1# @ohos.privacyManager (Privacy Management) (System API) 2 3The **privacyManager** module provides APIs for privacy management, such as management of permission usage records. 4 5> **NOTE** 6> 7> - The initial APIs of this module are supported since API version 9. Newly added APIs will be marked with a superscript to indicate their earliest API version. 8> - The APIs provided by this module are system APIs. 9 10## Modules to Import 11 12```ts 13import privacyManager from '@ohos.privacyManager'; 14``` 15 16 17## privacyManager.addPermissionUsedRecord 18 19addPermissionUsedRecord(tokenID: number, permissionName: Permissions, successCount: number, failCount: number): Promise<void> 20 21Adds a permission usage record when an application protected by the permission is called by another service or application. This API uses a promise to return the result. 22The permission usage record includes the application identity (token ID) of the invoker, name of the permission used, and number of successful and failed accesses to the target application. 23 24**Required permissions**: ohos.permission.PERMISSION_USED_STATS (available only to system applications) 25 26**System capability**: SystemCapability.Security.AccessToken 27 28**Parameters** 29 30| Name | Type | Mandatory| Description | 31| -------- | ------------------- | ---- | ------------------------------------------ | 32| tokenID | number | Yes | Application token ID of the caller, which can be obtained from [ApplicationInfo](js-apis-bundleManager-applicationInfo.md). | 33| permissionName | Permissions | Yes | Name of the permission.| 34| successCount | number | Yes | Number of successful accesses.| 35| failCount | number | Yes | Number of failed accesses.| 36 37**Return value** 38 39| Type | Description | 40| :------------ | :---------------------------------- | 41| Promise<void> | Promise that returns no value.| 42 43**Error codes** 44 45For details about the error codes, see [Access Control Error Codes](errorcode-access-token.md). 46 47| ID| Error Message| 48| -------- | -------- | 49| 12100001 | The parameter is invalid. The tokenID is 0, or the string size of permissionName is larger than 256, or the count value is invalid. | 50| 12100002 | The specified tokenID does not exist or refer to an application process. | 51| 12100003 | The specified permission does not exist or is not an user_grant permission. | 52| 12100007 | Service is abnormal. | 53| 12100008 | Out of memory. | 54 55**Example** 56 57```ts 58import privacyManager from '@ohos.privacyManager'; 59import { BusinessError } from '@ohos.base'; 60 61let tokenID: number = 0; // You can use getApplicationInfo to obtain accessTokenId. 62try { 63 privacyManager.addPermissionUsedRecord(tokenID, 'ohos.permission.READ_AUDIO', 1, 0).then(() => { 64 console.log('addPermissionUsedRecord success'); 65 }).catch((err: BusinessError) => { 66 console.log(`addPermissionUsedRecord fail, err->${JSON.stringify(err)}`); 67 }); 68} catch(err) { 69 console.log(`catch err->${JSON.stringify(err)}`); 70} 71``` 72 73## privacyManager.addPermissionUsedRecord 74 75addPermissionUsedRecord(tokenID: number, permissionName: Permissions, successCount: number, failCount: number, callback: AsyncCallback<void>): void 76 77Adds a permission usage record when an application protected by the permission is called by another service or application. This API uses an asynchronous callback to return the result. 78The permission usage record includes the application identity (token ID) of the invoker, name of the permission used, and number of successful and failed accesses to the target application. 79 80**Required permissions**: ohos.permission.PERMISSION_USED_STATS (available only to system applications) 81 82**System capability**: SystemCapability.Security.AccessToken 83 84**Parameters** 85 86| Name | Type | Mandatory| Description | 87| -------- | ------------------- | ---- | ------------------------------------------ | 88| tokenID | number | Yes | Application token ID of the caller, which can be obtained from [ApplicationInfo](js-apis-bundleManager-applicationInfo.md). | 89| permissionName | Permissions | Yes | Permission name. For details about the permissions, see [Permissions for All Applications](../../security/AccessToken/permissions-for-all.md).| 90| successCount | number | Yes | Number of successful accesses.| 91| failCount | number | Yes | Number of failed accesses.