About the Knox SDK

Knox SDK extends the functionality of the standard Android SDK to provide granular access to device features, security options, customization settings, and more. Create tailored solutions by remapping hardware keys, designing kiosks, deploying policies by geographical location, and customizing the booting animation. Keep sensitive enterprise data secure by restricting access to settings, pre-configuring VPN and firewall settings, and allowing and blocking apps.

This section describes the general architecture of the SDK and how to access its classes and methods.

Audience

The has many applications and can be used by a wide array of developers:

• Mobile Device Management (MDM) vendors — These developers create device-based Android apps that take commands OTA from web consoles being used by IT Admins to manage enterprise devices. See Features > MDM providers for more information.
• System Integrators (SI) — These developers create purpose-built devices for vertical markets, for example, informational kiosks for hospitality, in-flight entertainment systems for airlines, or point-of-sales devices for the retail industry. See the Features > System Integrators section for more information.
• Independent Software Vendors (ISV) — These developers might be using just a few features in the SDK to enhance their apps, for example, using attestation to ensure that a Samsung devices has not been rooted or Sensitive Data Protection (SDP to add another layer of data security for their app. See the Features > Independent Software Vendors section for more information.

Knox SDK components

See the Knox SDK API reference for a full overview of all the classes and packages contained in the Knox SDK.

Public interface to get policy objects

These classes provide a large number of device management capabilities at the system level, allowing enterprises to enforce enterprise specific policies by providing a finer-grained control over employee devices.

See About containers for more information on how EnterpriseKnoxManager can be used.

Example: Call a Knox API

In these examples, we call APIs from the following the classes above:

EnterpriseDeviceManager

1. Instantiate the EnterpriseDeviceManager.
2. Access the desired class required to modify Android behaviour.
3. Call the relevant API from EnterpriseDeviceManager.

For example, through EnterpriseDeviceManager, you access the RestrictionPolicy class. Inside RestrictionPolicy, you disable camera with SetCameraState.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     // Disable camera. Other applications that use the camera cannot
     // use it.
     boolean result = restrictionPolicy.setCameraState(false);

     if (true == result) {
         // Camera is disabled and cannot be enabled by user.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

EnterpriseKnoxManager

1. Create the EnterpriseKnoxManager object.
2. Create the KnoxContainerManager object and pass in your containerID
3. Access the container classes required to modify Android behaviour and the Knox container.

For example, through EnterpriseDeviceManager, you access KnoxContainerManager. Inside the KnoxContainerManager you access the restrictionPolicy class and disable camera with SetCameraState.

// When you create container successfully, containerID will be returned via intent.
// Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID) 
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     // Disable camera. Other applications that use the camera cannot
     // use it.
     boolean result = restrictionPolicy.setCameraState(false);

     if (true == result) {
         // Camera is disabled and cannot be enabled by user.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }