Menu

About the Knox SDK

Knox SDK extends the functionality of the standard Android SDK to provide granular access to device features, security options, customization settings, and more. Create tailored solutions by remapping hardware keys, designing kiosks, deploying policies by geographical location, and customizing the booting animation. Keep sensitive enterprise data secure by restricting access to settings, pre-configuring VPN and firewall settings, and whitelisting and blacklisting apps.

This section describes the general architecture of the SDK and how to access its classes and methods.

Audience

The Knox SDK has many applications and can be used by a wide array of developers:

  • Enterprise Mobility Management (EMM) vendors. These developers create device-based Android apps that take commands OTA from web consoles being used by IT Admins to manage enterprise devices. See Featured > EMM partners for more information.
  • Systems Integrators (SI). These developers create purpose-built devices for vertical markets, for example, informational kiosks for hospitality, in-flight entertainment systems for airlines, or point-of-sales devices for the retail industry. See the Featured > SI section for more information.
  • Independent Software Vendors (ISV) developing enterprise apps. These developers might be using just a few features in the SDK to enhance their apps, for example, using attestation to ensure that a Samsung devices has not been rooted or Sensitive Data Protection (SDP) to add another layer of data security for their app. See the Featured > ISV section for more information.

Knox SDK components

See the package and class overview for a full overview of all the classes and packages contained in the Knox SDK.

Public interface to get policy objects

Class Description
EnterpriseDeviceManager Public interface for managing policies enforced on a device. 
EnterpriseKnoxManager Public interface for managing premium policies enforced on a device. 
CustomDeviceManager public interface for device customization.

These classes provide a large number of device management capabilities at the system level, allowing enterprises to enforce enterprise specific policies by providing a finer-grained control over employee devices.

See About containers for more information on how EnterpriseKnoxManager can be used.

Example: Call a Knox API

In these examples, we call APIs from the following the classes above:

EnterpriseDeviceManager

  1. Instantiate the EnterpriseDeviceManager.
  2. Access the desired class required to modify Android behaviour.
  3. Call the relevant API from EnterpriseDeviceManager.

For example, through EnterpriseDeviceManager, you access the RestrictionPolicy class. Inside RestricionPolicy, you disable camera with SetCameraState

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 RestrictionPolicy restrictionPolicy = edm.getRestrictionPolicy();
 try {
     // Disable camera. Other applications that use the camera cannot
     // use it.
     boolean result = restrictionPolicy.setCameraState(false);

     if (true == result) {
         // Camera is disabled and cannot be enabled by user.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }

EnterpriseKnoxManager

  1. Create the EnterpriseKnoxManager object.
  2. Create the KnoxContainerManagerobject and pass in your containerID
  3. Access the container classes required to modify Android behaviour and the Knox container.
    • NOTE – You must replace the ContainerID variable with your real containerID.

For example, through EnterpriseDeviceManager, you access KnoxContainerManager. Inside the KnoxContainerManageryou access the restrictionPolicy class and disable camera with SetCameraState.

// When you create container successfully, containerID will be returned via intent.
// Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID) 
 RestrictionPolicy restrictionPolicy = kcm.getRestrictionPolicy();
 try {
     // Disable camera. Other applications that use the camera cannot
     // use it.
     boolean result = restrictionPolicy.setCameraState(false);

     if (true == result) {
         // Camera is disabled and cannot be enabled by user.
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }