1# @ohos.privacyManager (Privacy Management) 2 3The **privacyManager** module provides APIs for privacy management, such as management of permission usage records. 4 5> **NOTE** 6> 7> - The initial APIs of this module are supported since API version 9. Newly added APIs will be marked with a superscript to indicate their earliest API version. 8> - The APIs provided by this module are system APIs. 9 10## Modules to Import 11 12```js 13import privacyManager from '@ohos.privacyManager'; 14``` 15 16 17## privacyManager.addPermissionUsedRecord 18 19addPermissionUsedRecord(tokenID: number, permissionName: Permissions, successCount: number, failCount: number): Promise<void> 20 21Adds a permission usage record when an application protected by the permission is called by another service or application. This API uses a promise to return the result. 22The permission usage record includes the application identity (token ID) of the invoker, name of the permission used, and number of successful and failed accesses to the target application. 23 24**Required permissions**: ohos.permission.PERMISSION_USED_STATS (available only to system applications) 25 26**System capability**: SystemCapability.Security.AccessToken 27 28**Parameters** 29 30| Name | Type | Mandatory| Description | 31| -------- | ------------------- | ---- | ------------------------------------------ | 32| tokenID | number | Yes | Application token ID of the invoker. The value can be obtained from [ApplicationInfo](js-apis-bundle-ApplicationInfo.md). | 33| permissionName | Permissions | Yes | Name of the permission.| 34| successCount | number | Yes | Number of successful accesses.| 35| failCount | number | Yes | Number of failed accesses.| 36 37**Return value** 38 39| Type | Description | 40| :------------ | :---------------------------------- | 41| Promise<void> | Promise that returns no value.| 42 43**Error codes** 44 45For details about the error codes, see [Ability Access Control Error Codes](../errorcodes/errorcode-access-token.md). 46 47| ID| Error Message| 48| -------- | -------- | 49| 12100001 | The parameter is invalid. The tokenID is 0, the permissionName is longer than 256 bytes, or the count value is invalid. | 50| 12100002 | The specified tokenID does not exist or refer to an application process. | 51| 12100003 | The specified permission does not exist or is not an user_grant permission. | 52| 12100007 | Service is abnormal. | 53| 12100008 | Out of memory. | 54 55**Example** 56 57```js 58import privacyManager from '@ohos.privacyManager'; 59 60let tokenID = 0; // You can use getApplicationInfo to obtain the access token ID. 61try { 62 privacyManager.addPermissionUsedRecord(tokenID, "ohos.permission.PERMISSION_USED_STATS", 1, 0).then(() => { 63 console.log('addPermissionUsedRecord success'); 64 }).catch((err) => { 65 console.log(`addPermissionUsedRecord fail, err->${JSON.stringify(err)}`); 66 }); 67} catch(err) { 68 console.log(`catch err->${JSON.stringify(err)}`); 69} 70``` 71 72## privacyManager.addPermissionUsedRecord 73 74addPermissionUsedRecord(tokenID: number, permissionName: Permissions, successCount: number, failCount: number, callback: AsyncCallback<void>): void 75 76Adds a permission usage record when an application protected by the permission is called by another service or application. This API uses an asynchronous callback to return the result. 77The permission usage record includes the application identity (token ID) of the invoker, name of the permission used, and number of successful and failed accesses to the target application. 78 79**Required permissions**: ohos.permission.PERMISSION_USED_STATS (available only to system applications) 80 81**System capability**: SystemCapability.Security.AccessToken 82 83**Parameters** 84 85| Name | Type | Mandatory| Description | 86| -------- | ------------------- | ---- | ------------------------------------------ | 87| tokenID | number | Yes | Application token ID of the invoker. The value can be obtained from [ApplicationInfo](js-apis-bundle-ApplicationInfo.md). | 88| permissionName | Permissions | Yes | Name of the permission.