| 92| callback | AsyncCallback<void> | Yes | Callback invoked to return the result. If the operation is successful, **err** is **undefined**. Otherwise, **err** is an error object.| 93 94**Error codes** 95 96For details about the error codes, see [Access Control Error Codes](errorcode-access-token.md). 97 98| ID| Error Message| 99| -------- | -------- | 100| 12100001 | The parameter is invalid. The tokenID is 0, or the string size of permissionName is larger than 256, or the count value is invalid. | 101| 12100002 | The specified tokenID does not exist or refer to an application process. | 102| 12100003 | The specified permission does not exist or is not an user_grant permission. | 103| 12100007 | Service is abnormal. | 104| 12100008 | Out of memory. | 105 106**Example** 107 108```ts 109import privacyManager from '@ohos.privacyManager'; 110import { BusinessError } from '@ohos.base'; 111 112let tokenID: number = 0; // You can use getApplicationInfo to obtain accessTokenId. 113try { 114 privacyManager.addPermissionUsedRecord(tokenID, 'ohos.permission.READ_AUDIO', 1, 0, (err: BusinessError, data: void) => { 115 if (err) { 116 console.log(`addPermissionUsedRecord fail, err->${JSON.stringify(err)}`); 117 } else { 118 console.log('addPermissionUsedRecord success'); 119 } 120 }); 121} catch(err) { 122 console.log(`catch err->${JSON.stringify(err)}`); 123} 124``` 125 126## privacyManager.getPermissionUsedRecord 127 128getPermissionUsedRecord(request: PermissionUsedRequest): Promise<PermissionUsedResponse> 129 130Obtains historical permission usage records. This API uses a promise to return the result. 131 132**Required permissions**: ohos.permission.PERMISSION_USED_STATS (available only to system applications) 133 134**System capability**: SystemCapability.Security.AccessToken 135 136**Parameters** 137 138| Name | Type | Mandatory| Description | 139| -------- | ------------------- | ---- | ------------------------------------------ | 140| request | [PermissionUsedRequest](#permissionusedrequest) | Yes | Request for querying permission usage records. | 141 142**Return value** 143 144| Type | Description | 145| :------------ | :---------------------------------- | 146| Promise<[PermissionUsedResponse](#permissionusedresponse)> | Promise used to return the permission usage records.| 147 148**Error codes** 149 150For details about the error codes, see [Access Control Error Codes](errorcode-access-token.md). 151 152| ID| Error Message| 153| -------- | -------- | 154| 12100001 | The parameter is invalid. the value of flag in request is invalid. | 155| 12100002 | The specified tokenID does not exist or refer to an application process. | 156| 12100003 | The specified permission does not exist or is not an user_grant permission. | 157| 12100007 | Service is abnormal. | 158| 12100008 | Out of memory. | 159 160**Example** 161 162```ts 163import privacyManager from '@ohos.privacyManager'; 164import { BusinessError } from '@ohos.base'; 165 166let request: privacyManager.PermissionUsedRequest = { 167 'tokenId': 1, 168 'isRemote': false, 169 'deviceId': 'device', 170 'bundleName': 'bundle', 171 'permissionNames': [], 172 'beginTime': 0, 173 'endTime': 1, 174 'flag':privacyManager.PermissionUsageFlag.FLAG_PERMISSION_USAGE_DETAIL, 175}; 176try { 177 privacyManager.getPermissionUsedRecord(request).then((data) => { 178 console.log(`getPermissionUsedRecord success, data->${JSON.stringify(data)}`); 179 }).catch((err: BusinessError) => { 180 console.log(`getPermissionUsedRecord fail, err->${JSON.stringify(err)}`); 181 }); 182} catch(err) { 183 console.log(`catch err->${JSON.stringify(err)}`); 184} 185``` 186 187## privacyManager.getPermissionUsedRecord 188 189getPermissionUsedRecord(request: PermissionUsedRequest, callback: AsyncCallback<PermissionUsedResponse>): void 190 191Obtains historical permission usage records. This API uses an asynchronous callback to return the result. 192 193**Required permissions**: ohos.permission.PERMISSION_USED_STATS (available only to system applications) 194 195**System capability**: SystemCapability.Security.AccessToken 196 197**Parameters** 198 199| Name | Type | Mandatory| Description | 200| -------- | ------------------- | ---- | ------------------------------------------ | 201| request | [PermissionUsedRequest](#permissionusedrequest) | Yes| Request for querying permission usage records.| 202| callback | AsyncCallback<[PermissionUsedResponse](#permissionusedresponse)> | Yes| Callback invoked to return the result. If the operation is successful, **err** is **undefined** and **data** is the permission usage record obtained. Otherwise, **err** is an error object.