VPN namespace changes


The Knox v3.4 release merged the Knox VPN SDK into the Knox SDK. All packages, intents, and permission names in the Knox VPN SDK migrated:

  • from the old namespace com.sec.vpn
  • to the new namespace

Knox v3.0 first introduced the consolidated Knox SDK with this new namespace, and introduced the supportlib.jar library to help older devices translate the old namespace to the new namespace. For details about how to update apps to use the new namespace, see the Migration Tutorial.

Caution: All the old namespaces used by the deprecated SDKs (Knox Standard, Premium, Customization, ISV, UCM, VPN) will no longer be supported in the Android 10 (Q) release. Older devices however will continue to support the old namespaces.

If your app used the deprecated Knox VPN SDK, you must migrate to the Knox SDK and its new namespace. Not migrating to the new namespace will cause your VPN app to malfunction in Android 10, leaving your users without VPN access. To prevent this malfunction, we highly recommend updating your VPN apps to use the new namespace.

Namespace architecture

VPN clients developed using the deprecated Knox VPN SDK used the old namespace.

When the Knox VPN SDK merged into the Knox SDK v3.4, a new namespace was introduced. Now, the Knox SDK framework uses the knoxvpn_support.aar library to act as a proxy and forward any new namespace API requests from VPN clients compatible with Knox SDK v3.0 or lower. All VPN clients must move to the new namespace in Knox v3.4 and above. With this change, old namespace calls from the Knox VPN framework are converted to new namespace APIs on the updated VPN clients. All VPN clients must include the knoxvpn_support.aar library to provide backward compatibility with old frameworks. The new namespace architecture is as follows.

Update VPN client app in Android Studio

Follow the instructions in this section to update your VPN client to use the new namespaces.

  1. In the AndroidManifest.xml file, add a new service declaration as follows:

    <service android:name="" android:exported="false" > <intent-filter> <action android:name="{packageName}.BIND_SERVICE" /> </intent-filter> </service>

  2. Change the action name to update existing the Knox VPN service, as highlighted in red:

    <service android:name="{packageName}.KnoxVpnServiceImpl"android:exported="false" > <intent-filter> <action android:name="{packageName}.BIND_SERVICE_NEW" /> </intent-filter> </service>

  3. In the build.gradle file (root directory), include the flatDir attribute as follows:
  4. allprojects { repositories { jcenter() flatDir { dirs 'libs' } } }

  1. In the client's project, under apps/libs/, add the latest Knox SDK (knoxsdk.jar) and supportlib.jar libraries. You can download both from the Knox Partner Portal dashboard > Download page.
  2. If your gradle version is 3.0 or below, add an entry for multiDexEnabled as follows. If your gradle plugin is above 3.0, you can skip this step.

    defaultConfig { ... multiDexEnabled = true }

  3. In the client's project, under apps/libs/, add the knoxvpn_support.aar artifact. You can download knoxvpn_support.aar from the Knox Partner Portal dashboard > Download page.

  4. Update your gradle dependencies.

    If your gradle plugin version is 3.0 or below

    In the build.gradle app directory, under the dependencies entry, include the following compile entry:

    dependencies {
    apk files('libs/supportlib.jar') provided files('libs/knoxsdk.jar')
    compile(name:'knoxvpn_support', ext:'aar')

    If your gradle plugin version is above 3.0

    In the build.gradle app directory, under the dependencies entry, include the following compile entry:

    dependencies { runtimeOnly files('libs/supportlib.jar') compileOnly files('libs/knoxsdk.jar') compileOnly files('libs/knoxvpn_support.aar') }

    Make sure that your gradle file does not include the default line below, which adds all .jars inside apps/libs/:

    implementation fileTree(dir: 'libs', include: ['*.jar'])

  5. Update old namespace references to use new namespace——as follows:

    Existing reference
    (old namespace)
    Change to
    (new namespace)
    import; import;
    import; import;
    import com.sec.vpn.knox.GenericVpnContext; import;
    import com.sec.vpn.knox.GenericVpnService; import;
  6. From the VPN client's project folder, remove all old namespace files, such as:
    • Under src/main/aidl/android/app/enterprise, remove CertificateInfo.aidl
    • Under src/main/java/android/app/enterprise, remove
    • Under src/main/aidl/com/sec/enterprise/mdm/services/vpn/knoxvpn, remove IKnoxVpnService.aidl