| 89| successCount | number | Yes | Number of successful accesses.| 90| failCount | number | Yes | Number of failed accesses.| 91| callback | AsyncCallback<void> | Yes | Callback invoked to return the result. If a usage record is added successfully, **err** is **undefine**. Otherwise, **err** is an error object.| 92 93**Error codes** 94 95For details about the error codes, see [Ability Access Control Error Codes](../errorcodes/errorcode-access-token.md). 96 97| ID| Error Message| 98| -------- | -------- | 99| 12100001 | The parameter is invalid. The tokenID is 0, the permissionName is longer than 256 bytes, or the count value is invalid. | 100| 12100002 | The specified tokenID does not exist or refer to an application process. | 101| 12100003 | The specified permission does not exist or is not an user_grant permission. | 102| 12100007 | Service is abnormal. | 103| 12100008 | Out of memory. | 104 105**Example** 106 107```js 108import privacyManager from '@ohos.privacyManager'; 109 110let tokenID = 0; // You can use getApplicationInfo to obtain the access token ID. 111try { 112 privacyManager.addPermissionUsedRecord(tokenID, "ohos.permission.PERMISSION_USED_STATS", 1, 0, (err, data) => { 113 if (err) { 114 console.log(`addPermissionUsedRecord fail, err->${JSON.stringify(err)}`); 115 } else { 116 console.log('addPermissionUsedRecord success'); 117 } 118 }); 119} catch(err) { 120 console.log(`catch err->${JSON.stringify(err)}`); 121} 122``` 123 124## privacyManager.getPermissionUsedRecord 125 126getPermissionUsedRecord(request: PermissionUsedRequest): Promise<PermissionUsedResponse> 127 128Obtains historical permission usage records. This API uses a promise to return the result. 129 130**Required permissions**: ohos.permission.PERMISSION_USED_STATS (available only to system applications) 131 132**System capability**: SystemCapability.Security.AccessToken 133 134**Parameters** 135 136| Name | Type | Mandatory| Description | 137| -------- | ------------------- | ---- | ------------------------------------------ | 138| request | [PermissionUsedRequest](#permissionusedrequest) | Yes | Request for querying permission usage records. | 139 140**Return value** 141 142| Type | Description | 143| :------------ | :---------------------------------- | 144| Promise<[PermissionUsedResponse](#permissionusedresponse)> | Promise used to return the permission usage records.| 145 146**Error codes** 147 148For details about the error codes, see [Ability Access Control Error Codes](../errorcodes/errorcode-access-token.md). 149 150| ID| Error Message| 151| -------- | -------- | 152| 12100001 | The parameter is invalid. the value of flag in request is invalid. | 153| 12100002 | The specified tokenID does not exist or refer to an application process. | 154| 12100003 | The specified permission does not exist or is not an user_grant permission. | 155| 12100007 | Service is abnormal. | 156| 12100008 | Out of memory. | 157 158**Example** 159 160```js 161import privacyManager from '@ohos.privacyManager'; 162 163let request = { 164 "tokenId": 1, 165 "isRemote": false, 166 "deviceId": "device", 167 "bundleName": "bundle", 168 "permissionNames": [], 169 "beginTime": 0, 170 "endTime": 1, 171 "flag":privacyManager.PermissionUsageFlag.FLAG_PERMISSION_USAGE_DETAIL, 172}; 173try { 174 privacyManager.getPermissionUsedRecord(request).then((data) => { 175 console.log(`getPermissionUsedRecord success, data->${JSON.stringify(data)}`); 176 }).catch((err) => { 177 console.log(`getPermissionUsedRecord fail, err->${JSON.stringify(err)}`); 178 }); 179} catch(err) { 180 console.log(`catch err->${JSON.stringify(err)}`); 181} 182``` 183 184## privacyManager.getPermissionUsedRecord 185 186getPermissionUsedRecord(request: PermissionUsedRequest, callback: AsyncCallback<PermissionUsedResponse>): void 187 188Obtains historical permission usage records. This API uses an asynchronous callback to return the result. 