| 203 204**Error codes** 205 206For details about the error codes, see [Access Control Error Codes](errorcode-access-token.md). 207 208| ID| Error Message| 209| -------- | -------- | 210| 12100001 | The parameter is invalid. the value of flag in request is invalid. | 211| 12100002 | The specified tokenID does not exist or refer to an application process. | 212| 12100003 | The specified permission does not exist or is not an user_grant permission. | 213| 12100007 | Service is abnormal. | 214| 12100008 | Out of memory. | 215 216**Example** 217 218```ts 219import privacyManager from '@ohos.privacyManager'; 220import { BusinessError } from '@ohos.base'; 221 222let request: privacyManager.PermissionUsedRequest = { 223 'tokenId': 1, 224 'isRemote': false, 225 'deviceId': 'device', 226 'bundleName': 'bundle', 227 'permissionNames': [], 228 'beginTime': 0, 229 'endTime': 1, 230 'flag':privacyManager.PermissionUsageFlag.FLAG_PERMISSION_USAGE_DETAIL, 231}; 232try { 233 privacyManager.getPermissionUsedRecord(request, (err: BusinessError, data: privacyManager.PermissionUsedResponse) => { 234 if (err) { 235 console.log(`getPermissionUsedRecord fail, err->${JSON.stringify(err)}`); 236 } else { 237 console.log(`getPermissionUsedRecord success, data->${JSON.stringify(data)}`); 238 } 239 }); 240} catch(err) { 241 console.log(`catch err->${JSON.stringify(err)}`); 242} 243``` 244 245## privacyManager.startUsingPermission 246 247startUsingPermission(tokenID: number, permissionName: Permissions): Promise<void> 248 249Starts to use a permission and flushes the permission usage record. This API is called by a system application, either running in the foreground or background, and uses a promise to return the result. This API uses a promise to return the result. 250 251**Required permissions**: ohos.permission.PERMISSION_USED_STATS (available only to system applications) 252 253**System capability**: SystemCapability.Security.AccessToken 254 255**Parameters** 256 257| Name | Type | Mandatory| Description | 258| -------------- | ------ | ---- | ------------------------------------ | 259| tokenID | number | Yes | Application token ID of the caller, which can be obtained from [ApplicationInfo](js-apis-bundleManager-applicationInfo.md).| 260| permissionName | Permissions | Yes | Permission to use. For details about the permissions, see [Permissions for All Applications](../../security/AccessToken/permissions-for-all.md).| 261 262**Return value** 263 264| Type | Description | 265| ------------- | --------------------------------------- | 266| Promise<void> | Promise that returns no value.| 267 268**Error codes** 269 270For details about the error codes, see [Access Control Error Codes](errorcode-access-token.md). 271 272| ID| Error Message| 273| -------- | -------- | 274| 12100001 | The tokenID is 0, permissionName is longer than 256 bytes, or the count value is invalid. | 275| 12100002 | The specified tokenID does not exist or refer to an application process. | 276| 12100003 | The specified permission does not exist or is not an user_grant permission. | 277| 12100004 | The interface is called repeatedly with the same input. It means the application specified by the tokenID has been using the specified permission. | 278| 12100007 | Service is abnormal. | 279| 12100008 | Out of memory. | 280 281**Example** 282 283```ts 284import privacyManager from '@ohos.privacyManager'; 285import { BusinessError } from '@ohos.base'; 286 287let tokenID: number = 0; // You can use getApplicationInfo to obtain accessTokenId. 288try { 289 privacyManager.startUsingPermission(tokenID, 'ohos.permission.READ_AUDIO').then(() => { 290 console.log('startUsingPermission success'); 291 }).catch((err: BusinessError) => { 292 console.log(`startUsingPermission fail, err->${JSON.stringify(err)}`); 293 }); 294} catch(err) { 295 console.log(`catch err->${JSON.stringify(err)}`); 296} 297``` 298 299## privacyManager.startUsingPermission 300 301startUsingPermission(tokenID: number, permissionName: Permissions, callback: AsyncCallback<void>): void 302 303Starts to use a permission and flushes the permission usage record. This API is called by a system application, either running in the foreground or background, and uses a promise to return the result. This API uses an asynchronous callback to return the result. 