. For example, administrators could not define intents to allow a webpage opened in Google Chrome in personal profile to start Secure Mail in work profile with mailto: URL because the intent has no mime type and only data.

Content

Effective 10.78, MaaS360 adds the following new attributes to allow administrators to define advanced intent filters:

Scheme
  • Matches the scheme part of the data URL in the intent.
Authority host
  • Matches the hostname of the data URL in the intent.
  • Scheme must be defined for this policy to have any effect.
Authority port
  • Matches the port of the data URL in the intent.
  • Scheme and Authority host must be defined for this policy to have any effect.
Path
  • Matches the Path of the data URL in the intent.
  • The path must include the leading slash "/" character. It does not include anything after "?" or "#" characters in the URL.
  • Scheme and Authority host must be defined for this to have any effect.
  • Pattern matching is used to match wildcard strings. See below.
Scheme specific part
  • Matches the scheme specific part of the data URL in the intent.
  • This is an advanced option that allows full control over the URL matching.
  • A scheme specific part is anything between the ":" and the "#" characters in the URL.
  • Scheme must be defined, and Authority port, Authority host and Path must not be defined for this to have any effect.
  • Pattern matching is used to match wildcard strings. See below.

Pattern matching:

  • A simple pattern matching is used to match path patterns or scheme specific parts.
  • Use the star character "*" to match the character immediately before the star any number of times. A dot "." matches anything.
  • To escape the * character itself, use "\*". To escape the \ character, use "\\".
  • For example:
    • "/path1/path2/.*" would match any string that starts in "/path1/path2"
    • ".*/path1/path2" would match any string that ends in "/path1/path2"
    • ".*/path1/path2.*" would match any string that contains "/path1/path2" anywhere in the string.

Examples:

https://hostname/path1/path2 https hostname <empty> /path1/path2 //hostname/path1/path2
https://hostname:443/path1/path2 https hostname 443 /path1/path2 //hostname:443/path1/path2
https://hostname/path1/path2/path3/webpage.html#section1 https hostname <empty> /path1/path2/path3/webpage.html //hostname/path1/path2/path3/webpage.html
https://hostname/path1/path2/path3/webpage.html?query=answer#section1 https hostname <empty> /path1/path2/path3/webpage.html //hostname/path1/path2/path3/webpage.html?query=answer

mailto:test@test.com

 mailto <empty> <empty> <empty> test@test.com

For more information on attributes, see https://developer.android.com/guide/topics/manifest/data-element

To define advanced intent filters, navigate to MDM policies > Android Enterprise Settings > Security > Work Profile-specific Settings and then select Enable Personal Profile Intent Filters from Work Profile or Enable Work Profile Intent Filters from Personal Profile.

intent policy

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSYSXX","label":"IBM MaaS360"},"ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
09 March 2021

UID

ibm16220948

Page Feedback