189 190**Required permissions**: ohos.permission.PERMISSION_USED_STATS (available only to system applications) 191 192**System capability**: SystemCapability.Security.AccessToken 193 194**Parameters** 195 196| Name | Type | Mandatory| Description | 197| -------- | ------------------- | ---- | ------------------------------------------ | 198| request | [PermissionUsedRequest](#permissionusedrequest) | Yes| Request for querying permission usage records.| 199| callback | AsyncCallback<[PermissionUsedResponse](#permissionusedresponse)> | Yes| Callback invoked to return the result. If the query is successful, **err** is **undefine** and **data** is the permission usage record. Otherwise, **err** is an error object.| 200 201**Error codes** 202 203For details about the error codes, see [Ability Access Control Error Codes](../errorcodes/errorcode-access-token.md). 204 205| ID| Error Message| 206| -------- | -------- | 207| 12100001 | The parameter is invalid. the value of flag in request is invalid. | 208| 12100002 | The specified tokenID does not exist or refer to an application process. | 209| 12100003 | The specified permission does not exist or is not an user_grant permission. | 210| 12100007 | Service is abnormal. | 211| 12100008 | Out of memory. | 212 213**Example** 214 215```js 216import privacyManager from '@ohos.privacyManager'; 217 218let request = { 219 "tokenId": 1, 220 "isRemote": false, 221 "deviceId": "device", 222 "bundleName": "bundle", 223 "permissionNames": [], 224 "beginTime": 0, 225 "endTime": 1, 226 "flag":privacyManager.PermissionUsageFlag.FLAG_PERMISSION_USAGE_DETAIL, 227}; 228try { 229 privacyManager.getPermissionUsedRecord(request, (err, data) => { 230 if (err) { 231 console.log(`getPermissionUsedRecord fail, err->${JSON.stringify(err)}`); 232 } else { 233 console.log(`getPermissionUsedRecord success, data->${JSON.stringify(data)}`); 234 } 235 }); 236} catch(err) { 237 console.log(`catch err->${JSON.stringify(err)}`); 238} 239``` 240 241## privacyManager.startUsingPermission 242 243startUsingPermission(tokenID: number, permissionName: Permissions): Promise<void> 244 245Starts to use a permission and flushes the permission usage record. This API is called by a system application, either running in the foreground or background, and uses a promise to return the result. This API uses a promise to return the result. 246 247**Required permissions**: ohos.permission.PERMISSION_USED_STATS (available only to system applications) 248 249**System capability**: SystemCapability.Security.AccessToken 250 251**Parameters** 252 253| Name | Type | Mandatory| Description | 254| -------------- | ------ | ---- | ------------------------------------ | 255| tokenID | number | Yes | Application token ID of the invoker. The value can be obtained from [ApplicationInfo](js-apis-bundle-ApplicationInfo.md).| 256| permissionName | Permissions | Yes | Permission to use. | 257 258**Return value** 259 260| Type | Description | 261| ------------- | --------------------------------------- | 262| Promise<void> | Promise that returns no value.| 263 264**Error codes** 265 266For details about the error codes, see [Ability Access Control Error Codes](../errorcodes/errorcode-access-token.md). 267 268| ID| Error Message| 269| -------- | -------- | 270| 12100001 | The parameter is invalid. The tokenID is 0, the permissionName is longer than 256 bytes, or the count value is invalid. | 271| 12100002 | The specified tokenID does not exist or refer to an application process. | 272| 12100003 | The specified permission does not exist or is not an user_grant permission. | 273| 12100004 | The interface is called repeatedly with the same input. It means the application specified by the tokenID has been using the specified permission. | 274| 12100007 | Service is abnormal. | 275| 12100008 | Out of memory. | 276 277**Example** 278 279```js 280import privacyManager from '@ohos.privacyManager'; 281 282let tokenID = 0; // You can use getApplicationInfo to obtain the access token ID. 283try { 284 privacyManager.startUsingPermission(tokenID, "ohos.permission.PERMISSION_USED_STATS").then(() => { 285 console.log('startUsingPermission success'); 286 }).catch((err) => { 287 console.log(`startUsingPermission fail, err->${JSON.stringify(err)}`); 288 }); 289} catch(err) { 290 console.log(`catch err->${JSON.stringify(err)}`); 291} 292``` 293 294## privacyManager.startUsingPermission 295 296startUsingPermission(tokenID: number, permissionName: Permissions, callback: AsyncCallback<void>): void 297 298Starts to use a permission and flushes the permission usage record. This API is called by a system application, either running in the foreground or background, and uses a promise to return the result. This API uses an asynchronous callback to return the result. 299 300**Required permissions**: ohos.permission.PERMISSION_USED_STATS (available only to system applications) 301 302**System capability**: SystemCapability.Security.AccessToken 303 304**Parameters** 305 306| Name | Type | Mandatory| Description | 307| -------------- | --------------------- | ---- | ------------------------------------ | 308| tokenID | number | Yes | Application token ID of the invoker. The value can be obtained from [ApplicationInfo](js-apis-bundle-ApplicationInfo.md).| 309| permissionName | Permissions | Yes | Permission to use. | 310| callback | AsyncCallback<void> | Yes | Callback invoked to return the result. If the permission is successfully used, **err** is **undefine**. Otherwise, **err** is an error object.| 311 312**Error codes** 313 314For details about the error codes, see [Ability Access Control Error Codes](../errorcodes/errorcode-access-token.md). 315 316| ID| Error Message| 317| -------- | -------- | 318| 12100001 | The parameter is invalid. The tokenID is 0, or the permissionName is longer than 256 bytes. | 319| 12100002 | The specified tokenID does not exist or refer to an application process. | 320| 12100003 | The specified permission does not exist or is not an user_grant permission. | 321| 12100004 | The interface is called repeatedly with the same input. It means the application specified by the tokenID has been using the specified permission. | 322| 12100007 | Service is abnormal. | 323| 12100008 | Out of memory. | 324 325**Example** 326 327```js 328import privacyManager from '@ohos.privacyManager'; 329 330let tokenID = 0; // You can use getApplicationInfo to obtain the access token ID. 331try { 332 privacyManager.startUsingPermission(tokenID, "ohos.permission.PERMISSION_USED_STATS", (err, data) => { 333 if (err) { 334 console.log(`startUsingPermission fail, err->${JSON.stringify(err)}`); 335 } else { 336 console.log('startUsingPermission success'); 337 } 338 }); 339} catch(err) { 340 console.log(`catch err->${JSON.stringify(err)}`); 341} 342``` 343 344## privacyManager.stopUsingPermission 345 346stopUsingPermission(tokenID: number, permissionName: Permissions): Promise<void> 347 348Stops using a permission. This API is called by a system application and uses a promise to return the result. **startUsingPermission** and **stopUsingPermission** are used in pairs. This API uses a promise to return the result. 349 350**Required permissions**: ohos.permission.PERMISSION_USED_STATS (available only to system applications) 351 352**System capability**: SystemCapability.Security.AccessToken 353 354**Parameters** 355 356| Name | Type | Mandatory| Description | 357| -------------- | ------ | ---- | ------------------------------------ | 358| tokenID | number | Yes | Application token ID of the invoker. The value can be obtained from [ApplicationInfo](js-apis-bundle-ApplicationInfo.md).| 359| permissionName | Permissions | Yes | Permission to use. | 360 361**Return value** 362 363| Type | Description | 364| ------------- | --------------------------------------- | 365| Promise<void> | Promise that returns no value.| 366 367**Error codes** 368 369For details about the error codes, see [Ability Access Control Error Codes](../errorcodes/errorcode-access-token.md). 370 371| ID| Error Message| 372| -------- | -------- | 373| 12100001 | The parameter is invalid. The tokenID is 0, or the permissionName is longer than 256 bytes. | 374| 12100002 | The specified tokenID does not exist or refer to an application process. | 375| 12100003 | The specified permission does not exist or is not an user_grant permission. | 376| 12100004 | The interface is not used with | 377| 12100007 | Service is abnormal. | 378| 12100008 | Out of memory. | 379 380**Example** 381 382```js 383import privacyManager from '@ohos.privacyManager'; 384 385let tokenID = 0; // You can use getApplicationInfo to obtain the access token ID. 386try { 387 privacyManager.stopUsingPermission(tokenID, "ohos.permission.PERMISSION_USED_STATS").then(() => { 388 console.log('stopUsingPermission success'); 389 }).catch((err) => { 390 console.log(`stopUsingPermission fail, err->${JSON.stringify(err)}`); 391 }); 392} catch(err) { 393 console.log(`catch err->${JSON.stringify(err)}`); 394} 395``` 396 397## privacyManager.stopUsingPermission 398 399stopUsingPermission(tokenID: number, permissionName: Permissions, callback: AsyncCallback<void>): void 400 401Stops using a permission. This API is called by a system application and uses a promise to return the result. **startUsingPermission** and **stopUsingPermission** are used in pairs. This API uses an asynchronous callback to return the result. 402 403**Required permissions**: ohos.permission.PERMISSION_USED_STATS (available only to system applications) 404 405**System capability**: SystemCapability.Security.AccessToken 406 407**Parameters** 408 409| Name | Type | Mandatory| Description | 410| -------------- | --------------------- | ---- | ------------------------------------ | 411| tokenID | number | Yes | Application token ID of the invoker. The value can be obtained from [ApplicationInfo](js-apis-bundle-ApplicationInfo.md).| 412| permissionName | Permissions | Yes | Permission to use. | 413| callback | AsyncCallback<void> | Yes | Callback invoked to return the result. If the operation is successful, **err** is **undefine**. Otherwise, **err** is an error object.| 414 415**Error codes** 416 417For details about the error codes, see [Ability Access Control Error Codes](../errorcodes/errorcode-access-token.md). 418 419| ID| Error Message| 420| -------- | -------- | 421| 12100001 | The parameter is invalid. The tokenID is 0, or the permissionName is longer than 256 bytes. | 422| 12100002 | The specified tokenID does not exist or refer to an application process. | 423| 12100003 | The specified permission does not exist or is not an user_grant permission. | 424| 12100004 | The interface is not used with | 425| 12100007 | Service is abnormal. | 426| 12100008 | Out of memory. | 427 428**Example** 429 430```js 431import privacyManager from '@ohos.privacyManager'; 432 433let tokenID = 0; // You can use getApplicationInfo to obtain the access token ID. 434try { 435 privacyManager.stopUsingPermission(tokenID, "ohos.permission.PERMISSION_USED_STATS", (err, data) => { 436 if (err) { 437 console.log(`stopUsingPermission fail, err->${JSON.stringify(err)}`); 438 } else { 439 console.log('stopUsingPermission success'); 440 } 441 }); 442} catch(err) { 443 console.log(`catch err->${JSON.stringify(err)}`); 444} 445``` 446 447## privacyManager.on 448 449on(type: 'activeStateChange', permissionList: Array<Permissions>, callback: Callback<ActiveChangeResponse>): void 450 451Subscribes to the permission usage status changes of the specified permissions. 452 453**Required permissions**: ohos.permission.PERMISSION_USED_STATS (available only to system applications) 454 455**System capability**: SystemCapability.Security.AccessToken 456 457**Parameters** 458 459| Name | Type | Mandatory| Description | 460| ------------------ | --------------------- | ---- | ------------------------------------------------------------ | 461| type | string | Yes | Event type to subscribe to. The value is **'activeStateChange'**, which indicates the permission usage change event. | 462| permissionList | Array<Permissions> | Yes | List of permissions to be observed. If this parameter is left empty, the usage changes of all permissions are observed. | 463| callback | Callback<[ActiveChangeResponse](#activechangeresponse)> | Yes| Callback invoked to return a change in the permission usage.| 464 465**Error codes** 466 467For details about the error codes, see [Ability Access Control Error Codes](../errorcodes/errorcode-access-token.md). 