Thierry DELHAISE
Feb 14, 2017
3:05 pm

Kox Enable App and Customization SDK

Hi all,

I would like to know if Customization SDK calls can be inititiated by an application running inside a KEA Container.

Our applcation run inside the KEA Container in order to protect "sensibles" files it manage. Inside the application, we need to lauch a specific workflow wich require that we enable ProKiosk Mode and disable some hardware keys.

To gain access to ProKiosk mode api, we need to be registered as a DeviceAdmin. Actually I'm not able to launch the popup window which ask for DeviceAdmin :

When I lauch the required activity, I receive :

E/XXXXXXApplication: startRequestDeviceAdmin: Exception: android.content.ActivityNotFoundException: No Activity found to handle Intent { act=android.app.action.ADD_DEVICE_ADMIN VirtualScreenParam=Params{mDisplayId=-1, null, mFlags=0x00000000)} (has extras) }

Thanks in advance for your answer. 

Thierry

Similar topics

No similar topics found.
Thierry DELHAISE
Feb 14, 2017
8:40 pm

Hi Samuel, 

Thanks for your reply.

Ok I was suspecting that.

So my second scenario is : 

A first app, an Android Standard ContentProvider providing some video : those videos files are the sensible content I was speaking earliest. This would be the application that will owned criticals files. I would build this one as a KEA application. So when installed, it should run inside a KEA Container. I can, since I owned the code of the content provider, create/add some android permissions, required to gain access to this content provider with a protectionLevel set to "signature".

In the second one (the consumer), signed with the same signature of the ContentProvider, I would "consume" content provider URI by calling standard ContentResolver API. I could install this one outside the KEA Container. Since the application is outside a KEA Container, I should be able to request DeviceAdmin permission, register ELM and KLM licences, further, called ProKiosk mode when required. 

So the question is :

Is there a way for a non KEA App, running outside KEA Container to join a KEA App running in its owned  Container. What is required in those two one's ?

Thanks for your time. 

 

Thierry

 

Comments

Hi Thierry,

I've consulted with my colleagues further and I found that you are able to pass data from a KEA to a non-KEA app.

By using the Android API FileProvider, you should be able to transfer your videos from your KEA to your second consumer app.

If you have problems implementing this, please feel free to raise a ticket at http://www.samsungknox.com/en/support and we can further provide support there.

My apologies for the misinformation earlier. 

Best Regards,

Samuel

Samuel V.Feb 16, 2017 at 12:10 am
Samuel V.Samsung SEAP Moderator
Feb 14, 2017
9:17 pm

Hi Thierry,

If I understand you correctly, you mean to open communication between your first app, a ContentProvider KEA and your second app, a ContentResolver?

If that is the case, my apologies but due to security risks, there is no way for an app inside a container to communicate with an app outside a container. 

Please let me know if you have any other questions.

 

Samuel

Samuel V.Samsung SEAP Moderator
Feb 14, 2017
7:17 pm

Greetings Thierry,

Unfortunately, you cannot make Customization SDK calls inside a KEA container as you would need the app to be a Device Administrator for that.

To support your use case of enabling ProKiosk and protecting sensitive files at the same time, you could use the Samsung ISV SDK, in particular its Sensitive Data Protection (SDP) feature. This allows you to keep confidential app data encrypted.

Using this SDK allows you to make calls to the Customization SDK. 

Regards,

Samuel

Thierry DELHAISE
Feb 16, 2017
7:55 am

Hi Samuel,

No problem about your earliest answer. Glad to see that there is a solution. I will try that and give feedback here if it's solved my use case.

Have a good day.

Thierry