Back to top
Home / Fundamentals / SDK licenses / Tutorial /

Declare Knox permissions

Last updated December 18th, 2023

With Knox v3.0, we introduced selective permissions so that you can declare only the permissions that your app uses. This topic shows you how to declare these permissions, and how to handle app permissions dynamically at runtime instead of prompting the user when the application is installed.

Selective permissions allow you to present app users with a simple dialog listing only the permissions needed to run your app. The Knox system grants your app access to only the permissions you declare in your Android manifest.

Declare permissions

The selective permissions feature is optional.

  • If your app does not declare the meta tag, it gets all permissions by default. MDM apps that support the Knox Service Plugin must use this option, as the Knox Service Plugin requires all Knox permissions.

  • If your app does declare the meta tag, it gets only the selected permissions.

To use selective permissions:

  1. Find your required Knox permissions in the API reference. For example, Knox Peripheral APIs require the permission com.samsung.android.knox.permission.KNOX_NDA_PERIPHERAL_RT.

  2. Update the Android manifest file:

<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android" package="com.samsung.knoxsdksample">
    <!-- Declare the Knox permissions used by this app -->
    <uses-permission android:name="com.samsung.android.knox.permission.KNOX_NDA_PERIPHERAL_RT"/>
    <application>
        <!-- Enable the selective Knox permissions -->
        <meta-data android:name="com.samsung.knoxlicense.permissions" android:value="true"/>
    </application>
</manifest>

To check for a permission at runtime, and request it if it isn’t yet granted:

private static final String NON_DA_RUNTIME_PERMISSION =
    "com.samsung.android.knox.permission.KNOX_NDA_PERIPHERAL_RT";
if (ContextCompat.checkSelfPermission(mContext, NON_DA_RUNTIME_PERMISSION) != PackageManager.PERMISSION_GRANTED) {
    requestPermissions(new String[] {
        NON_DA_RUNTIME_PERMISSION
    }, 0);
}

See also:

On this page

Is this page helpful?