468 469| ID| Error Message| 470| -------- | -------- | 471| 12100001 | The parameter is invalid. The tokenID is 0, or the permissionName is longer than 256 bytes. | 472| 12100004 | The interface is called repeatedly with the same input. | 473| 12100005 | The registration time has exceeded the limitation. | 474| 12100007 | Service is abnormal. | 475| 12100008 | Out of memory. | 476 477**Example** 478 479```js 480import privacyManager from '@ohos.privacyManager'; 481 482let permissionList = []; 483try { 484 privacyManager.on('activeStateChange', permissionList, (data) => { 485 console.debug("receive permission state change, data:" + JSON.stringify(data)); 486 }); 487} catch(err) { 488 console.log(`catch err->${JSON.stringify(err)}`); 489} 490``` 491 492## privacyManager.off 493 494off(type: 'activeStateChange', permissionList: Array<Permissions>, callback?: Callback<ActiveChangeResponse>): void; 495 496Unsubscribes from the permission usage status changes of the specified permissions. 497 498**Required permissions**: ohos.permission.PERMISSION_USED_STATS (available only to system applications) 499 500**System capability**: SystemCapability.Security.AccessToken 501 502**Parameters** 503 504| Name | Type | Mandatory| Description | 505| ------------------ | --------------------- | ---- | ------------------------------------------------------------ | 506| type | string | Yes | Event type to subscribe to. The value is **'activeStateChange'**, which indicates the permission usage change event. | 507| permissionList | Array<Permissions> | Yes | List of permissions to be observed. If this parameter is left blank, the usage changes of all permissions are unsubscribed from. The value must be the same as that specified in **on()**.| 508| callback | Callback<[ActiveChangeResponse](#activechangeresponse)> | No| Callback for the permission usage change event.| 509 510**Error codes** 511 512For details about the error codes, see [Ability Access Control Error Codes](../errorcodes/errorcode-access-token.md). 513 514| ID| Error Message| 515| -------- | -------- | 516| 12100001 | The parameter is invalid. The permissionNames in the list are all invalid, or the list size exceeds 1024 bytes. | 517| 12100004 | The API is not used together with "on()". | 518| 12100007 | Service is abnormal. | 519| 12100008 | Out of memory. | 520 521**Example** 522 523```js 524import privacyManager from '@ohos.privacyManager'; 525 526let permissionList = []; 527try { 528 privacyManager.off('activeStateChange', permissionList); 529}catch(err) { 530 console.log(`catch err->${JSON.stringify(err)}`); 531} 532``` 533 534## PermissionUsageFlag 535 536Enumerates the modes for querying the permission usage records. 537 538**System capability**: SystemCapability.Security.AccessToken 539 540| Name | Value| Description | 541| ----------------------- | ------ | ---------------------- | 542| FLAG_PERMISSION_USAGE_SUMMARY | 0 | Query the permission usage summary.| 543| FLAG_PERMISSION_USAGE_DETAIL | 1 | Query detailed permission usage records. | 544 545## PermissionUsedRequest 546 547Represents the request for querying permission usage records. 548 549**System capability**: SystemCapability.Security.AccessToken 550 551| Name | Type | Mandatory | Description | 552| -------- | -------------- | ---- | ---------------------------------------- | 553| tokenId | number | No | Token ID of the application (invoker). | 554| isRemote | boolean | No | Whether the token ID belongs to the application on a remote device. The default value is **false**.| 555| deviceId | string | No | ID of the device hosting the target application. | 556| bundleName | string | No | Bundle name of the target application.| 557| permissionNames | Array<Permissions> | No | Permissions to query. | 558| beginTime | number | No | Start time of the query, in ms. The default value is **0**, indicating that no start time is set.| 559| endTime | number | No | End time of the query, in ms. The default value is **0**, indicating that no end time is set.| 560| flag | [PermissionUsageFlag](#permissionusageflag) | Yes | Query mode. The default value is **FLAG_PERMISSION_USAGE_SUMMARY**.