1/* 2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16/** 17 * @file 18 * @kit MDMKit 19 */ 20 21import type Want from './@ohos.app.ability.Want'; 22 23/** 24 * This module provides the capability to manage the security of the enterprise devices. 25 * 26 * @namespace securityManager 27 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 28 * @stagemodelonly 29 * @since 11 30 */ 31declare namespace securityManager { 32 /** 33 * The device encryption status. 34 * 35 * @typedef DeviceEncryptionStatus 36 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 37 * @systemapi 38 * @stagemodelonly 39 * @since 11 40 */ 41 export interface DeviceEncryptionStatus { 42 /** 43 * True indicates device is encrypted. 44 * 45 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 46 * @systemapi 47 * @stagemodelonly 48 * @since 11 49 */ 50 isEncrypted: boolean; 51 } 52 53 /** 54 * User certificate data. 55 * 56 * @typedef CertBlob 57 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 58 * @stagemodelonly 59 * @since 12 60 */ 61 export interface CertBlob { 62 /** 63 * The certificate content 64 * 65 * @type { Uint8Array } 66 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 67 * @stagemodelonly 68 * @since 12 69 */ 70 inData: Uint8Array; 71 72 /** 73 * The certificate alias 74 * 75 * @type { string } 76 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 77 * @stagemodelonly 78 * @since 12 79 */ 80 alias: string; 81 } 82 83 /** 84 * Gets device security patch tag. 85 * This function can be called by a super administrator. 86 * 87 * @permission ohos.permission.ENTERPRISE_MANAGE_SECURITY 88 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 89 * The admin must have the corresponding permission. 90 * @returns { string } the security patch tag of the device. 91 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 92 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 93 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 94 * @throws { BusinessError } 202 - Permission verification failed. A non-system application calls a system API. 95 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 96 * 2. Incorrect parameter types; 3. Parameter verification failed. 97 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 98 * @systemapi 99 * @stagemodelonly 100 * @since 11 101 */ 102 function getSecurityPatchTag(admin: Want): string; 103 104 /** 105 * Gets device encryption status. 106 * This function can be called by a super administrator. 107 * 108 * @permission ohos.permission.ENTERPRISE_MANAGE_SECURITY 109 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 110 * The admin must have the corresponding permission. 111 * @returns { DeviceEncryptionStatus } device encryption status. 112 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 113 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 114 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 115 * @throws { BusinessError } 202 - Permission verification failed. A non-system application calls a system API. 116 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 117 * 2. Incorrect parameter types; 3. Parameter verification failed. 118 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 119 * @systemapi 120 * @stagemodelonly 121 * @since 11 122 */ 123 function getDeviceEncryptionStatus(admin: Want): DeviceEncryptionStatus; 124 125 /** 126 * Gets device security policy of the specific type. 127 * This function can be called by a super administrator. 128 * 129 * @permission ohos.permission.ENTERPRISE_MANAGE_SECURITY 130 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 131 * The admin must have the corresponding permission. 132 * @param { string } item - item indicates the specified security policy that needs to be obtained, including patch and encryption. 133 * patch means the device security patch tag, and encryption means the device encryption status. 134 * @returns { string } security policy of the specific type. 135 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 136 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 137 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 138 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 139 * 2. Incorrect parameter types; 3. Parameter verification failed. 140 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 141 * @stagemodelonly 142 * @since 12 143 */ 144 function getSecurityStatus(admin: Want, item: string): string; 145 146 /** 147 * Install user certificate. 148 * This function can be called by a super administrator. 149 * 150 * @permission ohos.permission.ENTERPRISE_MANAGE_CERTIFICATE 151 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 152 * The admin must have the corresponding permission. 153 * @param { CertBlob } certificate - certificate file content and alias. It cannot be empty or more than 40 characters. 154 * @returns { Promise<string> } the promise carries the uri of the certificate used to uninstall 155 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 156 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 157 * @throws { BusinessError } 9201001 - Failed to manage the certificate. 158 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 159 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 160 * 2. Incorrect parameter types; 3. Parameter verification failed. 161 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 162 * @stagemodelonly 163 * @since 12 164 */ 165 function installUserCertificate(admin: Want, certificate: CertBlob): Promise<string>; 166 167 /** 168 * Uninstall user certificate. 169 * This function can be called by a super administrator. 170 * 171 * @permission ohos.permission.ENTERPRISE_MANAGE_CERTIFICATE 172 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 173 * The admin must have the corresponding permission. 174 * @param { string } certUri - uri of the certificate. It cannot be empty or more than 64 characters. 175 * @returns { Promise<void> } the promise returned by the uninstallUserCertificate. 176 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 177 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 178 * @throws { BusinessError } 9201001 - Failed to manage the certificate. 179 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 180 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 181 * 2. Incorrect parameter types; 3. Parameter verification failed. 182 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 183 * @stagemodelonly 184 * @since 12 185 */ 186 function uninstallUserCertificate(admin: Want, certUri: string): Promise<void>; 187 188 /** 189 * Sets the password policy of the device. 190 * 191 * @permission ohos.permission.ENTERPRISE_MANAGE_SECURITY 192 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 193 * The admin must have the corresponding permission. 194 * @param { PasswordPolicy } policy - password policy to be set. 195 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 196 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 197 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 198 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 199 * 2. Incorrect parameter types; 3. Parameter verification failed. 200 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 201 * @stagemodelonly 202 * @since 12 203 */ 204 function setPasswordPolicy(admin: Want, policy: PasswordPolicy): void; 205 206 /** 207 * Gets the password policy of the device. 208 * 209 * @permission ohos.permission.ENTERPRISE_MANAGE_SECURITY 210 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 211 * The admin must have the corresponding permission. 212 * @returns { PasswordPolicy } policy - the password policy of the device. 213 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 214 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 215 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 216 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 217 * 2. Incorrect parameter types; 3. Parameter verification failed. 218 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 219 * @stagemodelonly 220 * @since 12 221 */ 222 function getPasswordPolicy(admin: Want): PasswordPolicy; 223 224 /** 225 * Password policy. 226 * 227 * @typedef PasswordPolicy 228 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 229 * @stagemodelonly 230 * @since 12 231 */ 232 export interface PasswordPolicy { 233 /** 234 * The regex of complexity 235 * 236 * @type { ?string } 237 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 238 * @stagemodelonly 239 * @since 12 240 */ 241 complexityRegex?: string; 242 243 /** 244 * Period of validity 245 * 246 * @type { ?number } 247 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 248 * @stagemodelonly 249 * @since 12 250 */ 251 validityPeriod?: number; 252 253 /** 254 * Other supplementary description 255 * 256 * @type { ?string } 257 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 258 * @stagemodelonly 259 * @since 12 260 */ 261 additionalDescription?: string; 262 } 263} 264 265export default securityManager;