304 305**Required permissions**: ohos.permission.PERMISSION_USED_STATS (available only to system applications) 306 307**System capability**: SystemCapability.Security.AccessToken 308 309**Parameters** 310 311| Name | Type | Mandatory| Description | 312| -------------- | --------------------- | ---- | ------------------------------------ | 313| tokenID | number | Yes | Application token ID of the caller, which can be obtained from [ApplicationInfo](js-apis-bundleManager-applicationInfo.md).| 314| permissionName | Permissions | Yes | Permission to use. For details about the permissions, see [Permissions for All Applications](../../security/AccessToken/permissions-for-all.md).| 315| callback | AsyncCallback<void> | Yes | Callback invoked to return the result. If the operation is successful, **err** is **undefined**. Otherwise, **err** is an error object.| 316 317**Error codes** 318 319For details about the error codes, see [Access Control Error Codes](errorcode-access-token.md). 320 321| ID| Error Message| 322| -------- | -------- | 323| 12100001 | The tokenID is 0, permissionName is longer than 256 bytes, or the count value is invalid. | 324| 12100002 | The specified tokenID does not exist or refer to an application process. | 325| 12100003 | The specified permission does not exist or is not an user_grant permission. | 326| 12100004 | The interface is called repeatedly with the same input. It means the application specified by the tokenID has been using the specified permission. | 327| 12100007 | Service is abnormal. | 328| 12100008 | Out of memory. | 329 330**Example** 331 332```ts 333import privacyManager from '@ohos.privacyManager'; 334import { BusinessError } from '@ohos.base'; 335 336let tokenID: number = 0; // You can use getApplicationInfo to obtain accessTokenId. 337try { 338 privacyManager.startUsingPermission(tokenID, 'ohos.permission.READ_AUDIO', (err: BusinessError, data: void) => { 339 if (err) { 340 console.log(`startUsingPermission fail, err->${JSON.stringify(err)}`); 341 } else { 342 console.log('startUsingPermission success'); 343 } 344 }); 345} catch(err) { 346 console.log(`catch err->${JSON.stringify(err)}`); 347} 348``` 349 350## privacyManager.stopUsingPermission 351 352stopUsingPermission(tokenID: number, permissionName: Permissions): Promise<void> 353 354Stops using a permission. This API is called by a system application and uses a promise to return the result. **startUsingPermission** and **stopUsingPermission** are used in pairs. This API uses a promise to return the result. 355 356**Required permissions**: ohos.permission.PERMISSION_USED_STATS (available only to system applications) 357 358**System capability**: SystemCapability.Security.AccessToken 359 360**Parameters** 361 362| Name | Type | Mandatory| Description | 363| -------------- | ------ | ---- | ------------------------------------ | 364| tokenID | number | Yes | Application token ID of the caller, which can be obtained from [ApplicationInfo](js-apis-bundleManager-applicationInfo.md).| 365| permissionName | Permissions | Yes | Permission to use. For details about the permissions, see [Permissions for All Applications](../../security/AccessToken/permissions-for-all.md).| 366 367**Return value** 368 369| Type | Description | 370| ------------- | --------------------------------------- | 371| Promise<void> | Promise that returns no value.| 372 373**Error codes** 374 375For details about the error codes, see [Access Control Error Codes](errorcode-access-token.md). 376 377| ID| Error Message| 378| -------- | -------- | 379| 12100001 | The tokenID is 0, permissionName is longer than 256 bytes, or the count value is invalid. | 380| 12100002 | The specified tokenID does not exist or refer to an application process. | 381| 12100003 | The specified permission does not exist or is not an user_grant permission. | 382| 12100004 | The interface is not used with | 383| 12100007 | Service is abnormal. | 384| 12100008 | Out of memory. | 385 386**Example** 387 388```ts 389import privacyManager from '@ohos.privacyManager'; 390import { BusinessError } from '@ohos.base'; 391 392let tokenID: number = 0; // You can use getApplicationInfo to obtain accessTokenId. 393try { 394 privacyManager.stopUsingPermission(tokenID, 'ohos.permission.READ_AUDIO').then(() => { 395 console.log('stopUsingPermission success'); 396 }).catch((err: BusinessError) => { 397 console.log(`stopUsingPermission fail, err->${JSON.stringify(err)}`); 398 }); 399} catch(err) { 400 console.log(`catch err->${JSON.stringify(err)}`); 401} 402``` 403 404## privacyManager.stopUsingPermission 405 406stopUsingPermission(tokenID: number, permissionName: Permissions, callback: AsyncCallback<void>): void 407 408Stops using a permission. This API is called by a system application and uses a promise to return the result. **startUsingPermission** and **stopUsingPermission** are used in pairs. This API uses an asynchronous callback to return the result. 409 410**Required permissions**: ohos.permission.PERMISSION_USED_STATS (available only to system applications) 411 412**System capability**: SystemCapability.Security.AccessToken 413 414**Parameters** 415 416| Name | Type | Mandatory| Description | 417| -------------- | --------------------- | ---- | ------------------------------------ | 418| tokenID | number | Yes | Application token ID of the caller, which can be obtained from [ApplicationInfo](js-apis-bundleManager-applicationInfo.md).| 419| permissionName | Permissions | Yes | Permission to use. For details about the permissions, see [Permissions for All Applications](../../security/AccessToken/permissions-for-all.md).| 420| callback | AsyncCallback<void> | Yes | Callback invoked to return the result. If the operation is successful, **err** is **undefined**. Otherwise, **err** is an error object.| 421 422**Error codes** 423 424For details about the error codes, see [Access Control Error Codes](errorcode-access-token.md). 425 426| ID| Error Message| 427| -------- | -------- | 428| 12100001 | The tokenID is 0, permissionName is longer than 256 bytes, or the count value is invalid. | 429| 12100002 | The specified tokenID does not exist or refer to an application process. | 430| 12100003 | The specified permission does not exist or is not an user_grant permission. | 431| 12100004 | The interface is not used with | 432| 12100007 | Service is abnormal. | 433| 12100008 | Out of memory. | 434 435**Example** 436 437```ts 438import privacyManager from '@ohos.privacyManager'; 439import { BusinessError } from '@ohos.base'; 440 441let tokenID: number = 0; // You can use getApplicationInfo to obtain accessTokenId. 442try { 443 privacyManager.stopUsingPermission(tokenID, 'ohos.permission.READ_AUDIO', (err: BusinessError, data: void) => { 444 if (err) { 445 console.log(`stopUsingPermission fail, err->${JSON.stringify(err)}`); 446 } else { 447 console.log('stopUsingPermission success'); 448 } 449 }); 450} catch(err) { 451 console.log(`catch err->${JSON.stringify(err)}`); 452} 453``` 454 455## privacyManager.on 456 457on(type: 'activeStateChange', permissionList: Array<Permissions>, callback: Callback<ActiveChangeResponse>): void 458 459Subscribes to the permission usage status changes of the specified permissions. 460 461Multiple callbacks can be registered for the same **permissionList**. 462 463The same callback cannot be registered for the **permissionList**s with common values. 464 465**Required permissions**: ohos.permission.PERMISSION_USED_STATS (available only to system applications) 466 467**System capability**: SystemCapability.Security.AccessToken 468 469**Parameters** 470 471| Name | Type | Mandatory| Description | 472| ------------------ | --------------------- | ---- | ------------------------------------------------------------ | 473| type | string | Yes | Event type. The value is **'activeStateChange'**, which indicates the permission usage change. | 474| permissionList | Array<Permissions> | Yes | List of the permissions to be observed. If this parameter is left empty, this API subscribes to the permission usage status change of all permissions. Valid permission names can be obtained in [Permissions for All Applications](../../security/AccessToken/permissions-for-all.md).| 475| callback | Callback<[ActiveChangeResponse](#activechangeresponse)> | Yes| Callback invoked to return a change in the permission usage.| 476 477**Error codes** 478 479For details about the error codes, see [Access Control Error Codes](errorcode-access-token.md). 480 481| ID| Error Message| 482| -------- | -------- | 483| 12100001 | The parameter is invalid. The tokenID is 0, or the string size of permissionName is larger than 256. | 484| 12100004 | The interface is called repeatedly with the same input. | 485| 12100005 | The registration time has exceeded the limitation. | 486| 12100007 | Service is abnormal. | 487| 12100008 | Out of memory. | 488 489**Example** 490 491```ts 492import privacyManager, { Permissions } from '@ohos.privacyManager'; 493import { BusinessError } from '@ohos.base'; 494 495let permissionList: Array<Permissions> = []; 496try { 497 privacyManager.on('activeStateChange', permissionList, (data: privacyManager.ActiveChangeResponse) => { 498 console.debug('receive permission state change, data:' + JSON.stringify(data)); 499 }); 500} catch(err) { 501 console.log(`catch err->${JSON.stringify(err)}`); 502} 503``` 504 505## privacyManager.off 506 507off(type: 'activeStateChange', permissionList: Array<Permissions>, callback?: Callback<ActiveChangeResponse>): void 508 509Unsubscribes from the permission usage status changes of the specified permissions. 510 511If no callback is passed in **privacyManager.off**, all callbacks of **permissionList** will be unregistered. 512 513**Required permissions**: ohos.permission.PERMISSION_USED_STATS (available only to system applications) 514 515**System capability**: SystemCapability.Security.AccessToken 516 517**Parameters** 518 519| Name | Type | Mandatory| Description | 520| ------------------ | --------------------- | ---- | ------------------------------------------------------------ | 521| type | string | Yes | Event type. The value is **'activeStateChange'**, which indicates the permission usage change. | 522| permissionList | Array<Permissions> | Yes | List of permissions. The value must be the same as that of **on()**. If this parameter is left empty, this API unsubscribes from the permission usage change of all permissions. For details about the permissions, see [Permissions for All Applications](../../security/AccessToken/permissions-for-all.md).| 523| callback | Callback<[ActiveChangeResponse](#activechangeresponse)> | No| Callback for the permission usage change event.| 524 525**Error codes** 526 527For details about the error codes, see [Access Control Error Codes](errorcode-access-token.md). 528 529| ID| Error Message| 530| -------- | -------- | 531| 12100001 | The permissionNames in the list are all invalid, or the list size exceeds 1024 bytes. | 532| 12100004 | The interface is not used together with 'on'| 533| 12100007 | Service is abnormal. | 534| 12100008 | Out of memory. | 535 536**Example** 537 538```ts 539import privacyManager, { Permissions } from '@ohos.privacyManager'; 540 541let permissionList: Array<Permissions> = []; 542try { 543 privacyManager.off('activeStateChange', permissionList); 544}catch(err) { 545 console.log(`catch err->${JSON.stringify(err)}`); 546} 547``` 548 549## PermissionUsageFlag 550 551Enumerates the modes for querying the permission usage records. 552 553**System capability**: SystemCapability.Security.AccessToken 554 555| Name | Value| Description | 556| ----------------------- | ------ | ---------------------- | 557| FLAG_PERMISSION_USAGE_SUMMARY | 0 | Query the permission usage summary.| 558| FLAG_PERMISSION_USAGE_DETAIL | 1 | Query detailed permission usage records. | 559 560## PermissionUsedRequest 561 562Represents the request for querying permission usage records. 563 564**System capability**: SystemCapability.Security.AccessToken 565 566| Name | Type | Mandatory | Description | 567| -------- | -------------- | ---- | ---------------------------------------- | 568| tokenId | number | No | Token ID of the application (invoker).<br> By default, all applications are queried. | 569| isRemote | boolean | No | Whether to query the permission usage records of the remote device.<br> The default value is **false**, which means the permission usage records of the local device are queried by default.| 570| deviceId | string | No | ID of the device hosting the target application.<br> The default value is the local device ID. | 571| bundleName | string | No | Bundle name of the target application.<br> By default, all applications are queried.| 572| permissionNames | Array<Permissions> | No | Permissions to query.<br> By default, the usage records of all permissions are queried. | 573| beginTime | number | No | Start time of the query, in ms.<br>The default value is **0**, which means the start time is not set.| 574| endTime | number | No | End time of the query, in ms.<br>The default value is **0**, which means the end time is not set.| 575| flag | [PermissionUsageFlag](#permissionusageflag) | Yes | Query mode.| 576 577## PermissionUsedResponse 578 579Represents the permission usage records of all applications. 