| 561 562## PermissionUsedResponse 563 564Represents the permission usage records of all applications. 565 566**System capability**: SystemCapability.Security.AccessToken 567 568| Name | Type | Mandatory | Description | 569| -------- | -------------- | ---- | ---------------------------------------- | 570| beginTime | number | No | Start time of the query, in ms.| 571| endTime | number | No | End time of the query, in ms.| 572| bundleRecords | Array<[BundleUsedRecord](#bundleusedrecord)> | No | Permission usage records. | 573 574## BundleUsedRecord 575 576Represents the permission access records of an application. 577 578**System capability**: SystemCapability.Security.AccessToken 579 580| Name | Type | Mandatory | Description | 581| -------- | -------------- | ---- | ---------------------------------------- | 582| tokenId | number | No | Token ID of the application (invoker). | 583| isRemote | boolean | No | Whether the token ID belongs to the application on a remote device. The default value is **false**.| 584| deviceId | string | No | ID of the device hosting the target application. | 585| bundleName | string | No | Bundle name of the target application.| 586| permissionRecords | Array<[PermissionUsedRecord](#permissionusedrecord)> | No | Permission usage records of the target application. | 587 588## PermissionUsedRecord 589 590Represents the usage records of a permission. 591 592**System capability**: SystemCapability.Security.AccessToken 593 594| Name | Type | Mandatory | Description | 595| -------- | -------------- | ---- | ---------------------------------------- | 596| permissionName | Permissions | No | Name of the permission. | 597| accessCount | number | No | Total number of times that the permission is accessed.| 598| rejectCount | number | No | Total number of times that the access to the permission is rejected.| 599| lastAccessTime | number | No | Last time when the permission was accessed, accurate to ms.| 600| lastRejectTime | number | No | Last time when the access to the permission was rejected, accurate to ms.| 601| lastAccessDuration | number | No | Last access duration, in ms.| 602| accessRecords | Array<[UsedRecordDetail](#usedrecorddetail)> | No | Successful access records. This parameter is valid only when **flag** is **FLAG_PERMISSION_USAGE_SUMMARY**. By default, 10 records are provided. | 603| rejectRecords | Array<[UsedRecordDetail](#usedrecorddetail)> | No | Rejected access records. This parameter is valid only when **flag** is **FLAG_PERMISSION_USAGE_SUMMARY**. By default, 10 records are provided. | 604 605## UsedRecordDetail 606 607Represents the details of a single access record. 608 609**System capability**: SystemCapability.Security.AccessToken 610 611| Name | Type | Mandatory | Description | 612| -------- | -------------- | ---- | ---------------------------------------- | 613| status | number | No | Access status. | 614| timestamp | number | No | Access timestamp, in ms.| 615| accessDuration | number | No | Access duration, in ms. | 616 617## PermissionActiveStatus 618 619Enumerates the permission usage statuses. 620 621**System capability**: SystemCapability.Security.AccessToken 622 623| Name | Value | Description | 624| ------------------------- | ------ | ---------------- | 625| PERM_INACTIVE | 0 | The permission is not used. | 626| PERM_ACTIVE_IN_FOREGROUND | 1 | The permission is being used by an application running in the foreground.| 627| PERM_ACTIVE_IN_BACKGROUND | 2 | The permission is being used by an application running in the background.| 628 629## ActiveChangeResponse 630 631Defines the detailed permission usage information. 632 633 **System capability**: SystemCapability.Security.AccessToken 634 635| Name | Type | Readable| Writable| Description | 636| -------------- | ---------------------- | ---- | ---- | --------------------- | 637| tokenId | number | Yes | No | Token ID of the application. | 638| permissionName | Permissions | Yes | No | Name of the permission.| 639| deviceId | string | Yes | No | Device ID. | 640| activeStatus | [PermissionActiveStatus](#permissionactivestatus) | Yes | No | Permission usage status. | 641