580 581**System capability**: SystemCapability.Security.AccessToken 582 583| Name | Type | Readable| Writable| Description | 584| --------- | -------------- | ---- | ---- | ---------------------------------------- | 585| beginTime | number | Yes | No | Start time of the query, in ms.| 586| endTime | number | Yes | No | End time of the query, in ms.| 587| bundleRecords | Array<[BundleUsedRecord](#bundleusedrecord)> | Yes | No | Permission usage records. | 588 589## BundleUsedRecord 590 591Represents the permission access records of an application. 592 593**System capability**: SystemCapability.Security.AccessToken 594 595| Name | Type | Readable| Writable| Description | 596| -------- | -------------- | ---- | ---- | ---------------------------------------- | 597| tokenId | number | Yes | No | Token ID of the application (invoker). | 598| isRemote | boolean | Yes | No | Whether the token ID belongs to the application on a remote device. The default value is **false**.| 599| deviceId | string | Yes | No | ID of the device hosting the target application. | 600| bundleName | string | Yes | No | Bundle name of the target application.| 601| permissionRecords | Array<[PermissionUsedRecord](#permissionusedrecord)> | Yes | No | Permission usage records of the target application. | 602 603## PermissionUsedRecord 604 605Represents the usage records of a permission. 606 607**System capability**: SystemCapability.Security.AccessToken 608 609| Name | Type | Readable| Writable| Description | 610| -------- | -------------- | ---- | ---- | ---------------------------------------- | 611| permissionName | Permissions | Yes | No | Name of the permission. | 612| accessCount | number | Yes | No | Total number of times that the permission is accessed.| 613| rejectCount | number | Yes | No | Total number of times that the access to the permission is rejected.| 614| lastAccessTime | number | Yes | No | Last time when the permission was accessed, accurate to ms.| 615| lastRejectTime | number | Yes | No | Last time when the access to the permission was rejected, accurate to ms.| 616| lastAccessDuration | number | Yes | No | Last access duration, in ms.| 617| accessRecords | Array<[UsedRecordDetail](#usedrecorddetail)> | Yes | No | Successful access records. This parameter is valid only when **flag** is **FLAG_PERMISSION_USAGE_DETAIL**. By default, 10 records are provided. | 618| rejectRecords | Array<[UsedRecordDetail](#usedrecorddetail)> | Yes | No | Rejected access records. This parameter is valid only when **flag** is **FLAG_PERMISSION_USAGE_DETAIL**. By default, 10 records are provided. | 619 620## UsedRecordDetail 621 622Represents the details of a single access record. 623 624**System capability**: SystemCapability.Security.AccessToken 625 626| Name | Type | Readable| Writable| Description | 627| -------- | -------------- | ---- | ---- | ---------------------------------------- | 628| status | number | Yes | No | Access status. | 629| lockScreenStatus<sup>11+</sup> | number | Yes | No | Status of the screen during the access.<br> - **1**: The screen is not locked when the permission is used.<br> - **2**: The screen is locked when the permission is used. | 630| timestamp | number | Yes | No | Access timestamp, in ms.| 631| accessDuration | number | Yes | No | Access duration, in ms. | 632| count<sup>11+</sup> | number | Yes| No | Number of successful or failed accesses. 633 634## PermissionActiveStatus 635 636Enumerates the permission usage statuses. 637 638**System capability**: SystemCapability.Security.AccessToken 639 640| Name | Value | Description | 641| ------------------------- | ------ | ---------------- | 642| PERM_INACTIVE | 0 | The permission is not used. | 643| PERM_ACTIVE_IN_FOREGROUND | 1 | The permission is being used by an application running in the foreground.| 644| PERM_ACTIVE_IN_BACKGROUND | 2 | The permission is being used by an application running in the background.| 645 646## ActiveChangeResponse 647 648Defines the detailed permission usage information. 649 650 **System capability**: SystemCapability.Security.AccessToken 651 652| Name | Type | Readable| Writable| Description | 653| -------------- | ---------------------- | ---- | ---- | --------------------- | 654| tokenId | number | Yes | No | Token ID of the application. | 655| permissionName | Permissions | Yes | No | Name of the permission.| 656| deviceId | string | Yes | No | Device ID. | 657| activeStatus | [PermissionActiveStatus](#permissionactivestatus) | Yes | No | Permission usage status. | 658 659<!--no_check-->